This analytic rule detects suspicious modifications to the Windows registry's default icon settings, specifically targeting the registry path associated with default icons in Windows. Such changes are often linked to Lockbit ransomware, a prominent malware known for its impactful attacks. The detection mechanism utilizes data from the Endpoint Registry data model, focusing on modifications within the registry path "*HKCR\\*\\defaultIcon\\(Default)*". These types of alterations are unusual and indicate potential malicious activities, as regular users typically do not alter these critical system settings. If these modifications are confirmed to be malicious, they may contribute to broader ransomware campaigns, risking system integrity and loss of sensitive data.