This detection rule focuses on identifying unauthorized modifications to the Windows registry that result in the hiding of file extensions. It specifically targets keys associated with user preferences in Windows Explorer. There are two key registry values that are monitored: 'HideFileExt' set to DWORD (0x00000001) and 'Hidden' set to DWORD (0x00000002). If either of these values is detected with the specified settings, it may indicate malicious activity attempting to obscure certain file extensions from being displayed in Windows Explorer, thereby complicating the identification of malicious files or activities by the user. The rule's condition states that if either of these selections is present in the registry, it will trigger an alert. It is recognized that legitimate administrative scripts may trigger false positives, which should be considered during the analysis of alerts generated by this rule.