This detection rule monitors for potential COM object hijacking attempts via modifications to the default system CLSID (Class Identifier) values within the Windows registry. By observing changes to specific registry paths that reference InprocServer32 and LocalServer32 default values, the rule aims to identify unauthorized manipulation that can indicate malware persistence mechanisms. The detection logic relies on evaluating target objects for the presence of the CLSID string construction and checks for changes in registry keys located in known suspicious directories such as AppData, Downloads, and Startup locations. The rule is classified as high severity due to the potential implications of COM object hijacking, which can lead to unauthorized code execution or system compromises. Additionally, the rule aims to reduce false positives by emphasizing that such activity is unlikely to be benign. It operates under the Windows registry context and is part of a broader set of techniques documented in the MITRE ATT&CK framework, specifically concerning persistence techniques.