This detection rule identifies potential DLL sideloading attacks involving the Microsoft Office application suite by monitoring the loading of 'outllib.dll' from non-standard directories. Sideloading occurs when an attacker places a malicious DLL file in the same location where a legitimate application expects to find DLLs, leading to the execution of the malicious code when the application runs. The rule specifies that the detection condition will trigger when 'outllib.dll' is loaded from any path that does not conform to the standard installation directories for Microsoft Office. The included paths for filtering are those typical for Office installations on Windows systems. If 'outllib.dll' is loaded from any location not matching the defined standard paths, an alert will be generated due to a high level of suspicion that this may be part of an attack aimed at evasion, persistence, or privilege escalation. False positives are considered unlikely due to the specificity of the conditions.