This detection rule identifies the presence of encoded Base64 MZ headers in command-line arguments within Windows processes. The MZ header is a signature used to indicate that a file is an executable program in the Windows environment. Attackers may disguise malicious executable commands by encoding them in Base64 to evade detection and to obfuscate their activities during execution. The rule is triggered when the command-line arguments for newly created processes include specific encoded strings that match known Base64 MZ headers. Detecting these signatures can help security analysts identify potential malicious activity that aims to execute harmful payloads on Windows systems.