~/Privilege Escalation/Windows/Binaries# cat Wsreset.exe.md █
Used to reset Windows Store settings according to its manifest file
Paths:
C:\Windows\System32\wsreset.exe
Detection: wsreset.exe launching child process other than mmc.exe Creation or modification of the registry value HKCU\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\Shell\open\command
UAC bypass
During startup, wsreset.exe checks the registry value HKCU\Software\Classes\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\Shell\open\command for the command to run. Binary will be executed as a high-integrity process without a UAC prompt being displayed to the user.
wsreset.exe