This rule identifies suspicious execution patterns associated with the execution of potentially harmful commands that adopt social engineering techniques to manipulate users into executing malicious commands via clipboard functionality. The rule focuses on instances where users might be coerced—through deceptive prompts such as fake CAPTCHA verifications or urgent alerts—into pasting commands from their clipboard into the Windows Run dialog or the File Explorer address bar. Attackers generally utilize scripts like mshta.exe and powershell.exe to execute their malicious payloads, taking advantage of these opportunities. The detection logic is characterized by analyzing process creation events in Windows, specifically looking for child processes of explorer.exe that contain particular keywords or symbols in their command line, indicative of clipboard manipulation scenarios. The rule is in the experimental phase and aims to bolster defenses against social engineering tactics that exploit the clipboard functionality as a vector for executing attacks.