Tag
The analytic detects suspicious PowerShell script execution involving the cryptography namespace (excluding SHA and MD5) via EventCode 4104, often associated with malware that decrypts or decodes additional malicious payloads leading to further code execution, privilege escalation, or persistence.