This detection rule identifies when generic credentials are added using the `cmdkey.exe` command-line utility on Windows. The presence of new credentials indicates potential unauthorized access attempts or misuses of legitimate administrative tools. Malicious actors often employ the `cmdkey.exe` utility to store credentials for Remote Desktop Protocol (RDP) sessions, making tracking its usage important for threat detection. By monitoring process creation events where `cmdkey.exe` is invoked, security teams can respond promptly to suspicious activities that may compromise system integrity or data security. False positives may arise from legitimate administrative operations, hence careful validation is recommended before taking action. The detection analyzes the command-line parameters passed to `cmdkey.exe`, looking for specific flags such as -g (generic credential), -u (username), and -p (password).