diff --git a/rules/windows/process_creation/win_hack_bloodhound.yml b/rules/windows/process_creation/win_hack_bloodhound.yml
index c966ef4ad..743cc2a06 100644
--- a/rules/windows/process_creation/win_hack_bloodhound.yml
+++ b/rules/windows/process_creation/win_hack_bloodhound.yml
@@ -19,6 +19,7 @@ detection:
     selection2:
         CommandLine|contains: 
             - ' -CollectionMethod All '
+            - '.exe -c All -d '
             - 'Invoke-Bloodhound'
             - 'Get-BloodHoundData'
     selection3: