Installation
Executing Remote Recon on a remote host is quite simple. You may use the Install-RemoteRecon function to do so. Each function accepts a ComputerName (required) and Credential parameter. In the Install-RemoteRecon function, all of the pre-defined registry values are created under the defined registry path. A WMI event subscription with an ActiveScriptEventConsumer is created, then triggered using a RegistryKeyChangeEvent. Once the jscript payload is executed, the event subscription is removed. Remote Recon will be running in the context of the scrcons.exe process as NT AUTHORITY\SYSTEM.
