Product
This rule detects the creation and execution of executable files by Microsoft Office applications, which is often associated with malicious documents containing scripts or exploitation of Microsoft Office vulnerabilities, leading to the execution of arbitrary code.