This detection rule identifies the use of Impacket's `psexec.py`, a common tool leveraged for lateral movement within networks to execute commands on remote systems. Specifically, it monitors for event logs indicating file share access related to the IPC$ (Inter-Process Communication) share, which is often used by `psexec.py` to establish a remote command execution context. The rule relies on detecting EventID 5145 for security events that signal access to the file share, with the target name reflecting the use of remote command components (stdin, stdout, stderr) typical of Impacket. Proper configuration of the Windows Advanced Audit Policy is necessary to capture these events adequately.