This detection rule identifies attempts to harvest Wi-Fi credentials using the Windows command-line utility 'netsh.exe'. The technique involves monitoring the execution of 'netsh.exe' along with specific command-line parameters that indicate the intention to retrieve stored Wi-Fi usernames and passwords. The rule checks for the invocation of 'netsh.exe' with command-line arguments containing keywords such as 'wlan', 's', 'p', 'k', and '=clear'. By analyzing process creation events, this rule aims to detect potentially malicious activity associated with the unauthorized access of sensitive Wi-Fi information.