This rule detects changes made to the Windows registry that disable the displaying of hidden files and system files by monitoring the 'Hidden' and 'ShowSuperHidden' registry values. When these values are modified to a DWORD (0x00000000), it indicates that hidden files and system files are set to be invisible to the user. This behavior is often exploited by malware to conceal its files from users and security software, thereby facilitating persistence and evasion. The detection uses the registry_set log source category specifically within the Windows operating system. The rule is categorized under attack techniques related to defense evasion, specifically T1564.001, highlighting the strategic misuse of these registry settings by malicious entities. Regular monitoring of these values can help in identifying potentially malicious actions aimed at hiding files on infected systems.