This detection rule identifies potential DLL sideloading attacks using the "CCleanerDU.dll" file. The rule specifically looks for instances where this DLL is loaded into memory in the context of executable files located within the CCleaner installation paths. Sideloading is a technique that attackers exploit to execute malicious code by loading a DLL from an unexpected location. In this case, the rule triggers an alert if the CCleanerDU.dll file is found loaded but is not originating from the expected legitimate CCleaner executable paths. This rule was developed by Nextron Systems and is categorized under several attack techniques, including defense evasion, persistence, and privilege escalation. The risk is rated as medium, and due to possible false positives from other installations of CCleaner, it is recommended to apply additional filtering to reduce noise in alerts.