Sdclt Child Processes (da2738f2-fadb-4394-afa7-0a0674885afa)

A General detection for sdclt spawning new processes. This could be an indicator of sdclt being used for bypass UAC techniques.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Sdclt Child Processes (da2738f2-fadb-4394-afa7-0a0674885afa)	Sigma-Rules	1
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	2