This detection rule focuses on identifying potential malicious activity related to network connections initiated by the Equation Editor executable, `eqnedt32.exe`. The rule is configured to trigger on any network connection where the process image ends with ` eqnedt32.exe`. Given the documented use of this executable in various attack vectors, including malware distribution and exploitation techniques, the detection aims to provide visibility into atypical behaviors associated with this process. The execution of network connections by system utilities such as `eqnedt32.exe` could indicate an exploitation attempt, particularly if the connections are outbound to suspicious endpoints. The rule is considered high severity due to the potential implications of malicious actions taken from this process.