Product
Adversaries may bypass process and/or signature-based defenses by proxying execution of malicious content with signed binaries by using rundll32.exe or mshta.exe to execute scripts via HTML applications.