This detection rule identifies potentially malicious PDF attachments that have been generated by HeadlessChrome with certain suspicious characteristics. It specifically targets PDF files with one of two patterns: (1) those whose titles match an MD5 hash format (32 hexadecimal characters ending in .html), and (2) those that have a blank title (`about:blank`) while being produced by a Windows environment as indicated by the `Skia/PDF` producer string. Furthermore, the rule excludes any files produced by Google Docs to reduce false positives. The rule is carefully constructed to analyze attachments with specific criteria and should primarily be triggered by inbound email threats. Additionally, it checks that the sending domain is not from a list of trusted domains when evaluating the attachment. The detection methods employed include file and EXIF analysis, focusing on identifying emulated or fake documents used in credential phishing attacks or deployment of malware and ransomware.