This detection rule identifies the execution of the CreateMiniDump tool, which is commonly utilized to dump the memory of the LSASS (Local Security Authority Subsystem Service) process. The rule is specifically designed to alert when the CreateMiniDump executable is run, as this technique is often associated with credential extraction attacks. The detection is implemented through monitoring process creation events in Windows systems, looking for instances where the executable `CreateMiniDump.exe` is initiated. Additionally, it checks for specific file hashes that signify the known malicious variant of this tool. Successful execution of this rule indicates a potential credential dumping attempt, which could facilitate unauthorized access to sensitive user credentials.