This detection rule focuses on monitoring changes to the 'MaxMpxCt' registry value, which configures the maximum number of outstanding network requests allowable for a server in response to client requests during Server Message Block (SMB) negotiations. Specifically, if this value is modified to exceed 125, older Windows 9x client systems may struggle to connect properly, leading to potential connectivity disruptions. Recent investigations have indicated that ransomware groups, most notably the BlackCat (also known as Alphv) group, have been known to increase this registry value to manage a greater volume of SMB traffic, which is often a tactic employed to facilitate their operations or access to vulnerable systems. By tracking alterations to this value, the rule aids in the detection of potential preemptive actions taken by threat actors, thereby improving incident response times and protecting network integrity.