This detection rule identifies potentially malicious use of the diantz.exe utility, particularly when it is utilized to compress files into a Cabinet (.cab) format and store them within an Alternate Data Stream (ADS) of a target file. The presence of a diantz.exe command line that includes both a .cab file and the notation for an ADS (':') suggests an attempt at evasion techniques commonly associated with malicious actors. Since ADS can hide the contents from standard file browsing methods, utilizing diantz.exe for this purpose could indicate a deliberate attempt to evade detection or to conceal data within the file system. Monitoring such behavior is critical as it can be linked to broader tactics of persistence and concealment in a Windows environment.