Unknow Task scheduled that launches powershell with obfuscated command

  • Thread starter Thread starter ~Mohamed~
  • Start date Start date
M

~Mohamed~

Guest
Hello everyone, I've been noticing occasional flashes of the PowerShell window on my computer, which prompted me to investigate further. Upon investigation, I discovered that a PowerShell command is being executed. The command is heavily obfuscated, making it difficult to understand its purpose. Using Procmon.exe, I traced the parent process back to svchost, which seems to be launching the PowerShell instance through scheduled tasks. Although I've checked the Windows Task Scheduler, I couldn't find any suspicious tasks there. However, after looking through the currently running tasks, I identi

Continue reading...
 
You must log in or register to reply here.

Similar threads

M
Unknow Task scheduled that launches powershell with obfuscated command
Replies
0
Views
5
~Mohamed~
M
K
Create an advanced Scheduled Task from the Command Line
Replies
0
Views
21
KatrinaM_14
K
K
Create an advanced Scheduled Task from the Command Line
Replies
0
Views
27
KatrinaM_14
K
D
Command runs successfully from a cmd prompt, but not when using Task Scheduler
Replies
0
Views
47
Dana803
D
C
Task Scheduler : what is the impact of a user account with no password ?
Replies
0
Views
32
Clairvaux
C
Back
Top