This detection rule identifies a specific malicious activity where the DSParse DLL is loaded by various Microsoft Office applications. The rule focuses on monitoring processes such as Excel, PowerPoint, Word, Outlook, and others that typically should not load this DLL. Loading of the DSParse DLL in this context might indicate an attempt at employing advanced parsing capabilities for unauthorized access or manipulation of Active Directory data. The rule leverages image load event logging within the Windows environment to detect instances where the DSParse DLL is loaded by specified Office applications, which can often be a vector for attackers attempting to exploit weaknesses in these commonly used software. By focusing on the process names and the presence of this DLL, the rule aims to provide a proactive defense mechanism against such exploitation tactics.