Windows 10 .ps1 files running from C:\Windows\system32\config\systemprofile\AppData\Local\

  • Thread starter Thread starter DouglasGray4
  • Start date Start date
D

DouglasGray4

Good afternoon,I'm using sysmon and I've detected random .ps1 files running across my enterprise at different time intervals. I attempted to locate these .ps1 files on my local system and they have disappeared or been deleted. Is this some normal check that windows automatically runs or potentially something malicious. Below is a snippet of the command that is executed.powershell -ExecutionPolicy ByPass -FILE \"C:\WINDOWS\system32\config\systemprofile\AppData\Local\cccbdc7c6d344222978a1a4d9a67e2ee.ps1\I'm just trying to figure out if this is normal behavior as we're seeing across all workstati

Continue reading...
 
You must log in or register to reply here.

Similar threads

G
SIHOST64.exe C:\Windows\System32\config\systemprofile\AppData\Roaming\Google\Telemetry/Sihost64.exe
Replies
0
Views
48
Gianpaolo0808
G
F
Windows 10 Why were some of my desktop elements in C:\Windows\system32\config\systemprofile\Desktop\
Replies
0
Views
9
FalcoZero
F
T
Windows 10 Error Message (Windows 10): C:\WINDOWS\system32\config\systemprofile\Desktop is not accessible. Access is denied.
Replies
0
Views
40
TriciaRoush
T
T
Windows 10 C:\Windows\System32\config\systemprofile\Desktop is not accessible after Win10 update.
Replies
0
Views
250
TerryHollett
T
S
Windows 10 Windows 10: Error "Location is Not Available C:\Windows\System32\config\systemprofile\Desktop" and "Attempt was made at a token that does not exist" w
Replies
0
Views
79
Senntisten
S
Back
Top