This detection rule identifies attempts to modify the Windows registry through VBScript by leveraging the CreateObject method with 'Wscript.shell' and the RegWrite method. Common Living Off The Land Binaries (LOLBINs) are often utilized for this purpose, allowing threat actors to persistently alter registry entries without directly using conventional tools such as regedit.exe, reg.exe, or PowerShell. This technique is particularly concerning as it enables attackers to evade traditional security monitoring that focuses on standard registry modification methods. The rule aims to capture such attempts within the process creation logs on Windows systems, where the command line contains the specified VBScript keywords. The detection strategy primarily targets command lines indicating malicious registry manipulation activities, helping to enhance defenses against stealthy persistence tactics.