This detection rule identifies suspicious changes to the Windows registry, specifically targeting the 'ShowCompColor' and 'ShowInfoTip' values under the path 'Microsoft\Windows\CurrentVersion\Explorer\Advanced'. Such modifications have been associated with the Hermetic Wiper malware, commonly used for data manipulation and obfuscation. The rule utilizes the Endpoint.Registry data model and leverages Sysmon event logs (specifically EventID 12 and EventID 13) to monitor registry modifications, establishing a link between detected changes and potential malicious behaviors. The significant risk lies in the alteration of file attributes and interface presentations, which can mislead users and enable further security breaches.