This detection rule identifies potentially malicious use of the Clip.exe utility within PowerShell scripts by searching for specific script block text that indicates obfuscation techniques. The rule triggers when it detects the execution of Clip.exe combined with PowerShell commands accessing the clipboard. To ensure optimal functionality, Script Block Logging must be enabled in the Windows environment. This method may be used by attackers to exfiltrate data, thereby constituting a defense evasion technique. The rule is aimed at monitoring Windows environments as part of the mitigation strategy against PowerShell-based threats.