The analytic detects suspicious usage of the `GetProcAddress` function within PowerShell script blocks, specifically through the analysis of PowerShell Script Block Logging, which records event code 4104. This method captures the complete PowerShell command and logs it into Windows event logs. The occurrence of `GetProcAddress` in PowerShell indicates a deviation from typical script behavior and is often leveraged by threat actors to execute arbitrary code, potentially leading to system compromise. Analysts are advised to examine concurrent processes and the full context of the logged script block for signs of malicious activity.