rcegan
commented
1 year ago - Contributor Name: rcegan
- Application/Executable: Azure Connected Machine Agent - gc_worker.exe
- WTF Behavior Description: Spawns a process that runs encoded Powershell strings. Triggers when the agent downloads new policies from Azure.
- Link to Documentation of Behavior: N/A - I can't find any resources online that mention this behaviour.
- Please provide any images for additional evidence.
mttaggart