p0w3rsh3ll/AutoRuns
🚀AutoRuns is a PowerShell module that will help do live incident response and enumerate autoruns artifacts that may be used by legitimate programs as well as malware to achieve persistence.
PowerShellNOASSERTION
Issues
- 1
Scheduled task msiexec issue
#122 opened by p0w3rsh3ll - 0
- 0
Scheduled task RtkAudUService64_BG
#118 opened by p0w3rsh3ll - 1
OneDrive scheduled task
#96 opened by p0w3rsh3ll - 1
PRM driver ImagePath
#98 opened by p0w3rsh3ll - 0
WinSXS pending
#100 opened by p0w3rsh3ll - 0
OneDrive Reporting task
#101 opened by p0w3rsh3ll - 0
ImagePath of cmd based scheduled task
#102 opened by p0w3rsh3ll - 0
issue with firefox update task
#103 opened by p0w3rsh3ll - 0
Issue with HP scheduled task
#104 opened by p0w3rsh3ll - 0
Issue with HP scheduled task
#105 opened by p0w3rsh3ll - 0
Issue with Office Feature Updates scheduled task
#106 opened by p0w3rsh3ll - 0
- 0
ImagePath for SID 500 is wrong
#109 opened by p0w3rsh3ll - 0
Another anti-cheat driver
#110 opened by p0w3rsh3ll - 0
Issue with FACEIT
#112 opened by p0w3rsh3ll - 0
Issue with driver on another drive
#113 opened by p0w3rsh3ll - 1
Scheduled task with .exe in SysWOW64
#114 opened by p0w3rsh3ll - 0
Scheduled task using %windir%
#115 opened by p0w3rsh3ll - 0
Filepath for group policies
#116 opened by p0w3rsh3ll - 0
Winlogon C885AA15-1764-4293-B82A-0586ADD46B35
#97 opened by p0w3rsh3ll - 0
HKLM...\Terminal Server\...\Run
#94 opened by p0w3rsh3ll - 0
- 0
- 0
Startup (shell folders and user shell folders)
#87 opened by p0w3rsh3ll - 0
Logon new locations introduced in 13.99
#88 opened by p0w3rsh3ll - 0
AutorunsDisabled
#89 opened by p0w3rsh3ll - 0
- 0
- 0
Test-Path throws 'Illegal characters in path.'
#80 opened by p0w3rsh3ll - 1
- 0
Update internal Get-FileHash function
#77 opened by p0w3rsh3ll - 0
Old/New persistence using a Printer Port
#71 opened by p0w3rsh3ll - 0
Teams imagepath
#70 opened by p0w3rsh3ll - 0
Fix the ImagePath of Printer port
#74 opened by p0w3rsh3ll - 0
- 0
- 0
Imagepath for drivers under SysWow64
#52 opened by p0w3rsh3ll - 0
- 0
ImagePath is wrong for schelued task SA3
#59 opened by p0w3rsh3ll - 0
ImagePath is wrong for scheduled tasks MicTray
#60 opened by p0w3rsh3ll - 0
- 1
Lenovo\ImController
#61 opened by p0w3rsh3ll - 0
Dropbox tasks
#63 opened by p0w3rsh3ll - 1
Dropbox.lnk
#64 opened by p0w3rsh3ll - 0
Scheduled task issue: CleanupOldPerfLogs
#50 opened by p0w3rsh3ll - 0
WMI provider issue: MSiSCSIInitiatorProvider
#51 opened by p0w3rsh3ll - 0
- 0
- 1
Startup lnk file has a wrong image path
#43 opened by p0w3rsh3ll