This analytic rule detects the execution of a COM object via PowerShell, specifically looking for the creation of a COM object indicated by script block text that includes the invocation of the COM CLSID. The detection leverages Event Code 4104, which relates to PowerShell script block logging. The use of COM objects in PowerShell can be exploited by adversaries for various malicious activities, including privilege escalation and circumventing User Account Control (UAC). The detection can highlight potentially dangerous uses of PowerShell that are characteristic of malware such as Conti ransomware, which seeks to gain unauthorized access or maintain persistence within compromised environments. The rule provides a mechanism for monitoring PowerShell usage, providing incident response teams with critical telemetry for identifying suspicious behaviors in real-time.