.. / Gpscript.exe
Star

Used by group policy to process scripts


Paths:


Resources:
https://oddvar.moe/2018/04/27/gpscript-exe-another-lolbin-to-the-list/

Acknowledgement:
Oddvar Moe - @oddvarmoe


Detection:
Scripts added in local group policy
Execution of Gpscript.exe after logon



Execute

Executes logon scripts configured in Group Policy. 
Gpscript /logon
Usecase:Add local group policy logon script to execute file and hide from defensive counter measures
Privileges required:Administrator
OS:Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
Mitre:T1216



Executes startup scripts configured in Group Policy 
Gpscript /startup
Usecase:Add local group policy logon script to execute file and hide from defensive counter measures
Privileges required:Administrator
OS:Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
Mitre:T1216