I recently noticed multiple PowerShell windows popping up at logon. I didn't think much of it until I looked through Task Scheduler and I found a script that triggers at logon (powershell.ps1). I found another related script (update.ps1), slightly different in 2 locations (C:/ProgramData and C:/Windows). The updates.ps1 script is obfuscated, leading me to believe it's malware. What are your thoughts on this?
[link] [comments]
from hacking: security in practice https://ift.tt/YPJaHqT
Comments
Post a Comment