This detection rule targets potential DLL hijacking of the 'iertutil.dll' associated with the DCOM InternetExplorer.Application class over a network. DLL hijacking is a technique often used by attackers to execute unauthorized code by placing a malicious DLL file in the environment's search path. In this case, the detection rule identifies if the legitimate 'iertutil.dll' is being accessed in suspicious contexts, specifically when it is loaded from the 'System' image. This is crucial given that 'iertutil.dll' plays a vital role in the functioning of Internet Explorer, and such hijacking can lead to significant lateral movement across networks. The rule is associated with lateral movement tactics identified by ATT&CK techniques T1021.002 and T1021.003. The detection strategy utilizes file events generated on Windows systems to capture attempts at unauthorized interactions with this particular DLL.