CHA1NSK1

> That's a really nice analysis tool! Thanks for sharing. You're welcome! You can also add it to repos like PEunion and r77 Rootkit so users can use it to...

> Is this an issue where the `*` character causes PowerShell to malfunction once r77 is installed, or are you suggesting to hide registry value by name using wildcards (`*`)?...

> I can confirm that when r77 is installed, wildcard searches behave differently. When you look at ProcessMonitor, you will see that `RegOpenKey` is used when accessing a key directly....

> I assume you're talking about AMSI within your Powershell process - or in general, not the AMSI bypass of the r77 startup routine? > > If so, then that's...