Autoruns : Autorunsc 11.61 CSV output missing PRESHA headers

Author: BSOD2600
Subject: Autorunsc 11.61 CSV output missing PRESHA headers
Posted: 21 June 2013 at 10:14pm

It appears the CSV headers for autorunsc are misaligned with the data outputted. Looks like the PESHA1 and PESHA256 field headers are missing. Plus it's labeling the PESHA1 hash as SHA256.

Examples.

Normal run (trimmed):


D:\Scripts\HarvestAutoruns>autorunsc -a -f -v
?
Sysinternals Autoruns v11.61 - Autostart program viewer
Copyright (C) 2002-2013 Mark Russinovich and Bryce Cogswell
Sysinternals - www.sysinternals.com


HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
   Entry last modified: 6/12/2013 5:12 AM
   autocheck autochk *
     autocheck autochk *
     Auto Check Utility
     (Verified) Microsoft Windows
     6.1.7601.17514
     c:\windows\system32\autochk.exe
     11/20/2010 2:28 AM
     MD5:      3b536a8bec3b4f23ffdfd78b11a2ab93
     SHA1:     a017204d7e47bc183d81dcabf047dea32b120343
     PESHA1:   848E6BC7B8266497B64ADD8304AA839D5962BF61
     PESHA256: 7384E6AE5F06DF4BE58F27A2337CFF327B1361028AC39E6D3D475FB392814F0D
     SHA256:   7bc847ce6c2d29c334f0d1600bbbde3933ff45f6bee5186f442e6270a3f9ec4e

Now export to CSV


D:\Scripts\HarvestAutoruns>autorunsc -a -f -v -c > foo.csv

Sysinternals Autoruns v11.61 - Autostart program viewer
Copyright (C) 2002-2013 Mark Russinovich and Bryce Cogswell
Sysinternals - www.sysinternals.com

foo.csv contains the following (trimmed):


Time,Entry Location,Entry,Enabled,Category,Description,Publisher,Image Path,Launch String,MD5,SHA-1,SHA-256
11/20/2010 2:28 AM,"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute","autocheck autochk *",enabled,"Boot Execute","Auto Check Utility","(Verified) Microsoft Windows","c:\windows\system32\autochk.exe","autocheck autochk *",3b536a8bec3b4f23ffdfd78b11a2ab93,a017204d7e47bc183d81dcabf047dea32b120343,848E6BC7B8266497B64ADD8304AA839D5962BF61,7384E6AE5F06DF4BE58F27A2337CFF327B1361028AC39E6D3D475FB392814F0D,7bc847ce6c2d29c334f0d1600bbbde3933ff45f6bee5186f442e6270a3f9ec4e

Import into Excel and transpose to get this:

Time	11/20/2010 2:28
Entry Location	HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
Entry	autocheck autochk *
Enabled	enabled
Category	Boot Execute
Description	Auto Check Utility
Publisher	(Verified) Microsoft Windows
Image Path	c:\windows\system32\autochk.exe
Launch String	autocheck autochk *
MD5	3b536a8bec3b4f23ffdfd78b11a2ab93
SHA-1	a017204d7e47bc183d81dcabf047dea32b120343
SHA-256	848E6BC7B8266497B64ADD8304AA839D5962BF61
	7384E6AE5F06DF4BE58F27A2337CFF327B1361028AC39E6D3D475FB392814F0D
	7bc847ce6c2d29c334f0d1600bbbde3933ff45f6bee5186f442e6270a3f9ec4e

No PESHA1 and PESHA256 fields.

Autoruns : Autorunsc 11.61 CSV output missing PRESHA headers

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

Ominde Commission Report and Recommendations – Ominde Report of 1964

Bureau of Internal Revenue: Regional Offices (Directory)

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

Mp3 Download: Mdu - Kunjenjenjena

How the kill the job , when DTP request running for long hours.

Microsoft Intune から展開しているアプリのアップデートについて

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

Car crash in Dunton Bassett leaves driver in critical condition

Macky 2, Two Others In Road Accident

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

Detroit mafia: D’Anna Brothers agree to plea deal

Delivery block field greyed out using VA02

Muloraki Au

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出ｗ【リベンジポルノ】＠PornHub

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

FIAT 500 B0111 B0112