From ca72350b582975483f31496b03fc898f7b801fbd Mon Sep 17 00:00:00 2001
From: "Mr.Un1k0d3r" <mr.un1k0d3r@gmail.com>
Date: Fri, 11 Aug 2017 15:33:36 -0400
Subject: [PATCH] Update recon-rename-wmi-cmd-evasion.json

---
 configs/recon-rename-wmi-cmd-evasion.json | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/configs/recon-rename-wmi-cmd-evasion.json b/configs/recon-rename-wmi-cmd-evasion.json
index f68666e..b402e87 100755
--- a/configs/recon-rename-wmi-cmd-evasion.json
+++ b/configs/recon-rename-wmi-cmd-evasion.json
@@ -1,15 +1,15 @@
 {
-	"description": "Recon payload with powershell renaming, and PS command execution via WMI, including evasion",
+	"description": "Recon payload with powershell renaming, and PS command execution via WMI, including process check evasion",
 	"template": "templates/payloads/recon-rename-wmi-cmd-evasion.vba",
 	"varcount": 150,
 	"encodingoffset": 4,
 	"chunksize": 200,
 	"encodedvars":{
 				"URL":"FULL URL THAT LOGS POST REQUESTS",
-                "PROCESS_NAME":"outlook.exe",
-                "SRC": "C:\\Windows\\System32\\WindowsPowershell\\v1.0\\powershell.exe",
-                "DST": "FILENAME.EXE",
-                "TEMP": "TEMP"
+                		"PROCESS_NAME":"outlook.exe",
+                		"SRC": "C:\\Windows\\System32\\WindowsPowershell\\v1.0\\powershell.exe",
+                		"DST": "FILENAME.EXE",
+                		"TEMP": "TEMP"
 			},
 	"vars": 	[],
 	"evasion": 	["encoder", "process"],