-
CCM.exe (SCCM)
Windows Config Manager CCM.exe runs b64-encoded powershell.
-
SentinelOne
EDRs 🤝 Malware
Encoded PowerShell
-
Snow Inventory Agent for Windows
Yet another PowerShell weirdo.
-
gc_worker.exe
Base64-encoded PowerShell from Azure's own agent!