This detection rule targets suspicious file executions that utilize misleading double extensions, where the primary file type is non-executable (such as .pdf, .doc, .xls) followed by the .exe extension. These patterns are commonly associated with spear phishing attacks where the intention is to deceive users into executing what appears to be benign documents but are in fact malicious executables. The rule identifies two main criteria: (1) filenames that end with non-standard extensions followed by '.exe' and (2) command lines that contain similar misleading extensions. False positives may occur, as this detection relies on specific file naming conventions that may not always indicate malicious activity. It is crucial for organizations to monitor and assess alerts generated by this rule to enhance their defenses against initial access attacks, particularly those exploiting social engineering tactics.