A process executed a command
line that searches for files that store passwords. This is suspicious,
as attackers often search for passwords in order to gain access
to privileged accounts, and the same command line was seen on only
a handful of endpoints in the last 14 days, if at all.
Gain user-account credentials.
Check whether the
executing process is benign, and if this was a desired behavior
as part of its normal execution flow.