This detection rule identifies potentially obfuscated or encoded PowerShell commands executed through command-line interfaces on Windows systems. The focus is on detecting various patterns associated with encoding methods typically used by malicious actors to evade detection through obfuscation techniques. The rule monitors the command-line arguments provided to PowerShell processes, specifically looking for a combination of coding functions such as 'ToInt', 'ToDecimal', 'ToByte', 'ToUint', and others, as well as commonly used string manipulation functions like 'char', 'join', and 'split'. By detecting these patterns, security teams can flag potentially harmful scripts that may be utilizing PowerShell's functionality for malicious purposes. This rule contributes to the broader objective of detecting PowerShell abuse in the enterprise environment and requires both the presence of specific PowerShell images and the violation of established command-line patterns to trigger an alert.