title: Decode strings from lnk via findstr.exe status: experimental description: uses findstr.exe to decode strings from lnk file author: Joe Security date: 2019-11-11 id: 200024 threatname: behaviorgroup: 1 classification: 8 mitreattack: logsource: category: process_creation product: windows detection: selection: CommandLine: - '*findstr /b /i *.lnk*' condition: selection level: critical