This detection rule identifies suspicious modifications made to service paths using the Windows Service Control (sc.exe) command. Malicious actors may alter service configurations to execute harmful code or gain unauthorized control over the system via persistence mechanisms. The rule is designed to capture a specific set of command line arguments passed to the service control binary that can indicate such malicious activity. It looks for the usage of 'sc.exe' followed by commands related to modifying service configurations, particularly focusing on 'config' and 'binPath'. Additionally, it checks for the presence of known Windows command-line tools (like PowerShell, cmd.exe, etc.) and common directories used by attackers (like Downloads, Desktop, and TEMP directories). By monitoring these parameters, the rule raises alerts for potential privilege escalation or persistence tactics employed by attackers.