前言:最近好几个应急中毒事件,都不知道这群人上班在干什么。分享一个windows快速排查取证的小脚本。
@echo offmkdir C:ProgramDataquzhengnet user C:ProgramDataquzhenguser.txttasklistC:ProgramDataquzhengtasklist.txtnetstat -anoC:ProgramDataquzhengport.txtSCHTASKSC:ProgramDataquzhengrenwujihua.txtsc queryC:ProgramDataquzhengsercives.txtdir /s /b C:ProgramDataquzhengdirs.txtreg query HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionrun /sC:ProgramDataquzhengreg.txtreg query HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionrun /sC:ProgramDataquzhengreg.txtreg query HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerrun /sC:ProgramDataquzhengreg.txtreg query HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerrun /sC:ProgramDataquzhengreg.txtreg query HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices /s C:ProgramDataquzhengreg.txtreg query HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServices /sC:ProgramDataquzhengreg.txtreg query HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce /sC:ProgramDataquzhengreg.txtreg query HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce /sC:ProgramDataquzhengreg.txtreg query HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServicesOnce /s C:ProgramDataquzhengreg.txtreg query HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServicesOnce /sC:ProgramDataquzhengreg.txtreg query HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogonUserinit /sC:ProgramDataquzhengreg.txtreg query HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun /sC:ProgramDataquzhengreg.txtreg query HKEY_CURRENT_USERSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun /s C:ProgramDataquzhengreg.txtwevtutil epl System C:ProgramDataquzhengsystem.evtxwevtutil epl Application C:ProgramDataquzhengApplication.evtxwevtutil epl Security C:ProgramDataquzhengSecurity.evtxwevtutil epl Windows PowerShell C:ProgramDataquzhengpowershell.evtxwevtutil epl Microsoft-Windows-WMI-Activity/Operational C:ProgramDataquzhengWMI.evtxecho "查鲁特 帅哥" C:ProgramDataquzhengxroot_shuaige.txtecho "查鲁特 真帅" C:ProgramDataquzhengxroot_shuaige.txtecho "查鲁特 帅到掉渣" C:ProgramDataquzhengxroot_shuaige.txt
。:.゚ヽ(。◕‿◕。)ノ゚.:。+゚防盗专用。:.゚ヽ(。◕‿◕。)ノ゚.:。+゚
^_^文章来源:微信公众号(边界骇客) ^_^ ^_^
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...