The rule 'Renamed AutoIt Execution' aims to detect the suspicious execution of renamed AutoIt executables, specifically AutoIt2.exe or AutoIt3.exe, which are notorious for their use in both legitimate automation and malicious activities. AutoIt is a scripting language for Windows that allows users to automate tasks; however, it can also be exploited by attackers to develop malware such as keyloggers and spyware. This detection rule focuses on monitoring process creations where the AutoIt executables are renamed, thereby indicating potential malicious behavior associated with cyber attacks. The detection is achieved through the analysis of command lines that contain specific arguments associated with AutoIt scripts and matching known hashes of malicious AutoIt files. Additionally, the rule checks for the original file names of the executables to further confirm their legitimacy. A crucial filtering mechanism is included to minimize false positives by checking the naming conventions of legitimate AutoIt executables. The detection mechanism categorizes a high-level alert when suspicious AutoIt executions are detected that do not match legitimate naming, thereby enhancing the security posture against potential automations being misused for harmful intentions.