This rule identifies the presence of LNK files that embed executable content, specifically targeting delivery methods utilized by the Emotet malware. Emotet is known for embedding VBScript within LNK files, allowing for the execution of malicious code upon launching the shortcut. The detection logic employs multiple conditions: it checks for the presence of attachments with a '.lnk' file extension and further inspects the metadata of these files using ExifTool. The rule contains checks for a zero-byte 'TargetFileSize' indicating that the LNK file may be pointing to non-existing content, alongside examining 'CommandLineArguments' for suspicious terms such as 'findstr' and PowerShell commands indicating malicious activity. This technique exemplifies how malware can use seemingly innocuous files as vectors to deliver payloads, underscoring the necessity for advanced content analysis to preemptively identify threats.