This detection rule aims to identify the use of COM objects in PowerShell scripts which can be exploited to download files, typically indicating a potential command-and-control (C2) activity or malicious download scenario. The detection hinges upon recognizing specific CLSIDs (Class Identifiers) associated with COM objects that have known capabilities to facilitate file downloads. Monitoring for script block logging, this rule queries the presence of specific text patterns (including '[Type]::GetTypeFromCLSID(') found in PowerShell script blocks. The CLSIDs of interest, listed in the rule, are linked to legacy or commonly abused functionalities such as web browsing and file handling that an attacker may misuse for illicit purposes. If triggered, it warrants further investigation of the associated activity to determine if it was a legitimate action or a malicious exploit.