A technique that exploits Windows 10 Microsoft Store called ‘wsreset.exe’ can delete bypass antivirus protection on a host without being detected. The tool will delete files present in these folders, thereby “resetting”” the cache and cookies for the Windows Store application. The exploitation technique relies on a simple concept of fold junctions which are similar to a more limited version of symbolic links (symlinks) An attacker can create a link that points this path to a target directory of attacker s choice
Source: security