Martin Fischer

Is this an issue where the `*` character causes PowerShell to malfunction once r77 is installed, or are you suggesting to hide registry value by name using wildcards (`*`)? I'm...

I can confirm that when r77 is installed, wildcard searches behave differently. When you look at ProcessMonitor, you will see that `RegOpenKey` is used when accessing a key directly. However,...

I assume you're talking about AMSI within your Powershell process - or in general, not the AMSI bypass of the r77 startup routine? If so, then that's an interesting thought......

So, the new version **1.5.2** implements a systemwide AMSI bypass by hooking `AmsiScanBuffer` in every process, not just during the startup. Meaning, that any injected process will no longer communicate...

Yeah, the name of the pipe was simply wrong. Also, you only need to send the two bytes of `CONTROL_USER_UNNISTALL` without the other parameters, they will be ignored. Check out...