This detection rule identifies the creation of a malicious DLL file named 'iphlpapi.dll' within the local Microsoft application data path, specifically targeting Windows based Teams or OneDrive applications. When the Teams or OneDrive applications are executed, this dropped DLL file is sideloaded, allowing attackers to gain unauthorized access or escalate their privileges without raising alarms. The detection leverages file event logs to monitor for instances of this specific DLL being created in the relevant directory, which is indicative of potential malicious activity related to DLL sideloading techniques commonly exploited in targeted attacks.