This detection rule has been deprecated and is designed to identify the loading of the mshtml.dll module within various Microsoft Office applications. The specific target is the exploitation of CVE-2021-40444, a significant vulnerability that allows attackers to execute arbitrary code through maliciously crafted documents. The rule relies on Sysmon Event ID 7 to monitor image loads associated with specific Office processes such as Word, Excel, PowerPoint, and others. Confirmed malicious activity can lead to system compromise, unauthorized data access, and further intrusions into the network. The rule works by capturing specific events where the mshtml.dll module is loaded and cross-referencing that data with known Office application processes. As the rule has been deprecated, users are advised to seek updated versions or alternative approaches for detecting such exploits.