This rule aims to detect the execution of a Microsoft signed PowerShell script named 'UtilityFunctions.ps1' that invokes a managed DLL, indicative of potential defense evasion techniques employed by threat actors. The detection is triggered when the command line of a process creation event contains references to 'UtilityFunctions.ps1' or 'RegSnapin'. The rule is categorized under the attack tactics of defense evasion and the Techniques T1216, which relates to the use of scripts for malicious purposes. This detection strategy specifically looks for anomalies around scripted interactions that may be utilized to bypass security monitoring, leveraging trusted application sources to obscure nefarious activities. Security teams should be aware of this mechanism, as the usage of such scripts in atypical contexts may signal an ongoing attack or unauthorized activity within the Windows operating environment.