This detection rule aims to identify the loading of the 'Amsi.dll' (Antimalware Scan Interface) by processes that are classified as living off the land (LOLBINs). The rule specifically looks for instances where the 'Amsi.dll' is loaded by certain Windows binaries such as 'ExtExport.exe', 'odbcconf.exe', 'regsvr32.exe', and 'rundll32.exe'. The use of these legitimate tools to call 'Amsi.dll' may indicate an attempt to conduct a 'PowerShell without PowerShell' attack, a method employed by threat actors to execute malicious scripts while evading detection. By triggering on this specific usage pattern, the detection rule serves to alert security personnel to potential evasive actions taken by an attacker, utilizing built-in Windows processes to perform their activities while bypassing standard security protocols.