This detection rule identifies suspicious activity related to the loading of the 'sdiageng.dll' library by the 'msdt.exe' executable, which is associated with vulnerabilities CVE-2022-30190 (known as Follina) and the DogWalk exploit. Both vulnerabilities utilize the 'msdt.exe' process, which is generally designed for diagnostics in Windows, as a vector for executing malicious code. The rule leverages both the image name of the executable and the loaded dynamic-link library (DLL) name to ascertain the activity, indicating a high level of concern due to its potential to execute arbitrary code and evade standard detection methods. The rule aims to enhance the security posture against known exploits related to Microsoft's tools that are inadvertently used by attackers.