Tag
Attackers may use csc.exe to compile .NET code on the fly to evade detection, often placing the compiler and source code in suspicious locations, which can be detected by monitoring process creation events.