Behaviors
List of software behaviors discovered with static code analysis.
Tampers with keyboard bindings. (x1)
stealth
Retrieves the name of the user associated with the process. (x3)
search
Loads additional snap-ins or modules to the current session. (x7)
payload
Interacts with Microsoft .NET Framework code, types and assemblies. (x14)
execution
Executes Pester tests for Windows PowerShell. (x4)
execution
Evaluates code dynamically. (x1)
execution
Downloads or installs modules from remote repositories. (x1)
execution
Creates and interacts with additional .NET objects. (x2)
execution
Might contain potentially obfuscated code or data. (x1)
anomaly
Changes the way PowerShell console reads input. (x1)
anomaly