This detection rule identifies the creation of a key file specific to PsExec commands executed on Windows systems. PsExec is a utility that enables the execution of processes on remote systems, which is often abused by attackers for lateral movement within a network. The PsExec commands generate a key file named 'PSEXEC-<timestamp>.key', which is vital for tracking its use. The detection leverages the Windows file event logging system to monitor file creations that match the naming pattern of these key files. Given that these files get registered in the USN Journal upon their creation, the detection rule focuses on file events where the 'TargetFilename' starts with 'C:\Windows\PSEXEC-' and ends with '.key'. The detection is categorized with a high severity level due to the nature of its usage in unauthorized access or privilege escalation scenarios.