This detection rule identifies instances where the BOINC client binary has been executed under a different name than its original filename (BOINC.exe). The rule focuses on capturing process creation events in the Windows operating system environment where the executable is potentially obfuscated through renaming. The condition checks for processes that match the original filename while also filtering out instances where the legitimate image path matches the expected format. If a renamed BOINC executable is detected, it may indicate a possible attempt to evade security measures, as attackers may rename known binaries to avoid detection by traditional security solutions. This rule is deemed medium severity but should be used with caution due to potential false positives, particularly in environments utilizing BOINC for distributed computing tasks. It is essential to validate alerts against known and legitimate use cases of BOINC usage before taking remediation actions.