Shulou(Shulou.com)06/01 Report--

The test found that there are still a lot of problems, continue to improve, welcome your suggestions, rookie study

:: forensics emergency script v2.0 antiy_process.htmldel antiy_process.htmldel 2018 / 5/02del c:\ antiy_information.txtdel c:\ antiy_process.htmldel c:\ antiy_startup.csvchcp 65001@echo * * > c:\ antiy_information.txt@echo * Antiy Information Gathering * > c:\ antiy_information.txt@echo * * > c:\ antiy_information.txt:: does not display the command line itself @ echo off:: to get the system time echo * * * System time * * > > c:\ antiy_information.txtdate / t > > c:\ antiy_information.txttime / t > > c:\ antiy_information.txtecho Get system time sucessful echo: user group information echo * * User Information * * * * > > c:\ antiy_information.txtnet user > > c:\ antiy_information.txtecho * User Group**net localgroup > > c:\ antiy_information.txtecho * Localgroup administrators**net localgroup administrators > > c:\ antiy_information.txt:: file sharing information echo * * File Share * * * > > c:\ antiy_information.txtnet share > > c:\ antiy_information.txt:: get host information echo * * HOST Name * * > c:\ antiy_information.txthostname > > c:\ antiy_information.txtecho * * * User Name * * > c:\ antiy_information.txtwhoami > > c:\ antiy_information.txtecho * * System Version * * > > c:\ antiy_information.txtver > > c:\ antiy_information.txtecho Get system information successful echo: get the process and corresponding network information echo * process > > c :\ antiy_information.txtnetstat-bno > > c:\ antiy_information.txtecho Get Process Path And Net Information sucessful echo: process information acquisition echo * Get Process Information (taskkill) * * > c:\ antiy_information.txttasklist > > c:\ antiy_information.txtecho Get Process Information sucessful villa: network information acquisition echo * * * Get net config inforemation * * > > c:\ antiy_information.txtipconfig > > c:\ antiy_information.txtecho Get net config Information sucessful echo: get network connection * Get net connection inforemation * * > > c:\ antiy_information.txtnetstat-ano > > c:\ antiy_information.txtecho Get net connection Information success process path obtain echo * * WMIC PPROCESS Path** * > > c:\ antiy_information.txtwmic process list full / format:hform > > c:\ antiy_process.html::wmic process list brief / format:hform > > c:\ antiy_information.html::wmic process get description Executablepath,CommandLine,ProcessId,ParentProcessId / format:hform > > c:\ antiy_information2.csvwmic process get executablepath ProcessId > > c:\ antiy_executablepath.csvecho WMIC PPROCESS Path sucessful wmic startup: startup item wmic startup > > c:\ antiy_startup.csvecho Get startup inforemation sucessful wmic startup: schedule task echo * * Successful wmic startup > > c: \ antiy_information.txtschtasks / query / FO LIST / V > > c:\ antiy_information.txtecho Get tasklist sucessful echo: service echo * * Services LIST** > > c:\ antiy_information.txttasklist / svc > > c:\ antiy_information.txtsc query State=all > > c:\ antiy_information.txtecho Get services list success echo echo * * DNS Information** > > c:\ antiy_information.txtipconfig / displaydns > > c:\ antiy_information.txtecho Get DNS Information success echo logs save to C:\ antiy_*.* path.pause

Several problems found at present

(1) too many services and planned tasks are easy to be inundated normally.

(2) the files found do not have more information, such as the last modification time.

Let's call it a day. Update again when you have time.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.