This rule aims to detect potential credential dumping activities by identifying LSASS (Local Security Authority Subsystem Service) process dump files located in the 'CrashDumps' folder of a Windows system. The presence of such dump files can indicate attempts to exploit vulnerabilities in the LSASS process, which stores sensitive information, including user credentials. A known technique called 'LSASS Shtinkering' abuses Windows Error Reporting to facilitate the dumping of process memory, allowing attackers to capture credentials. This detection rule specifically looks for dump files that start with 'lsass.exe.' and are located in the path 'C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\', with a file extension of '.dmp'. Alerts triggered by this rule warrant investigation due to the high potential for credential theft.