This detection rule targets the obfuscated execution of PowerShell commands via standard input (stdin) on Windows systems. It looks for specific patterns in the command line of processes that involve the invocation of PowerShell with obfuscation techniques. The rule's regex pattern is designed to detect instances where PowerShell is executed with certain parameters implying the use of obfuscated input, such as 'cmd /c' followed by 'powershell' and includes markers suggesting input redirection or continuation (e.g., using the noexit flag). The rule helps identify behavior consistent with some evasion techniques employed by attackers.