Microsoft Defender Antivirus

Static Analysis

Shellcode loader

Dynamic Analysis

Process Injection

Antimalware Scan Interface AMSI

Open-Source Software

User Account Control UAC bypass

AppLocker

PowerShell ConstrainedLanguage Mode

Search for Directories with write and execute permissions

C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe 64

C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe   32