This analytic rule detects the loading of the dynwrapx.dll module, associated with the DynamicWrapperX ActiveX component, by leveraging Sysmon EventCode 7. The detection is essential as DynamicWrapperX allows calling Windows API functions from scripts, which could be exploited for malicious actions. If this activity is confirmed to be malicious, it may indicate that an attacker is attempting to execute arbitrary code, escalate their privileges, or maintain persistence on the affected system. As such, it is imperative for security teams to investigate further, particularly checking parallel processes and any related registry modifications that could signify an ongoing compromise.