This detection rule identifies the execution of the Time Travel Debugging Utility, specifically through the use of the `tttracer.exe` executable, which can be exploited by adversaries to execute malicious processes and interact with sensitive system components, such as `lsass.exe`. The rule operates by monitoring process creation events in a Windows environment. It is designed to flag instances where any process has `tttracer.exe` as its parent image, signifying a potential attack vector used in credential access and defense evasion techniques. The detection is particularly focused on monitoring for unauthorized usage, as legitimate developers and testers may also utilize this tool. A high severity level indicates that this activity warrants immediate investigation to determine if it is part of a malicious campaign or benign use cases associated with software development activities.