This rule detects the execution of the SharPersist hacktool, which is known for deploying various persistence mechanisms on Windows systems. The detection leverages process creation logs, specifically targeting instances where the `SharPersist.exe` executable is run or specific command-line arguments associated with persistence activities are used. The detection capabilities include monitoring the invocation of the tool with several command-line patterns that indicate attempts to create scheduled tasks, registry entries, services, or startup folder entries. Given the potential use of this tool by malicious actors to maintain persistence on compromised systems, the rule has been categorized under a high threat level.