This detection rule monitors modifications to the Autostart Extensibility Point (ASEP) specific to Internet Explorer by observing relevant changes in the Windows Registry. The registry paths of interest include those for both 32-bit and 64-bit installations of Internet Explorer, particularly focusing on keys associated with toolbars, extensions, and explorer bars. The rule utilizes various filters to distinguish significant changes that could indicate malicious activity, specifically excluding changes made by legitimate software installations or administrative configurations. By identifying unauthorized modifications, the rule helps in detecting persistence mechanisms that malware might employ through Internet Explorer.