This detection rule identifies modifications to registry keys specifically for 'OracleOciLib' and 'OracleOciLibPath' found under the 'MSDTC' (Microsoft Distributed Transaction Coordinator) settings in Windows environments. Attackers may exploit these registry settings to redirect legitimate library calls (specifically to 'oci.dll') to a malicious counterpart, thereby enabling DLL hijacking and potential compromise of the MSDTC service. The detection logic analyzes if the registry modifications are occurring and employs filtering to ensure that the changes are not expected or benign. A high alert level indicates significant risk, and mitigation efforts should focus on monitoring and investigating any unauthorized changes to these registry keys.