This detection rule identifies attempts to bypass User Account Control (UAC) on Windows systems through the usage of the DelegateExecute registry key method. This fileless technique leverages registry changes rather than executing traditional executable files to gain elevated privileges, which is a common tactic employed by attackers to evade security controls. The rule specifically looks for modifications to the registry path \open\command\DelegateExecute, with the stipulation that the Details value must be empty. Such an indicator is a clear sign of attempts to manipulate the normal UAC behavior that is designed to prevent unauthorized changes to the system. The detection mechanism operates on registry events and is aimed at identifying one of the many privilege escalation vectors that attackers may utilize during their operations.