[WMI 를 이용한 악성코드 실행 참고] EventFilter 조회: Get-WMIObject -Namespace root\Subscription -Class __EventFilter EventConsumer 조회: Get-WMIObject -Namespace root\Subscription -Class __EventConsumer FilterToConsumerBinding 객체 조회: Get-WMIObject -Namespace root\Subscription -Class __FilterToConsumerBinding EventFilter 제거: Get-WMIObject -Namespace root\Subscription -Class __EventFilter -Filter "Name='Filter_Name'" | Remove-WmiObject -Verbose EventConsumer 제거: Get-WMIObject -Namespace root\Subscription -Class CommandLineEventConsumer -Filter "Name='Consumer_Name'" | Remove-WmiObject -V..........
원문 링크 : WMI 를 이용한 악성코드 실행 참고
