Remote Access Tool - Potential MeshAgent Execution - Windows (2fbbe9ff-0afc-470b-bdc0-592198339968)
Detects potential execution of MeshAgent which is a tool used for remote access. Historical data shows that threat actors rename MeshAgent binary to evade detection. Matching command lines with the '--meshServiceName' argument can indicate that the MeshAgent is being used for remote access.