This detection rule targets suspicious execution patterns of the "mshta.exe" process, which is commonly used for executing HTML Applications (HTAs). The rule specifically identifies command lines that contain file extensions typically associated with polyglot files (e.g., .jpg, .png, .lnk, .xls, .doc, .zip, .dll) alongside vbscript. This can indicate malicious code execution attempts using mshta.exe, often seen in attack scenarios where users are tricked into executing harmful scripts through social engineering or other means. The rule operates by analyzing process creation events on Windows systems and flags instances where mshta.exe is called with such suspicious command line parameters. High false positive rates can be expected in environments that utilize legitimate scripts and administrative tools that access various file types, which may include vbscript scripts or automated tasks utilizing mshta.exe. Users should adjust detection criteria based on their operational context to minimize disruption.