This detection rule identifies the execution of the Windows command-line utility `dsquery.exe`, which is commonly used for querying Active Directory. The specific focus of this rule is on the discovery of trust relationships between domains. When a user or process executes `dsquery.exe` with parameters related to trusted domains, it may indicate an attempt to gather information about the Active Directory environment, which can be leveraged during a potential attack or reconnaissance phase. This rule captures command-line executions where `dsquery.exe` is invoked, particularly looking for strings that indicate the search for trusted domains in the environment. The rule aims to alert security teams of potentially malicious activities that warrant further investigation.