This detection rule identifies potential persistence mechanisms exploited via the Outlook Today page on Windows. An attacker could manipulate registry settings, specifically the 'URL' and 'UserDefinedUrl' values under the Outlook registry path, to execute malicious code. The rule focuses on registry modifications related to Outlook under the Software\Microsoft\Office or Software\Microsoft\Outlook directory. It looks for specific DWORD values that may indicate persistent behaviors, notably when the 'Stamp' value is set to 1. The detection logic excludes cases where the changes are made by legitimate Click-To-Run office images, thus reducing false positives. This method of establishing persistence is notable due to its subtlety and the potential for misuse within enterprise environments, warranting high alert status for cybersecurity teams.