This detection rule identifies the use of the Windows Time service utility (w32tm.exe) with specific command-line arguments that suggest the presence of DCRat malware potentially delaying its payload execution. The rule is based on data sourced from Endpoint Detection and Response (EDR) tools, focusing on analyzing command-line usage patterns indicative of malicious intent. DCRat, a remote access trojan, uses w32tm.exe with the /stripchart argument as a means to postpone malicious activities, including command-and-control (C2) communications and beaconing. This behavior is critical to detect as it represents a tactic for malwares to evade security mechanisms and maintain persistence within compromised systems. If confirmed, w32tm.exe's suspicious activity with the specified parameters may allow attackers to execute further malicious tasks undetected. The detection leverages Sysmon logs and Windows Event Log Security events to correlate and report on these potentially harmful activities.