Remdiation

These artifacts remediate compromizes endpoints.

Windows.Remediation.ScheduledTasks

Remove malicious task from the Windows scheduled task list.

Danger: You need to make sure to test this before running.

Arg Default Description
script Unregister-ScheduledTask -TaskName “%s” -Confirm:$ …
TasksPath c:/Windows/System32/Tasks/**
ArgumentRegex ThisIsAUniqueName
CommandRegEx ThisIsAUniqueName
ReallyDoIt N
View Artifact Source