Detects process handle on LSASS process with certain access mask

Detects processes requesting access to LSASS memory via suspicious access masks. This is typical for credentials dumping tools

This method detects mimikatz keywords in different Eventlogs (some of them only appear in older Mimikatz version that are however still used by different threat groups)