botherder / pcqf

pcqf (PC Quick Forensics) helps quickly gathering forensic evidence from Windows, Mac, and Linux systems, in order to identify potential traces of compromise.
Other
133 stars 20 forks source link

Autostart links on Windows only store the .lnk file #5

Open aticu opened 1 year ago

aticu commented 1 year ago

When an autostart file on Windows uses a .lnk file, only that file is stored, instead of the executable it is pointing to.

While the .lnk is probably also interesting and should be kept, this seems like a trivially easy way for malware to hide itself from pcqf.