This rule has been deprecated and superseded by another analytic rule. The original purpose of this detection was to identify the usage of `reg.exe` or `cmd.exe` to export registry keys that contain hashed credentials by monitoring command line execution patterns on Windows environments. The analytic specifically targeted operations on several critical registry paths associated with user credential storage, indicating potential credential dumping activities. If such actions are found and confirmed to be malicious, they pose a significant risk, enabling attackers to gain unauthorized access and facilitating further compromise within an organization's network.