This detection rule identifies unauthorized modifications to the Windows registry that may be employed to conceal internal tools or functionalities from users, a technique frequently used by malware such as Agent Tesla and Hermetic Wiper. Specifically, the rule monitors changes to certain registry keys that, when set to specific DWORD values, indicate an attempt to hide certain features from the user interface. The rule uses two selection sets: the first checks if particular keys related to hiding the system clock, health, network, power, and volume have been modified to a value of `0x00000001`, while the second set checks for keys indicating display settings that are modified to `0x00000000`. An alert is triggered if any of these conditions are met, which could suggest malicious activity. False positives may occur from legitimate administrative scripting actions that modify these registry settings for valid operational purposes.