This detection rule identifies potential homoglyph attacks that utilize unicode characters appearing identical to ASCII characters for obfuscation or masquerading purposes. By monitoring process creation events on Windows systems, the rule checks for command-line inputs that contain specific unicode characters which closely resemble Latin letters but are actually different characters from Cyrillic and Greek alphabets, thus allowing malicious actors to disguise commands. The rule is focused on 'perfect' homoglyphs that can be manipulated to deceive users or security mechanisms. It requires careful tuning due to the presence of legitimate Cyrillic language users that may trigger false positives. Therefore, any anomaly in command-line inputs containing these characters may alert security personnel to a potential attack.