This rule aims to detect the presence of registry keys that are created during the execution of the Azorult malware. Azorult is a notorious information-stealing Trojan that targets users' sensitive data. The detection is based on specific Windows Event IDs related to registry modifications, particularly focusing on entries under the 'SYSTEM\services\localNETService' path. The rule triggers when registry events (Event ID 12 or 13) indicate that the specified target object is present, which signifies potential malicious behavior associated with the Azorult threat. This rule is critical to implement as it allows for the identification of a key indicator of compromise linked with the Azorult malware, enabling rapid response to suspected infections.