Tag
Adversaries may use unusual parent processes to execute .NET compilers for compiling malicious code after delivery, evading security mechanisms, and this activity is detected by monitoring compiler executions initiated by scripting engines or system utilities.