Hello
I'm checking my Windows 10 workstations and in the system32 folder, I'm getting folders with a date format (20250313), and inside the folder, there's a result in a txt file:
**********************
Windows PowerShell transcript start
Start time: 20240613035627
Username: Domain\SYSTEM
RunAs User: Domain\SYSTEM
Configuration Name:
Machine: ComputerName (Microsoft Windows NT 10.0.19045.0)
Host Application: powershell.exe -ExecutionPolicy Restricted -Command $Res = 0; $Infs = Get-Item -Path ($env:WinDir + '\inf\*.inf'); foreach ($Inf in $Infs) { $Data = Get-Content $Inf.FullName; if ($Data -match '\[defaultinstall.nt(amd64|arm|arm64|x86)\]') { $Res = 1; break; } } Write-Host 'Final result:', $Res;
Process ID: 10816
PSVersion: 5.1.19041.4412
PSEdition: Desktop
PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.19041.4412
BuildVersion: 10.0.19041.4412
CLRVersion: 4.0.30319.42000
WSManStackVersion: 3.0
PSRemotingProtocolVersion: 2.3
SerializationVersion: 1.1.0.1
**********************
**********************
Command start time: 20240613035627
**********************
PS>$Res = 0; $Infs = Get-Item -Path ($env:WinDir + '\inf\*.inf'); foreach ($Inf in $Infs) { $Data = Get-Content $Inf.FullName; if ($Data -match '\[defaultinstall.nt(amd64|arm|arm64|x86)\]') { $Res = 1; break; } } Write-Host 'Final result:', $Res;
Final result: 0
**********************
Command start time: 20240613035633
**********************
PS>$global:?
True
**********************
Windows PowerShell transcript end
End time: 20240613035633
**********************
It appears to be a script running. I'd like to know if it's Lansweeper?
Thanks.
