Bypass UAC via Fodhelper.exe (7f741dcf-fc22-4759-87b4-9ae8376676a2)

Identifies use of Fodhelper.exe to bypass User Account Control. Adversaries use this technique to execute privileged processes.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Bypass UAC via Fodhelper.exe (7f741dcf-fc22-4759-87b4-9ae8376676a2)	Sigma-Rules	1
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	2