This detection rule identifies possible persistence mechanisms through changes made to the 'TypedPaths' registry key using command line operations on Windows systems. The 'TypedPaths' key is located under 'Software\Microsoft\Windows\CurrentVersion\Explorer' in the Windows Registry and typically stores user input history from the Run dialog and File Explorer's address bar. Persistent modifications to this key via the command line can indicate that an attacker is attempting to establish a foothold within the system or to ensure their persistence by manipulating user behavior or settings. This rule triggers on any command line input that references the location of the 'TypedPaths' key, which may suggest unauthorized alterations for persistence purposes. The associated log source is process creation events on Windows, providing visibility into potential suspicious command line use.