This detection rule identifies potential proxy execution of malicious PowerShell scripts using the legitimate Microsoft signed script 'CL_mutexverifiers'. The rule focuses on the creation of processes where the parent process is either PowerShell or pwsh.exe. It checks if the command line arguments include specific flags indicating minimized execution and directing a file, allowing for the download or execution of unauthorized content. It also monitors the temporary directories where such scripts may be executed from, further highlighting potential malicious intent behind the use of this script. False positives may arise due to legitimate administrative activities. The purpose of this rule is to mitigate threats where attackers use trusted scripts to bypass security measures and execute additional payloads stealthily.