This detection rule identifies potential unauthorized access to browser user data profiles by non-standard browser processes in a Windows environment. By analyzing Windows Event Log Security events with EventCode 4663, it highlights instances where a process, typically classified as benign, accesses critical paths associated with browser user data. The rule employs a lookup file named `browser_app_list`, which delineates recognized browser applications and their permissible paths. Instances where the accessing process does not match allowed browser identifiers are flagged as suspicious. This methodology aims to uncover behaviors associated with malware such as SnakeKeylogger, known for stealing browser credentials, thereby enhancing endpoint security monitoring.