mirror of
				https://github.com/LOLBAS-Project/LOLBAS
				synced 2025-10-25 23:05:58 +02:00 
			
		
		
		
	putting quotes around strings with special chars
This commit is contained in:
		| @@ -21,7 +21,7 @@ Detection: | ||||
| Resources: | ||||
|  - Link: https://bartblaze.blogspot.com/2019/03/run-applications-and-scripts-using.html | ||||
|  - Link: https://twitter.com/bartblaze/status/1107390776147881984 | ||||
|  Acknowledgement: | ||||
| Acknowledgement: | ||||
|   - Person: Bart | ||||
|     Handle: @bartblaze | ||||
|     Handle: '@bartblaze' | ||||
| --- | ||||
|   | ||||
| @@ -3,18 +3,18 @@ Description: This process is used by AVAST antivirus to run and execute any modu | ||||
| Author: Eli Salem | ||||
| Created: 19\03\2019 | ||||
| Commands: | ||||
|   - Command: "C:\Program Files\Avast Software\Avast\aswrundll" "C:\Users\Public\Libraries\tempsys\module.dll"  | ||||
|   - Command: '"C:\Program Files\Avast Software\Avast\aswrundll" "C:\Users\Public\Libraries\tempsys\module.dll"' | ||||
|     Description: Load and execute modules using aswrundll | ||||
|     Usecase: Execute malicious modules using aswrundll.exe | ||||
|     Category: Execute | ||||
|     Privileges: Any | ||||
|     OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10 | ||||
| Full_Path: | ||||
| - Path: C:\Program Files\Avast Software\Avast\aswrundll | ||||
| - Path: 'C:\Program Files\Avast Software\Avast\aswrundll' | ||||
| Code_Sample:  | ||||
| - Code: ["C:\Program Files\Avast Software\Avast\aswrundll" "C:\Users\Public\Libraries\tempsys\module.dll" "C:\Users\module.dll"] | ||||
| - Code: '["C:\Program Files\Avast Software\Avast\aswrundll" "C:\Users\Public\Libraries\tempsys\module.dll" "C:\Users\module.dll"]' | ||||
| Resources: | ||||
|  - Link: https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil-full-research | ||||
|  Acknowledgement: | ||||
| Acknowledgement: | ||||
|   - Person: Eli Salem  | ||||
|     handle: https://www.linkedin.com/in/eli-salem-954728150 | ||||
|   | ||||
		Reference in New Issue
	
	Block a user