This detection rule identifies potentially malicious behavior related to the loading of assemblies via reflection in .NET applications. Specifically, it looks for command line inputs containing suspicious base64 encoded strings that utilize the 'LOAD' keyword. These types of obfuscated commands can be indicative of techniques used by attackers to evade detection and execute payloads. The rule targets Windows process creation events, monitoring the CommandLine field for specific encoded patterns. The behavior outlined in this rule relates to prevalent attack techniques such as execution and defense evasion, often associated with malware that uses reflection to load assemblies dynamically. The rule is positioned as a high priority due to the associated risks of such encoded loads in a potentially compromised environment.