This detection rule identifies unusual instances where the Windows Control Panel (control.exe) is invoked with suspicious command line arguments that may indicate an attempt to execute malicious code. Adversaries might exploit control.exe as it provides a means to execute commands under the guise of a legitimate application, potentially evading detection. The rule is designed to alert on instances where the command line includes unexpected file types or unusual paths often associated with malicious activities, such as file extensions for images and paths targeting common user directories like AppData. The rule has ties to the MITRE ATT&CK framework, specifically referencing techniques related to system binary proxy execution, particularly through the Control Panel. The threat detection process includes detailed analysis steps for investigating occurrences, mitigating false positives, and outlining response and remediation actions to enhance security posture against such threats.