This detection rule targets the potential misuse of the 'AccCheckConsole' tool, a command-line application designed to verify the accessibility of UI implementations in software. The tool includes the ability to accept a user-defined DLL containing custom verification routines. Such functionality poses a risk, as attackers can exploit it to execute malicious DLLs through the CLI, effectively performing DLL injection in the context of the 'AccCheckConsole' process. The rule identifies suspicious activity based on the creation of processes associated with 'AccCheckConsole.exe' and specific command-line arguments indicating the use of the -hwnd, -process, or -window options, which may signal an attempt to execute a malicious routine. To mitigate false positives, the rule acknowledges legitimate uses of the accessibility checker, particularly in authorized testing scenarios.