This analytic rule detects suspicious PowerShell script executions that involve the processing of compressed stream data, which can be indicative of malicious activity. The rule leverages Windows Event Code 4104 from PowerShell's Script Block Logging, specifically looking for script block texts that include the classes `IO.Compression`, `IO.StreamReader`, or any method that utilizes decompression. The significance of this behavior lies in its frequent use by attackers to obfuscate their scripts, facilitating hidden code execution, privilege escalation, or persistence within a system. This detection mechanism is critical in identifying potential threats as attackers often employ these techniques to avoid standard security measures.