Do you have a look at the "other Microsoft Binaries" executables and pay special attention to the ones with download and execute capabilities see LOLBASHi,
Can you please tell me what type of Scriptors are hard to detect? We can adjust the Automatic Mode. Thanks.
Two examples Squirrel and Appvlp
Squirrel.exe is part of Microsoft Teams and is intended to update (a part) of Microsoft teams, but it has generic download and limited execute capabilities or
Appvlp.exe which is part of Microsoft Office can execute stuff and the beauty of most of the "other Microsoft Binaries" is all their all M$ signed and run with standard user rights.
Last edited by a moderator: