This detection rule identifies the loading of unsigned Dbghelp or Dbgcore DLL files by suspicious processes. These DLLs are often utilized for creating memory dumps, which can be exploited by malicious software attempting to harvest sensitive information from processes such as Lsass.exe, a vital target for credential dumping. Notably, the rule is triggered by the use of the MiniDumpWriteDump API found within these libraries, which processes like the SilentTrynity C2 Framework leverage to extract credentials and exfiltrate data across the network. Because many legitimate tools also use these DLLs, the rule may result in false positives, thus requiring further context when detecting alerts.