This detection rule focuses on identifying potentially malicious inline execution of PowerShell commands originating from external files. It looks for specific command patterns in the command line arguments associated with process creation in a Windows environment. The rule inspects commands that include keywords such as 'iex', 'Invoke-Expression', 'Invoke-Command', and 'icm', which are common indicators of executing inline scripts or commands in PowerShell. Additionally, the rule checks for commands that indicate reading from a file such as 'cat', 'get-content', or 'type', as well as the use of the '-raw' argument. The conditions stipulate that all specified selections must be met to trigger the alert, minimizing false positives from benign use. This is especially critical for defending against attacks that utilize PowerShell abuse techniques known to execute malicious scripts stealthily.