mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-30 16:54:00 +01:00
676 B
676 B
Xwizard.exe
- Functions: DLL hijack, Execute
xwizard.exe
Xwizard.exe will load a .DLL file located in the same directory (DLL Hijack) named xwizards.dll.
xwizard RunWizard {00000001-0000-0000-0000-0000FEEDACDC}
Xwizard.exe running a custom class that has been added to the registry.
-
Resources:
-
Full path:
- c:\windows\system32\xwizard.exe
- c:\windows\sysWOW32\xwizard.exe
-
Notes: Thanks to Adam - @Hexacorn, Nick Tyrer - @nicktyrer