This detection rule aims to identify potentially malicious activities involving the downloading of Dynamic Link Library (DLL) files via PowerShell's Invoke-WebRequest cmdlet. It specifically searches for command line invocations that utilize `Invoke-WebRequest` or its alias `IWR` along with parameters indicative of a download that includes an HTTP URL, specifies an output file with `Out-File`, and concludes with the `.dll` file extension. By monitoring these command lines in process creation logs, the rule can flag potentially suspicious behavior that may signal command-and-control communications or the execution of unauthorized scripts, particularly those attempting to introduce harmful DLL files into the system. This is especially relevant in modern attack vectors where attackers may utilize scripting languages like PowerShell to manipulate Windows environments covertly while evading traditional security measures.