This rule aims to detect potential DLL sideloading of the Windows dynamic link library 'dbghelp.dll'. DLL sideloading is a technique used by attackers to exploit the way Windows loads dynamic libraries by placing a malicious DLL in a location where a legitimate application is expected to load its library. The detection focuses on instances where 'dbghelp.dll' is loaded, especially from non-standard paths, which could indicate a malicious attempt to sideload this library. The rule employs selection criteria that look for instances where an image ends with 'dbghelp.dll' and is not loaded from predefined trusted directories such as 'C:\Program Files', 'C:\Windows\', or other system folders. The filtering conditions are tailored to ignore known legitimate loads from common applications such as Anaconda and Epic Games, helping to reduce false positives while still capturing potentially malicious activity.