Holy crap, I just traced an infection with Sysmon and the killchain was it trying to launch a .js file with PowerShell, but we remapped .JS to notepad.exe
-
-
Why use either? It'll just confuse the user. Create a new exe that triggers a SOC notification about the parent process and associate with that.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
