This detection rule identifies modifications to autostart extensibility points (ASEPs) in the Windows Registry relevant to Microsoft Office applications. ASEPs are registry entries that allow for the automatic loading of applications or add-ins when Office applications such as Word, Excel, and Outlook are started. The rule focuses on two primary areas in the registry: `HKEY_CURRENT_USER\Software\Microsoft\Office` and `HKEY_LOCAL_MACHINE\Software\Microsoft\Office`, particularly evaluating changes to add-ins for Word, PowerPoint, Excel, Outlook, and other Office applications. The detection criteria includes a comprehensive filter to exclude known legitimate modifications, such as those made during software installations, thus reducing false positives. The rule includes various conditions centered on filtering paths that are associated with legitimate Office installations and those that trigger the loading of potentially harmful add-ins.