Changes in Sysinternals Suite 2021.06.22: RDCMan v2.8 - RDCMan, a utility for managing multiple remote desktop connections, is now part of the Sysinternals family of tools! AccessChk v6.14 - This AccessChk version adds support for NULL DACL reporting. Process Monitor v3.83 - ProcMon v3.83 fixes some rendering bugs in event properties and brings Ctrl+A and Ctrl+C support for edit boxes in the event properties dialog. Strings v2.54 - This Strings update improves handling of files containing long strings. Sysmon v13.22 - This Sysmon update improves performance for rule processing and fixes a bug that may truncate large sub-rule expressions. TCPView v4.13 - This TCPView update fixes a bug with connection state filtering. https://www.neowin.net/news/sysinternals-suite-20210622/
Remote Desktop Connection Manager launches on official Sysinternals download site June 24, 2021 https://www.neowin.net/news/remote-...nches-on-official-sysinternals-download-site/
Sysinternals Suite (July 27, 2021) https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite These applications have been updated:
Show the number of TCP connections for every Windows process 28/07/2021 Update: ProcessTCPSummary v1.15
Sysinternals Suite (August 18, 2021) https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite These applications have been updated:
That went over my head @Spartan. Known DLL files tab by chance? Scheduled Tasks TAB is missing many entries on this version here for sure on 8 for me. Unchecked ALL Hides. Only 4 showing Reverting to older version.
hi it doesn't want to start v14 is there a way to download the previous one 13.98 or 13.100 from the official page? i dont' remember the last v13.xx version thanks
hi thanks , might you provide the hash if you have an older version ? the only way i got malware was from filehippo and softpedia
autoruns.exe MD5 46cf67d92e94368b7af3783b9e510043 SHA-1 2ae5fb6595738e057649e1ed7c4f0bd15ef3ebcc SHA-256 b1d3862e14fa5d627ac229f3707c0640c3a95dff192a204d2969f2bd72546b5b Vhash 075056655d155562b0806041900953z41z6075z904006803dz ------------------ autoruns64.exe MD5 42929d764848836d283497daf9947866 SHA-1 bd7acf9c899f96e19e01625d7e06c588f3528922 SHA-256 2b5c20d794649503df48d0c6fecad3de8afe6c85933268bd6ac9d5a946c20d80 Vhash 075076655d1555155552602010409007c3z81z6075z302001503dz
hi @anon autoruns.exe is ok autoruns64.exe not it's different i have MD5: D2AD29727795597B162450B66855E1BB SHA-1: 68A535DAD712D542C7F3E89BE3E0CBB1687CFB75 SHA-256: ED13A015A9426CA096CFC8EE8105FBA266D2B4E9179B9D95FF1B6009CBEF90A8 thanks
Hi @stapp and the 32bit MD5: 46CF67D92E94368B7AF3783B9E510043 SHA-1: 2AE5FB6595738E057649E1ED7C4F0BD15EF3EBCC SHA-256: B1D3862E14FA5D627AC229F3707C0640C3A95DFF192A204D2969F2BD72546B5B thank you , well I will keep it the 64bit too , appreciate it
Executables are much larger than in previous version so they might have transferred code from dll to exe.
From Web Archives: (2021.07.20) Code: https://web.archive.org/web/20210720011610/https://download.sysinternals.com/files/SysinternalsSuite.zip
Not onl Not only that, a lot of the other tabs don't show anything or less entries on my system compared to the previous version: Known Dlls, Scheduled Tasks, Services, etc. Looks like the Hide Microsoft Entries is enabled even if unchecked in the options.
I agree, the latest version of Autoruns (14) doesn't work as intended. 1. If the ARN log is grabbed with the latest version, and you are trying to open it with the previous version, it says that the ARN file is corrupt. So there is some kind of incompatibility between the old and the latest version. 2. ARN log file can't be open with double click anymore. It's starting scanning your own system... It should be loaded via Autoruns64 => File => Open. 3. Virustotal does not work in Autoruns 14.0 - It is reported here => https://docs.microsoft.com/en-us/an...virustotal-does-not-work-in-autoruns-140.html and the registry settings mentioned here are OK => https://social.technet.microsoft.co...fb7556e6061d/virus-total-blank?forum=autoruns 4. Some items cannot be disabled with the latest version as mentioned here => https://techcommunity.microsoft.com...heme-updates/bc-p/2678172/highlight/true#M402 On my system, it was unable to disable the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers (Adobe Type Manager) and I deleted it manually. As someone said: "wow, the executable is over 3x bigger, looks worse, changed some hotkeys and doesn’t really work…" I am returning to the previous one till this is fixed. Sadly but 13.100 has his own problems as well: https://techcommunity.microsoft.com/t5/sysinternals-blog/autoruns-v13-100/ba-p/2282998
Thanks a lot for the info, @B-boy/StyLe/ I thought it was just me. I don't use Autoruns often, so I will just stick with v14.0 and wait for an update.