sigma Develop Sigma rules for Atomic Red Team test (Windows)

Please comment the issue with a task number that you are going to work out so the others will not intersect with you.

Task #	ATT&CK Technique name/link	ART test link	Comment
1	T1531: Account Access Removal	link
2	T1048.003: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	link
3	T1546.002: Screensaver	link
4	T1056.001: Keylogging	link
5	T1552.004: Private Keys	link
6	T1070.005: Network Share Connection Removal	link
7	T1074.001: Local Data Staging	link
8	T1095: Non-Application Layer Protocol	link
9	T1114.001: Local Email Collection	link
10	T1115: Clipboard Data	link
11	T1119: Automated Collection	link
12	T1553.004: Install Root Certificate	link
13	T1176: Browser Extensions	link
14	T1216: Signed Script Proxy Execution	link
15	T1216.001: PubPrn	link
16	T1217: Browser Bookmark Discovery	link
17	T1518: Software Discovery	link
18	T1518.001: Security Software Discovery	link
19	T1010: Application Window Discovery	link	this task could take a huge amount of time to solve
20	T1055.004: Asynchronous Procedure Call	link	this task could take a huge amount of time to solve
21	T1056.004: Credential API Hooking	link	this task could take a huge amount of time to solve
22	T1134.004: Parent PID Spoofing	link	this task could take a huge amount of time to solve
23	T1555.003: Credentials from Web Browsers	link	this task could take a huge amount of time to solve
24	T1556.002: Password Filter DLL	link	this task could take a huge amount of time to solve
25	T1559.002: Dynamic Data Exchange	link	this task could take a huge amount of time to solve
26	T1574.009: Path Interception by Unquoted Path	link	this task could take a huge amount of time to solve