This detection rule focuses on suspicious PowerShell command execution, specifically targeting instances where PowerShell is launched with base64 encoded commands. Attackers often utilize encoded commands to obfuscate malicious intents, and this rule aims to identify such activities, which are commonly associated with threats like Emotet. The rule monitors for processes initiated by PowerShell (`powershell.exe` or `pwsh.exe`) where the command line includes flags and patterns indicative of base64 encoded content or remote signed execution policies. The detection conditions require that at least one of several encoded command patterns or standalone execution patterns is met while ensuring the process is a valid PowerShell invocation.