This detection rule is designed to identify the execution of the PsExec service (PSEXESVC.exe) on Windows systems. PsExec is a utility that allows administrators to execute processes on remote systems using a command line interface. The detection focuses specifically on the launch of the PSEXESVC service, which may indicate that the system is under the control of an attacker utilizing PsExec for remote code execution. This is particularly relevant in scenarios where unauthorized remote access or lateral movement is a concern. The rule utilizes process creation logs to determine if the PsExec service has been initiated, checking specifically for the file path of PSEXESVC.exe and its original file name. False positives may arise from legitimate administrative tasks conducted by system administrators using PsExec for valid purposes. The authors of this rule are Thomas Patzke, Romaissa Adjailia, and Florian Roth from Nextron Systems, and it has undergone revisions with the last modification on February 28, 2023. The rule is currently in a test status and is categorized under medium severity level.