The detection rule aims to identify the malicious use of the `mpiexec.exe` utility, a legitimate command line tool from the High-Performance Computing (HPC) pack, which can be exploited as a LOLBIN (Living Off the Land Binary) to run arbitrary code. Specifically, it targets the command line combinations that include flags `/n 1` or `-n 1`, indicative of potential misuse in the execution context. The rule looks for process creation events in Windows where the binary invoked is `mpiexec.exe` and checks for a specific hash to validate the integrity and origin of the executable. The collected data will hinge on detecting this specific command line usage, facilitating the monitoring of potentially nefarious activities leveraging trusted binaries.