This detection rule identifies the execution of System Informer, a task manager utility that allows users to monitor and manage processes, as well as perform various low-level operations on a Windows system. The detection is based on several criteria, including the filename and certain metadata associated with the executable. Specifically, it looks for the process creation of 'SystemInformer.exe' by examining attributes such as the file's original name, description, product tag, and cryptographic hashes (MD5, SHA1, SHA256, and IMPHASH). The rule helps in identifying potential misuse of this tool, often associated with persistence mechanisms, privilege escalation attempts, or discovery activities within the system. Due to the legitimate use of System Informer by system administrators or developers, it is essential to consider the context in which the rule triggers, and apply additional filters to minimize false positives.