This detection rule identifies potentially unwanted applications (PUAs) through the usage of 'wsudo', a Windows utility that allows users to execute programs with elevated privileges such as System, Trusted Installer, or Administrator. The rule monitors for specific metadata indicative of wsudo execution, including file paths, original file name, and command-line arguments that involve privilege escalation. A focus is placed on ensuring that the command-line input associated with wsudo is monitored for suspicious patterns, particularly those that specify elevated users. Users executing this tool in unusual or malicious contexts may indicate an attempted privilege escalation attack, hence requiring close scrutiny.