This detection rule identifies the use of the Microsoft Windows Resource Leak Diagnostic tool, `rdrleakdiag.exe`, which is known for its potential malicious use in dumping process memory. The rule is triggered based on specific characteristics related to the execution of `rdrleakdiag.exe`, either by checking the file name or the command line arguments used during its execution. Malicious actors may exploit this tool to extract sensitive information from memory, making its detection critical in preventing credential access and maintaining security integrity. The detection logic comprises a combination of filename checks and command line argument scrutiny to ensure comprehensive coverage of malicious activities associated with this tool. It is particularly relevant in the context of credential extraction techniques as outlined in various references linked to this rule. It operates under a high alert level due to its implications in security breaches.