This detection rule is designed to identify obfuscated PowerShell command invocations that utilize the Invoke-Obfuscation framework, specifically through the IEX (Invoke-Expression) command. The rule detects variations of such commands that are commonly used to execute malicious scripts embedded within obfuscated strings. The detection employs a series of regular expressions (regex) that search the command line arguments of process creations for specific patterns indicative of obfuscation techniques employed by attackers. The detection logic looks for references to `$PSHome`, `$ShellId`, and environment variables such as `$env:Public` and `$env:ComSpec`, which are manipulated in ways that suggest an attempt to hide the true intent of the command execution. Additionally, the rule includes checks for other common obfuscation tactics, such as string manipulations that could indicate the presence of malicious actions being performed under the guise of normal operations.