This detection rule identifies the execution of the Dumpert process dumper, a tool used for dumping memory from the lsass.exe process. The lsass.exe process is a critical component of Windows that is responsible for enforcing security policy and handling authentication. When an attacker uses Dumpert, it typically indicates an attempt to extract credentials from memory, which can lead to further exploitation within the network. The rule specifically looks for hashes associated with Dumpert and detects command line invocations that include 'Dumpert.dll'. This behavior is correlated with credential access tactics as defined in the MITRE ATT&CK framework. As the use of memory dumps can be a precursor to more severe attacks, this rule falls under a critical alert category.