This detection rule identifies potentially malicious activities that leverage the `schtasks` command to create scheduled tasks that execute payloads sourced from the Windows Registry using PowerShell. The rule specifically examines for the commands that include the creation of a scheduled task (`/Create`) and checks for specific command line patterns that reference item properties from the registry, indicating an attempt to load execution commands dynamically from registry values. It also includes filters to ignore base64 encoded commands that may obscure direct execution paths. By targeting the specific properties and attributes related to `schtasks.exe`, the detection aims to flag unauthorized or unexpected scheduled tasks that could be indicative of persistence techniques used in attacks.