This analysis documents a newly observed ClickFix variant that abuses native Windows utilities, specifically cmdkey and regsvr32, for payload delivery. Victims are socially engineered through fake CAPTCHA pages to execute a malicious command via the Windows Run dialog. The single command chains multiple actions: staging credentials using cmdkey, retrieving a remote DLL via regsvr32 from a UNC path, and executing it silently. The 64-bit DLL establishes persistence through a scheduled task pulled from a remote XML file hosted on attacker infrastructure. This approach avoids traditional malware drops and leverages exclusively trusted Windows components for high stealth. The variant demonstrates continued evolution of ClickFix techniques, moving beyond PowerShell to use command chaining with legitimate system tools.