This detection rule identifies the potential DLL sideloading of non-existent DLLs from system folders on Windows systems. DLL sideloading is a technique often exploited by threat actors to bypass User Account Control (UAC) or escalate privileges. The rule specifically looks for attempts to load certain system DLLs that are not present in their expected directories, indicating a possible security incident. Detected DLLs include TSMSISrv.dll, TSVIPSrv.dll, wbemcomn.dll, WLBSCTRL.dll, wow64log.dll, and WptsExtensions.dll, and the presence of any of these DLL files loaded from a legitimate application that is digitally signed by Microsoft, but not actually found in the system, may trigger the alert. The rule relies on the integrity of the image loading process and analyzes the characteristics of the loaded files to filter out legitimate usages while focusing on suspicious activities.