This detection rule aims to identify potentially malicious files created in the temporary directories utilized by Microsoft Outlook. Such files often have suspicious extensions that are commonly associated with malware, including .cpl, .hta, .iso, .rdp, .svg, .vba, .vbe, and .vbs. The rule is crucial for detecting spear-phishing attacks that attempt to exploit users by using these file types as attachments. The detection mechanism examines filename criteria to determine if any newly created files in specific Outlook temporary directories match these suspicious extensions. It serves as an essential layer of protection against spear-phishing tactics that leverage malicious files to compromise users' systems.