This detection rule targets potential misuse of the Windows utility `certutil.exe` for encoding files to Base64 format. Specifically, it monitors for instances where `certutil` is executed with the `-encode` flag, particularly focusing on suspicious file extensions that could indicate malicious intent. By analyzing the command line arguments and the image path of the executing process, the rule seeks to catch unauthorized activities that could be masking the transfer of harmful payloads or data. If a file with a known suspicious extension (like `.bat`, `.pdf`, `.mp3`, etc.) is encoded, it raises an alert indicating a possible security threat. The rule employs a high confidence level due to the clear indicators of potentially malicious operations involving this common administration tool, which can also be leveraged by threat actors for obfuscation purposes.