This detection rule targets the execution of WinPEAS, a script utilized for privilege escalation checks on Windows systems. It operates by identifying specific executable files associated with WinPEAS and analyzing command-line arguments that trigger its execution. Notably, the detection criteria include the presence of certain filenames such as 'winPEAS.exe' and its variations (e.g., 'winPEASx64.exe', 'winPEASx86.exe'), as well as specific command-line options commonly used in privilege escalation testing scenarios, like 'applicationsinfo' and 'servicesinfo'. Moreover, the script downloads from GitHub's latest releases, presenting another vector for detection. If any of the defined conditions match during process creation events, this rule flags a potential execution of the WinPEAS tool, indicating potential malicious intent relating to privilege escalation attempts.