This detection rule identifies the obfuscated usage of the Windows clipboard executable (Clip.exe) as a means to execute PowerShell code. Attackers may leverage obfuscation techniques to bypass security measures and execute malicious commands using PowerShell, often utilizing shortcuts to hide their tracks. The rule examines command lines that involve Clip.exe in conjunction with clipboard manipulation, particularly looking for patterns that suggest malicious intent. Specifically, it recognizes command strings likely to initiated via PowerShell, and highlights instances where commands may connect to executing clipboard-related payloads. By monitoring for these obfuscated command executions, this rule aims to enhance the detection of sophisticated tactics employed for defense evasion and execution of malicious scripts.