This detection rule identifies potential DLL sideloading attempts involving the "EACore.dll" file, which is associated with EA Desktop applications. It specifically looks for instances where the EACore.dll is loaded, but the process attempting to load it is not running from a legitimate EA installation directory. The rule targets scenarios that may involve an attacker trying to load a malicious version of EACore.dll to gain unauthorized access or escalate privileges within the system. Sideloading DLLs has become a common technique in cyber attacks, as it allows malicious code to run under the context of trusted applications, thus bypassing traditional security measures. The detection logic is set to trigger when the EACore.dll is loaded, provided that the loading image is not from a specified legitimate path, thus highlighting possible tampering or sideloading exploits. This rule is particularly significant for security measures in enterprise environments where EA software is utilized, ensuring vigilance against DLL hijacking techniques.