This rule detects when Chromium-based browsers, such as Google Chrome or Microsoft Edge, are launched with the --user-data-dir command-line argument. This command is typically used for setting a custom profile or operating in an isolated environment, which can be used legitimately for testing or multi-user purposes. However, it is also frequently exploited by malware to facilitate stealth operations, credential harvesting, and phishing attacks while evading detection. The detection is based on logs generated from Sysmon, Windows Event Logs, and CrowdStrike, focusing on specific browser processes that are invoked with arguments indicative of malicious behavior. This rule aims to reduce the risk of such anomalies occurring on endpoint devices.