This detection rule identifies instances of the Windows Registry Editor (regedit.exe) being executed with elevated privileges by either the TrustedInstaller process or ProcessHacker. Privilege escalation is a common tactic used by attackers to gain administrative permissions to execute malicious payloads. The rule applies to process creation events within the Windows operating environment, monitoring for regedit.exe invoked by its specified parent processes. If detected, this could indicate potentially malicious behavior, often associated with the unauthorized modification of system and application settings, or the creation of persistent threats.