In my case, hard configurator might have blocked it,
Yes, this attack is blocked in H_C by one of the following restrictions:
- Powershell set to Constrained Language Mode (default setting in H_C),
- FirewallHardening (default configuration),
- Blocking PowerShell (custom configuration)
- ConfigureDefender ASR prevalence rule (custom configuratio)
Generally, ClickFix attacks are effectively prevented by blocking outbound connections to popular LOLBins (such as PowerShell).



