Potential Process Hollowing Activity (c4b890e5-8d8c-4496-8c66-c805753817cd)

Detects when a memory process image does not match the disk image, indicative of process hollowing.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Potential Process Hollowing Activity (c4b890e5-8d8c-4496-8c66-c805753817cd)	Sigma-Rules	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	2