This rule detects potential adversary actions that involve replacing a desktop wallpaper on Windows systems using PowerShell. The specific indicators of such activity include the script block text containing references to registry modifications related to the desktop wallpaper settings, particularly under `HKEY_CURRENT_USER\Control Panel\Desktop\WallPaper` as well as the use of the `SystemParametersInfo` function which is responsible for changing system parameters, including the desktop background. If either of these script conditions are met, the rule triggers an alert, suggesting possible unauthorized or malicious activity aimed at altering user environments for intimidation or other purposes. The rule is contingent upon having Script Block Logging enabled.