Merge branch 'master' into patch-1

LOLLibs.md

@@ -5,6 +5,7 @@ If you are missing from the acknowledgement, please let me know (I did not forge
    
 # OS LIBRARIES
 [Advpack.dll](OSLibraries/Advpack.md)    
+[Desk.cpl.dll](OSLibraries/Desk.cpl.md)    
 [Ieadvpack.dll](OSLibraries/Ieadvpack.md)    
 [Ieframe.dll](OSLibraries/Ieframe.md)    
 [Mshtml.dll](OSLibraries/Mshtml.md)    

OSLibraries/Desk.md

@@ -0,0 +1,25 @@
+## Desk.cpl
+
+* Functions: Execute
+
+```
+rundll32.exe Desk.cpl,InstallScreenSaver c:\temp\calc.scr  
+```
+
+Acknowledgements:
+* Pierre-Alexandre Braeken - @pabraeken
+
+
+Resources:
+* https://twitter.com/pabraeken/status/998627081360695297
+
+Full path:
+```
+c:\windows\system32\Desk.cpl
+c:\windows\sysWOW64\Desk.cpl
+```
+
+Notes:
+
+
+Detection:

OSLibraries/Shell32.md

@@ -7,18 +7,21 @@ rundll32.exe shell32.dll,Control_RunDLL payload.dll
 
 rundll32.exe shell32.dll,ShellExec_RunDLL beacon.exe    
 
-rundll32.exe shell32.dll,ShellExec_RunDLLA beacon.exe
+rundll32.exe shell32.dll,OpenAs_RunDLL c:\temp\calc.hta   
+
+rundll32.exe shell32.dll,ShellExec_RunDLLA beacon.exe   
 ```
 
 Acknowledgements:
-* Pierre-Alexandre Braeken - @pabraeken (ShellExec_RunDLL)
+* Pierre-Alexandre Braeken - @pabraeken (ShellExec_RunDLL)   
-* Vincent Yiu - @vysecurity (ShellExec_RunDLLA)
+* Vincent Yiu - @vysecurity (ShellExec_RunDLLA)   
 
 Code sample:
 * 
 
 Resources:
 * https://twitter.com/pabraeken/status/991768766898941953
+* https://twitter.com/pabraeken/status/998625299976867840
 
 Full path:
 ```