This analytic rule identifies unauthorized access attempts to Outlook credentials stored in the Windows registry by monitoring Windows Security Event logs, specifically EventCode 4663. The rule triggers on access to certain registry paths associated with Outlook profiles, which is critical as such access may indicate malicious intent aimed at stealing sensitive email credentials. Detection of this activity is important as it can lead to unauthorized email account access, potential exfiltration of sensitive information, user impersonation, or execution of further unauthorized activities within the Outlook application. Users should ensure event tracking for the specified registry paths to enhance email credential security.