This detection rule targets the behavior associated with the misuse of the `findstr` command to execute `.lnk` (Windows shortcut) files, particularly in the context of the HHS redirect attack. The rule scrutinizes process creation events within the Windows operating system, specifically looking for instances where `findstr.exe` or `find.exe` is utilized to invoke a `.lnk` file. As part of the detection logic, it defines selections based on the original filename of the executed process and the command line used to launch the command. The occurrence of `findstr` coupled with a command line pointing to a `.lnk` file indicates potential malicious behavior, which is consistent with executing shortcuts pointing to phishing or malware-hosting locations. The rule is currently in the testing phase and aims to mitigate risks associated with defense evasion techniques utilized by attackers to execute malicious scripts through shortcuts, highlighting the necessity of monitoring such activities in a security-centric environment.