This detection rule targets instances of the renamed execution of the ``dctask64.exe`` executable, a legitimate binary provided by ZOHO Corporation as part of their ManageEngine Endpoint Central tool. The rule aims to identify malicious behavior associated with this executable when it is repurposed for nefarious activities such as DLL injection and unauthorized command execution. The rule operates on process creation logs in a Windows environment, specifically looking for variations of the original executable name, tracking specific IMPHASH values that correlate to potentially malicious instances. The focus on renamed binaries indicates an effort to bypass traditional security mechanisms that may safeguard recognized software, thus emphasizing the need for vigilant monitoring of potentially altered file names and their execution contexts. The rule reflects a high level of concern regarding its potential to indicate an attack or compromise. The inclusion of specific IMPHASH values allows security analysts to determine the signature of potentially harmful executions and provides crucial insights into the ongoing protection against exploitations of legitimate software.