This detection rule identifies the execution of UACMe, a utility commonly used for bypassing User Account Control (UAC) on Windows systems. UACMe is recognized by its unique product name, specific company names associated with its development, descriptive metadata, or its original file names such as 'Akagi.exe' and 'Akagi64.exe'. The rule leverages several conditions including parsing the process creation metadata for key attributes, supported by hash values known to correspond with UACMe's binaries. The detection collects data from process creation logs and aims to flag instances where this tool is executed, representing potential malicious activity related to privilege escalation and defense evasion. Given the nature of UAC bypassing tools, this rule is crucial in environments that require strict adherence to security protocols, especially concerning user privileges.