The "PUA - Process Hacker Execution" detection rule aims to identify the execution of Process Hacker, a legitimate but potentially malicious tool that can be abused by threat actors to manipulate system processes. This rule uses binary metadata attributes to trigger alerts, focusing on specific patterns and hashes associated with the Process Hacker executable. Given that older versions of Process Hacker have vulnerabilities that can be exploited, monitoring its execution is crucial for maintaining endpoint security. The rule includes various selection criteria such as file names, descriptions, and hash values, making it robust against evasion techniques employed by adversaries. The collected alerts should be treated cautiously, as Process Hacker can also be legitimately used by system administrators, necessitating case-by-case investigations for false positives.