This detection rule identifies the obfuscated use of environment variables to execute PowerShell commands on Windows systems. It specifically targets instances where a command containing the `cmd` function is used in a particular form that signifies an attempt to obfuscate malicious activity. The detection logic is applied to the process creation logs and looks for command line arguments that match a regex pattern indicative of environment variable manipulation, combining both the execution of commands and the use of PowerShell's scripting capabilities. Detection is performed by evaluating the creation of a process with command line parameters that exhibit the known signature of obfuscation patterns, which often include setting environment variables to store and execute malicious scripts. By flagging these instances, the rule aims to uncover advanced persistent threats and script-based attacks that utilize this evasion technique.