This detection rule is designed to identify potentially malicious executions of the `rundll32.exe` process in a Windows environment where the executable is launched without any command line parameters. The rule is particularly focused on instances indicative of Cobalt Strike beacon activity, which often utilizes this method for evasion. The logic of the rule specifies that an execution of `rundll32.exe` must have no additional parameters, avoiding typical usage scenarios which usually involve specifying DLLs or functions to be executed. Furthermore, the rule filters out benign cases by excluding cases where the parent process is known to be from certain directories, like `AppData\Local` or `Microsoft\Edge`, thus reducing the likelihood of false positives. This is accomplished by combining selection criteria and filtering conditions that are characteristic of this type of attack vector.