Potential SysInternals ProcDump Evasion (79b06761-465f-4f88-9ef2-150e24d3d737)

Detects uses of the SysInternals ProcDump utility in which ProcDump or its output get renamed, or a dump file is moved or copied to a different name

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Potential SysInternals ProcDump Evasion (79b06761-465f-4f88-9ef2-150e24d3d737)	Sigma-Rules	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	1
Potential SysInternals ProcDump Evasion (79b06761-465f-4f88-9ef2-150e24d3d737)	Sigma-Rules	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	1
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	2