fix: small fixes

- Added modified date
- Updated DLL sideload version

rules/windows/file/file_event/file_event_win_wermgr_local_privilege_escalation.yml

@@ -7,6 +7,7 @@ references:
     - https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/dir_create2system.txt
 author: Nasreddine Bencherchali, Subhash P (@pbssubhash)
 date: 2022/12/16
+modified: 2022/12/19
 tags:
     - attack.defense_evasion
     - attack.persistence
@@ -16,7 +17,7 @@ logsource:
     product: windows
 detection:
     selection:
-        TargetFilename|startswith: 
+        TargetFilename|startswith:
             - 'C:\Windows\System32\logonUI.exe.local'
             - 'C:\Windows\System32\werFault.exe.local'
             - 'C:\Windows\System32\consent.exe.local'

rules/windows/image_load/image_load_side_load_wermgr_comctl32.yml

@@ -4,8 +4,10 @@ status: experimental
 description: Detects potential DLL sideloading using comctl32.dll via "wermgr.exe" to obtain system privileges
 references:
     - https://github.com/binderlabs/DirCreate2System
-author: Nasreddine Bencherchali
+    - https://github.com/sailay1996/awesome_windows_logical_bugs/blob/master/dir_create2system.txt
+author: Nasreddine Bencherchali, Subhash Popuri (@pbssubhash)
 date: 2022/12/16
+modified: 2022/12/19
 tags:
     - attack.defense_evasion
     - attack.persistence
@@ -17,7 +19,12 @@ logsource:
     product: windows
 detection:
     selection:
-        ImageLoaded|startswith: 'C:\windows\system32\wermgr.exe.local\'
+        ImageLoaded|startswith:
+            - 'C:\Windows\System32\logonUI.exe.local\'
+            - 'C:\Windows\System32\werFault.exe.local\'
+            - 'C:\Windows\System32\consent.exe.local\'
+            - 'C:\Windows\System32\narrator.exe.local\'
+            - 'C:\windows\system32\wermgr.exe.local\'
         ImageLoaded|endswith: '\comctl32.dll'
     condition: selection
 falsepositives: