Huntress collects details about persistent (auto-starting) applications/files. We call these autoruns. The data collected includes:
- file meta-data (size, timestamp, hashes)
- the user account the autorun starts under
- how the autorun starts (registry value, task, service, etc.)
Huntress also collects auto-starting files it has not seen before. These files are used to help determine if an autorun is legitimate.
In addition to autorun data, we also collect details about the host, including:
- The version of the operating system and installed updates
- Network configuration (IP address, MAC address, hostname)