This detection rule identifies the launch of the Windows Remote Desktop Client (mstsc.exe) with specific command line arguments: "/v" and "/admin". The "/v" argument specifies the remote host to connect to, while the "/admin" flag allows the user to connect to the console session of the target system. This functionality can be exploited by attackers for privileged remote access to a system, often without leaving signs of typical login activity associated with non-admin sessions. While legitimate for system administrators, such usage is atypical for standard user behavior. Thus, this rule can help in detecting potentially malicious activity during lateral movement in a network, especially aiming at high-value systems.