The detection rule has been created to identify potential DLL sideloading activities specifically involving "SmadHook.dll", which is associated with the SmadAV antivirus application. DLL sideloading is a technique used by attackers to execute malicious DLLs by tricking legitimate applications into loading them, thereby bypassing security measures. This rule targets instances where the SmadHook.dll files (`SmadHook32c.dll` and `SmadHook64c.dll`) are loaded, while also ensuring that they are not loaded from the expected legitimate paths (e.g., those associated with the installed SmadAV applications). This approach helps to reduce false positives and accurately flag malicious activity. As a precaution, this rule applies a high severity level given the implications of privilege escalation and defense evasion that can arise from such unsanctioned DLL loading.