This detection rule targets suspicious and obfuscated PowerShell commands that are encoded in UTF-16 and Base64, a method often leveraged by attackers to evade detection during execution. Obfuscated commands can disguise malicious behavior, making it crucial to detect these anomalies in command lines associated with process creation on Windows. The rule utilizes a selection of common obfuscated sequence patterns that are indicators of such encoded PowerShell scripts aiming to execute on targeted systems. The rule is part of a preventative security mechanism that monitors process creation and assists security teams in identifying potential command line attacks on the system, thus helping to mitigate risks related to unauthorized IT operations and malware execution.