This analytic rule aims to detect unauthorized access to the Google Chrome 'Local State' file by non-Chrome processes on Windows systems. The 'Local State' file contains sensitive information, including an encrypted master key utilized to decrypt saved passwords within Chrome. By monitoring Windows Security Event log (specifically event code 4663), the rule identifies access attempts by processes that should not be interacting with this critical file. If an anomaly is detected, it poses a significant security risk since attackers could exploit this access to steal credentials. The implementation requires enabling object access auditing within Group Policy to ensure proper logging of relevant events. It is crucial for security operations teams to monitor this activity to prevent potential credential theft and unauthorized access to sensitive user data.