This detection rule targets a specific method of User Account Control (UAC) bypass within the Windows 10 operating system, utilizing the WSReset.exe utility. WSReset.exe is a legitimate Windows process associated with the Windows Store, which clears the Windows Store cache. However, cyber attackers have exploited this binary to elevate privileges through its execution from low-trust environments, specifically via registry manipulation. This rule monitors registry events to identify when the command associated with a fraudulent AppX package is initiated, signaling a potential UAC bypass attempt. Given the nature of this attack vector, which may lead to privilege escalation in a compromised system, the detection rule is marked with a high severity. Accurate identification of the execution path and the associated objects is crucial for effective threat mitigation and response in a security monitoring landscape.