bootshell

$ target-query <path/to/target> -f bootshell

Details

Module	os.windows.generic.GenericPlugin
Output	records

Module documentation

Generic Windows plugin.

Provides some plugins that don’t fit in a separate plugin.

Function documentation

Return the BootShell registry key entry.

Usually contains a path to bootim.exe which is Windows’s recovery menu. This registry key can be used as a persistence mechanism.