[SNIPPET] Remove last run entry

[9o3]

As of now, most payloads simply remove the entire RunMRU history. This however may be noticed by a user that regularly uses the run dialog.
Instead removing just the last entry can be done like so:
 

#Remove latest run entry
$p="HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU";$m="MRUList";$l=(gp $p).$m;rp $p $l[0];sp $p $m $l.SubString(1);

Let's break it down:
First we grab a list of all entries in RunMRU MRUList: $l=(gp $p).$m

After this we remove the last entry by its key: rp $p $l[0]

Finally we update the MRUList to omit the remove key: sp $p $m $l.SubString(1) 

gp -> Get-ItemProperty                                                                                               
rp -> Remove-ItemProperty                                                                                            
sp -> Set-ItemProperty

I hope this can be useful to some of you.
~9o3

P.s.
I shortened the snippet as much as possible, however it's still a good idea to include this in a second stage if possible.