This detection rule identifies potentially malicious PowerShell command lines that employ base64 encoded strings to obfuscate their true intent. It focuses specifically on command lines associated with the execution of PowerShell, which is a common vector for system exploitation and malware execution. The rule targets instances where command lines contain specific encoded strings, often indicating that the execution is intentional to execute commands hidden from the user. By monitoring the creation of processes related to 'powershell.exe' or 'pwsh.exe', and checking for certain obfuscating patterns within the command argument, this rule effectively reveals possible attacks leveraging encoded PowerShell scripts. The use of expected operational behaviors, such as a command containing the keyword 'hidden', alongside detecting the specified base64 patterns enhances detection efficacy while minimizing false positives.