This analytic rule detects instances of odbcconf.exe being executed with a response file that may specify commands for loading dynamic-link libraries (DLLs), such as those executed via REGSVR. The execution of this binary with such arguments can potentially signify malicious activities, including arbitrary code execution, privilege escalation, or establishing persistence within the network environment. The detection leverages telemetry data from Endpoint Detection and Response (EDR) agents, which monitor process actions on endpoints, focusing specifically on the process name, command-line parameters, and the context of process execution. Implementing this analytic requires properly configured EDR agents capable of collecting and reporting comprehensive logging of process executions to Splunk, ensuring that these logs are aligned with the Endpoint data model within the Splunk Common Information Model (CIM).