Description
The program generates base 64 string in powershell completely unnecessary. Such behavior is suspected and will catch a red flag in all intrusion prevention systems. You get under the definition of MITRE TA005 https://attack.mitre.org/tactics/TA0005/.
Description The program generates base 64 string in powershell completely unnecessary. Such behavior is suspected and will catch a red flag in all intrusion prevention systems. You get under the definition of MITRE TA005 https://attack.mitre.org/tactics/TA0005/.
Steps to reproduce Just run program.
"C:\Users\(...)\AppData\Local\Temp\sme-result-xxx-xxx-z4ngip.ha1kh.html
"")Expected behavior Clear text PS command
Environment