This detection rule identifies potentially malicious activity involving command line homoglyphs in Windows environments, where threat actors attempt to evade detection and impersonate legitimate commands using visually similar Unicode symbols. Such attacks can occur with the substitution of characters in process names or commands, using elements from character sets such as Cyrillic, Greek, or full-width Latin letters. The primary objective of this rule is to capture Windows processes that exhibit these Unicode characteristics, exploiting the fact that these homoglyphs may go undetected by typical string-based security measures. The detection logic leverages Sysmon event logs to extract relevant process information and applies a regex pattern to filter for specific Unicode character ranges commonly associated with obfuscation and impersonation attempts. This approach addresses the defense evasion technique of command obfuscation (MITRE T1027.010).