Product
This rule detects potential DLL side-loading attempts by identifying trusted Microsoft programs (WinWord.exe, EXPLORER.EXE, w3wp.exe, DISM.EXE) running from non-standard paths or after being renamed to evade defenses.