Product
Detection of the renaming of microsoft.workflow.compiler.exe, a technique used by attackers to evade security controls and potentially execute arbitrary code for privilege escalation or persistence.