This detection rule identifies the use of obfuscated PowerShell commands executed through the standard input (stdin) in scripts, specifically targeting actions logged by the Service Control Manager in Windows. The rule monitors for the creation of new service entries (Event ID 7045) that contain specific characteristics indicative of obfuscation techniques. For instance, it looks for the presence of the commands 'set' and '&&' in the ImagePath, along with keywords like 'environment', 'invoke', and 'input'. By focusing on these patterns, the rule aims to flag potential malicious behavior exploiting PowerShell's capabilities for defense evasion and execution. This detection is crucial as attackers often utilize obfuscation methods to bypass security controls and execute harmful scripts under the radar.