This detection rule identifies potential malicious activity relating to the execution of Microsoft Management Console (MMC) files with a `.msc` extension from untrusted paths. Adversaries may exploit this feature of Windows to gain unauthorized access by executing malicious scripts disguised as normal administrative tasks. Specifically, the rule uses Elastic Query Language (EQL) to flag instances where the `mmc.exe` executable is invoked with arguments that match the pattern of `.msc` files but originate from unexpected directories that are not part of the standard locations. The detection is supported by a range of data sources including Windows logs from various security platforms, ensuring comprehensive coverage and higher accuracy in detecting actual threats.