This analytic rule detects the execution of suspicious command-line arguments commonly associated with Conti ransomware activities. The detection logic is tailored to identify command-line executions that target local drives and network shares with parameters indicative of potential ransomware behavior. By leveraging logs from Endpoint Detection and Response (EDR) agents, particularly those related to process execution, the rule aims to flag activities which may signify an impending ransomware attack. The significance of the detection lies in its ability to preemptively identify actions that lead to widespread data encryption and operational disruption. If the rule triggers, it indicates a likely ransomware event, and rapid response is advised given the potential consequences, including data loss, system downtime, and ransom demands.