D
DouglasGray4
Good afternoon,I'm using sysmon and I've detected random .ps1 files running across my enterprise at different time intervals. I attempted to locate these .ps1 files on my local system and they have disappeared or been deleted. Is this some normal check that windows automatically runs or potentially something malicious. Below is a snippet of the command that is executed.powershell -ExecutionPolicy ByPass -FILE \"C:\WINDOWS\system32\config\systemprofile\AppData\Local\cccbdc7c6d344222978a1a4d9a67e2ee.ps1\I'm just trying to figure out if this is normal behavior as we're seeing across all workstati
Continue reading...
Continue reading...