(02)異常管理 » 02_資安事件及異常紀錄

Description
A suspicious process read lsass memory. Adversaries often use this to steal credentials. If credentials were dumped, change your passwords and review the process tree.

Command line
"C:\Program Files\Cybereason ActiveProbe\minionhost.exe" -p 4916 -rc a568ecb5-1d1f-44df-93c4-f6a5ffbc99b1 -t 384