This rule detects the potential hijacking of the "iertutil.dll" library associated with the DCOM InternetExplorer.Application Class. It monitors the loading of the Internet Explorer executable (iexplore.exe) and checks if the corresponding DLL (iertutil.dll) is loaded, indicating a possible manipulation or exploitation attempt through DLL hijack. The detection focuses on the image load events in Windows environments where the Internet Explorer application is in use, making it critical for identifying lateral movement within a network that could lead to broader compromises. The rule applies to scenarios where attackers aim to leverage existing system functionalities, in this case, Internet Explorer, to execute malicious code under the guise of legitimate processes. Properly configuring event monitoring for such DLL hijacks is essential to mitigate risks associated with code execution vulnerabilities in widespread applications like Internet Explorer.