This detection rule monitors for the use of the 'diantz.exe' command-line utility that is specific to downloading and compressing files into a CAB format on Windows machines. The rule is designed to identify suspicious behavior linked to unauthorized file downloads which may be indicative of command and control activities or data exfiltration attempts. The relevant command line is checked for components that include 'diantz.exe', the presence of UNC paths (\\\\) suggesting a remote file access, and the '.cab' file extension, which indicates the file is being compressed into a CAB archive. The rule has been structured to trigger alerts for any process creation that matches these malicious indicators, helping security teams to respond to potential threats in a timely manner.