From 83d5b8c5d8abd634d7073b7978272f2d9f30a55f Mon Sep 17 00:00:00 2001
From: Thomas Defise <t.defise@gmail.com>
Date: Wed, 11 Nov 2020 10:35:56 +0100
Subject: [PATCH] Added two the HKCU location

---
 PowerUp/PowerUp.ps1 | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/PowerUp/PowerUp.ps1 b/PowerUp/PowerUp.ps1
index c29ee81..381f11f 100644
--- a/PowerUp/PowerUp.ps1
+++ b/PowerUp/PowerUp.ps1
@@ -1585,7 +1585,7 @@ function Get-RegAutoLogon {
 }   
 
 
-function Get-VulnAutoRun {
+function Get-VulnAutoRun2 {
 <#
     .SYNOPSIS
 
@@ -1607,7 +1607,9 @@ function Get-VulnAutoRun {
                             "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunService",
                             "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceService",
                             "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunService",
-                            "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceService"
+                            "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceService",
+                            "HKCU:\Software\Microsoft\Windows\CurrentVersion\Run",
+                            "HKCU:\Software\Microsoft\Windows\CurrentVersion\RunOnce"
                         )
 
     $OrigError = $ErrorActionPreference