ClickFix Initial Access: LOLBINs Spawned from Web Browser

Detects the ClickFix pattern where popular browsers spawn script interpreters or LOLBIN binaries with suspicious arguments. An active initial access technique used by the LeakNet ransomware group: the user pastes malicious clipboard commands believing they are following legitimate support or CAPTCHA instructions.