Closed joaociocca closed 1 year ago
Hmm, I don't know why it would do this, but I don't feel like a program kicking off PowerShell is, by itself, enough to merit a WTFBin. If it were a bizarre domain or base64 encoded, maybe. Even -ep bypass
is common enough.
I'm going to pass on this one for now, but I really appreciate the submission! Keep WTFBins in mind in the future!
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass -Command "((New-Object System.Net.WebClient).OpenRead('https://www.microsoft.com')).CanRead"