J
Jose Mendoza5
I have some odd powershell codes running in some of my computers and research I have done suggests they may not be malicious but I wanted to verify.Sample 1
owershell.exe -ExecutionPolicy Restricted -Command $Res = 0; $Infs = Get-Item -Path ($env:WinDir + '\inf\*.inf'); foreach ($Inf in $Infs) { $Data = Get-Content $Inf.FullName; if ($Data -match '\[defaultinstall.nt(amd64|arm|arm64|x86)\]') { $Res = 1; break; } } Write-Host 'Final result:', $Res; Sample2: powershell.exe -NoProfile -Noninteractive get-computerinfo -property OSName > C:/windows/temp/49B16F3E-9A1D-4EC3-9B1C-ED2117B1C159These
Continue reading...
owershell.exe -ExecutionPolicy Restricted -Command $Res = 0; $Infs = Get-Item -Path ($env:WinDir + '\inf\*.inf'); foreach ($Inf in $Infs) { $Data = Get-Content $Inf.FullName; if ($Data -match '\[defaultinstall.nt(amd64|arm|arm64|x86)\]') { $Res = 1; break; } } Write-Host 'Final result:', $Res; Sample2: powershell.exe -NoProfile -Noninteractive get-computerinfo -property OSName > C:/windows/temp/49B16F3E-9A1D-4EC3-9B1C-ED2117B1C159TheseContinue reading...