During puppet agent init we see this happening powershell created file v0atdwrm.dll

with Windows Defender ATP on a windows 2019 server that is configured / managed by Foreman with Puppet, we are seeing the :\ProgramData\PuppetLabs\puppet\cache\lib\templates\init.ps1 start and create a file.

powershell created file v0atdwrm.dll

then a message that
AutoKMS Hacktool was prevented
AutoKMS malware was prevented on IIS Web Server

My question… is the creation of this DLL v0atdwrm.dll normal for this process?

Also does this happen each time puppet agent communicates back to foreman?

thanks in advance

Has anyone seen Puppet Foreman use this init.ps1 and it creating the dll v0atdwrm.dll