This detection rule aims to identify potential DLL sideloading activities involving 'mscorsvc.dll', which is a critical DLL associated with the Microsoft .NET Framework. DLL sideloading is an evasion technique where an attacker takes advantage of applications loading a malicious DLL instead of the legitimate one. The detection mechanism focuses on the 'ImageLoaded' events, monitoring for instances where the application loads 'mscorsvc.dll', specifically checking if the image loaded ends with this DLL name. Additionally, it applies filters to ensure that the source paths of the DLL match typical locations associated with the .NET Framework and Windows side-by-side assemblies. The rule is designed to minimize false positives by excluding legitimate application behaviors, making it essential for threat detection in environments reliant on .NET applications.