Added some ASEPs

regexes.txt

@@ -23,5 +23,8 @@ Type,regex,string
 # Generic cvtres.exe alert, comment out if experiencing false positives
 0,\\cvtres\.exe.*,Resource File To COFF Object Conversion Utility cvtres.exe
 0,\\cvtres\.exe.*\\AppData\\Local\\Temp\\[A-Z0-9]{7}\.tmp,PSAttack-style command via cvtres.exe
+0,Register-ScheduledTask,Command referencing Register-ScheduledTask (possible ASEP)
+0,Software\\Microsoft\\Windows\\CurrentVersion\\Run,Reference to registry run key (possible ASEP)
+0,reg *add,Registry addition (possible ASEP)
 1,^[a-zA-Z]{22}$,Metasploit-style service name: 22 characters, [A-Za-z]
 1,^[a-zA-Z]{16}$,Metasploit-style service name: 16 characters, [A-Za-z]