├── .assets ├── image-20210910142318432.png ├── image-20210910142336418.png ├── image-20210910155801185.png └── image-20210910161924862.png ├── README.md ├── arichive2tools └── Ddun │ └── d_safe_2.1.6.1_0705.zip ├── main ├── 7z.dll ├── 7zG.exe ├── auto_temp.cmd ├── choice.exe ├── choosetools.cmd ├── evtx │ ├── 1149.cmd │ ├── 24-25.cmd │ ├── 4624.cmd │ ├── 4625.cmd │ ├── 4648.cmd │ ├── 7036-45.cmd │ ├── logparser语法示例 │ │ ├── 1149rdp列字段分析.txt │ │ ├── 2425remote列字段分析.txt │ │ ├── 4624数据分布.txt │ │ ├── 4625数据分布.txt │ │ ├── 4648数据分布.txt │ │ └── 7036服务开启停止项.txt │ └── parser.cmd ├── forfiles.exe ├── init.bat ├── killvir1.0.cmd ├── vir │ ├── 3601.txt │ ├── ascii.cmd │ ├── temp.txt │ ├── wannacry.cmd │ ├── wannamine2.0.cmd │ ├── wannamine3.0.cmd │ ├── wannamine3.txt │ ├── wannamine4.txt │ └── watchdogs.txt ├── wmicprocess.txt ├── yara64.exe ├── yara_rules │ └── webshells.bin ├── yarac64.exe ├── 应急响应1.0.cmd ├── 隔离-一键关闭高危端口choice版.bat └── 隔离-一键关闭高危端口set版-1.1.bat └── tools ├── Autoruns ├── Autoruns.exe ├── Autoruns64.dll ├── Autoruns64.exe ├── Autoruns64a.dll ├── Autoruns64a.exe ├── Eula.txt ├── autoruns.chm ├── autorunsc.exe ├── autorunsc64.exe └── autorunsc64a.exe ├── Ddun ├── D_Safe_Manage.exe ├── Modules │ ├── d_manage.dll │ ├── d_manage.exe │ └── ws_lib.db ├── Rule │ └── v2_Rule.dat ├── up │ └── d_safe_up.exe ├── x32 │ ├── load_manage.dll │ └── web_safe.dll └── x64 │ ├── load_manage.dll │ └── web_safe.dll ├── Logparser ├── 1149rdp列字段分析.txt ├── 2425remote列字段分析.txt ├── 4624数据分布.txt ├── 4625数据分布.txt ├── 4648数据分布.txt ├── 7036服务开启停止项.txt ├── COM │ ├── ILogParserInputContext.hxx │ └── Readme.htm ├── EULA.rtf ├── LogParser.chm ├── LogParser.dll ├── LogParser.exe └── Samples │ ├── COM │ ├── BooksXML │ │ ├── AssemblyInfo.cs │ │ ├── Readme.htm │ │ ├── XMLInputFormat.cs │ │ ├── XMLInputFormat.snk │ │ └── books.xml │ ├── ProcessesInputFormat │ │ ├── ClassFactory.h │ │ ├── ILogParserInputContext.hxx │ │ ├── Main.cpp │ │ ├── ProcessesInputContext.cpp │ │ ├── ProcessesInputContext.def │ │ ├── ProcessesInputContext.h │ │ ├── Readme.htm │ │ └── makefile │ └── QFE │ │ ├── QFE.wsc │ │ └── Readme.htm │ ├── Queries │ ├── AppPools.sql │ ├── AspErrors.sql │ ├── AuthFailures.sql │ ├── BytesPerSec.sql │ ├── ClientUrls.sql │ ├── Errors.sql │ ├── EventIDDistrib.sql │ ├── ExtensionByte.sql │ ├── Extensions.sql │ ├── FilenameLengths.sql │ ├── HiddenFiles.sql │ ├── LogonFailureStats.sql │ ├── LogonFailures.sql │ ├── LogonSuccesses.sql │ ├── Readme.htm │ ├── RequestsPerHour.sql │ ├── StatusSubStatusCount.sql │ ├── Top20URIs.sql │ ├── Top20Verbs.sql │ ├── UrlScanComments.sql │ ├── VirtualDirWrite.sql │ └── Words.sql │ ├── Scripts │ ├── BlockNimda.vbs │ ├── DumpTraceReqs.js │ ├── DumpTraceReqs_RTM.js │ ├── ErrorCodes.js │ ├── FindSlowFilters.js │ ├── GetTraceRequestTimes_RTM.js │ ├── HackerScan.js │ ├── HackerScan.txt │ ├── LogonMonitor.vbs │ ├── Mimemaps.js │ └── VDirHits.js │ ├── TemplateFiles │ ├── ASPErrors.sql │ ├── ASPErrors.tpl │ ├── EventLogs.sql │ ├── EventLogs.tpl │ ├── Readme.htm │ ├── ReferBrokenLinks.sql │ ├── ReferBrokenLinks.tpl │ ├── StatusCodes.sql │ ├── StatusCodes.tpl │ ├── Tinyget.sql │ ├── Tinyget.tpl │ ├── WCat.sql │ └── WCat.tpl │ └── XML │ ├── Query.sql │ ├── Readme.htm │ └── Table.xsl └── Windows_Collector_v1106_NEW ├── SglabIr_Collector_X64.exe ├── SglabIr_Collector_X86.exe └── startup.bat /.assets/image-20210910142318432.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/.assets/image-20210910142318432.png -------------------------------------------------------------------------------- /.assets/image-20210910142336418.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/.assets/image-20210910142336418.png -------------------------------------------------------------------------------- /.assets/image-20210910155801185.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/.assets/image-20210910155801185.png -------------------------------------------------------------------------------- /.assets/image-20210910161924862.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/.assets/image-20210910161924862.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/README.md -------------------------------------------------------------------------------- /arichive2tools/Ddun/d_safe_2.1.6.1_0705.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/arichive2tools/Ddun/d_safe_2.1.6.1_0705.zip -------------------------------------------------------------------------------- /main/7z.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/7z.dll -------------------------------------------------------------------------------- /main/7zG.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/7zG.exe -------------------------------------------------------------------------------- /main/auto_temp.cmd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/auto_temp.cmd -------------------------------------------------------------------------------- /main/choice.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/choice.exe -------------------------------------------------------------------------------- /main/choosetools.cmd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/choosetools.cmd -------------------------------------------------------------------------------- /main/evtx/1149.cmd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/evtx/1149.cmd -------------------------------------------------------------------------------- /main/evtx/24-25.cmd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/evtx/24-25.cmd -------------------------------------------------------------------------------- /main/evtx/4624.cmd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/evtx/4624.cmd -------------------------------------------------------------------------------- /main/evtx/4625.cmd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/evtx/4625.cmd -------------------------------------------------------------------------------- /main/evtx/4648.cmd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/evtx/4648.cmd -------------------------------------------------------------------------------- /main/evtx/7036-45.cmd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/evtx/7036-45.cmd -------------------------------------------------------------------------------- /main/evtx/logparser语法示例/1149rdp列字段分析.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/evtx/logparser语法示例/1149rdp列字段分析.txt -------------------------------------------------------------------------------- /main/evtx/logparser语法示例/2425remote列字段分析.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/evtx/logparser语法示例/2425remote列字段分析.txt -------------------------------------------------------------------------------- /main/evtx/logparser语法示例/4624数据分布.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/evtx/logparser语法示例/4624数据分布.txt -------------------------------------------------------------------------------- /main/evtx/logparser语法示例/4625数据分布.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/evtx/logparser语法示例/4625数据分布.txt -------------------------------------------------------------------------------- /main/evtx/logparser语法示例/4648数据分布.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/evtx/logparser语法示例/4648数据分布.txt -------------------------------------------------------------------------------- /main/evtx/logparser语法示例/7036服务开启停止项.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/evtx/logparser语法示例/7036服务开启停止项.txt -------------------------------------------------------------------------------- /main/evtx/parser.cmd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/evtx/parser.cmd -------------------------------------------------------------------------------- /main/forfiles.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/forfiles.exe -------------------------------------------------------------------------------- /main/init.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/init.bat -------------------------------------------------------------------------------- /main/killvir1.0.cmd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/killvir1.0.cmd -------------------------------------------------------------------------------- /main/vir/3601.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/vir/3601.txt -------------------------------------------------------------------------------- /main/vir/ascii.cmd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/vir/ascii.cmd -------------------------------------------------------------------------------- /main/vir/temp.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/vir/temp.txt -------------------------------------------------------------------------------- /main/vir/wannacry.cmd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/vir/wannacry.cmd -------------------------------------------------------------------------------- /main/vir/wannamine2.0.cmd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/vir/wannamine2.0.cmd -------------------------------------------------------------------------------- /main/vir/wannamine3.0.cmd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/vir/wannamine3.0.cmd -------------------------------------------------------------------------------- /main/vir/wannamine3.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/vir/wannamine3.txt -------------------------------------------------------------------------------- /main/vir/wannamine4.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/vir/wannamine4.txt -------------------------------------------------------------------------------- /main/vir/watchdogs.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /main/wmicprocess.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/wmicprocess.txt -------------------------------------------------------------------------------- /main/yara64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/yara64.exe -------------------------------------------------------------------------------- /main/yara_rules/webshells.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/yara_rules/webshells.bin -------------------------------------------------------------------------------- /main/yarac64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/yarac64.exe -------------------------------------------------------------------------------- /main/应急响应1.0.cmd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/应急响应1.0.cmd -------------------------------------------------------------------------------- /main/隔离-一键关闭高危端口choice版.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/隔离-一键关闭高危端口choice版.bat -------------------------------------------------------------------------------- /main/隔离-一键关闭高危端口set版-1.1.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/main/隔离-一键关闭高危端口set版-1.1.bat -------------------------------------------------------------------------------- /tools/Autoruns/Autoruns.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Autoruns/Autoruns.exe -------------------------------------------------------------------------------- /tools/Autoruns/Autoruns64.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Autoruns/Autoruns64.dll -------------------------------------------------------------------------------- /tools/Autoruns/Autoruns64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Autoruns/Autoruns64.exe -------------------------------------------------------------------------------- /tools/Autoruns/Autoruns64a.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Autoruns/Autoruns64a.dll -------------------------------------------------------------------------------- /tools/Autoruns/Autoruns64a.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Autoruns/Autoruns64a.exe -------------------------------------------------------------------------------- /tools/Autoruns/Eula.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Autoruns/Eula.txt -------------------------------------------------------------------------------- /tools/Autoruns/autoruns.chm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Autoruns/autoruns.chm -------------------------------------------------------------------------------- /tools/Autoruns/autorunsc.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Autoruns/autorunsc.exe -------------------------------------------------------------------------------- /tools/Autoruns/autorunsc64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Autoruns/autorunsc64.exe -------------------------------------------------------------------------------- /tools/Autoruns/autorunsc64a.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Autoruns/autorunsc64a.exe -------------------------------------------------------------------------------- /tools/Ddun/D_Safe_Manage.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Ddun/D_Safe_Manage.exe -------------------------------------------------------------------------------- /tools/Ddun/Modules/d_manage.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Ddun/Modules/d_manage.dll -------------------------------------------------------------------------------- /tools/Ddun/Modules/d_manage.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Ddun/Modules/d_manage.exe -------------------------------------------------------------------------------- /tools/Ddun/Modules/ws_lib.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Ddun/Modules/ws_lib.db -------------------------------------------------------------------------------- /tools/Ddun/Rule/v2_Rule.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Ddun/Rule/v2_Rule.dat -------------------------------------------------------------------------------- /tools/Ddun/up/d_safe_up.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Ddun/up/d_safe_up.exe -------------------------------------------------------------------------------- /tools/Ddun/x32/load_manage.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Ddun/x32/load_manage.dll -------------------------------------------------------------------------------- /tools/Ddun/x32/web_safe.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Ddun/x32/web_safe.dll -------------------------------------------------------------------------------- /tools/Ddun/x64/load_manage.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Ddun/x64/load_manage.dll -------------------------------------------------------------------------------- /tools/Ddun/x64/web_safe.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Ddun/x64/web_safe.dll -------------------------------------------------------------------------------- /tools/Logparser/1149rdp列字段分析.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/1149rdp列字段分析.txt -------------------------------------------------------------------------------- /tools/Logparser/2425remote列字段分析.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/2425remote列字段分析.txt -------------------------------------------------------------------------------- /tools/Logparser/4624数据分布.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/4624数据分布.txt -------------------------------------------------------------------------------- /tools/Logparser/4625数据分布.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/4625数据分布.txt -------------------------------------------------------------------------------- /tools/Logparser/4648数据分布.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/4648数据分布.txt -------------------------------------------------------------------------------- /tools/Logparser/7036服务开启停止项.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/7036服务开启停止项.txt -------------------------------------------------------------------------------- /tools/Logparser/COM/ILogParserInputContext.hxx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/COM/ILogParserInputContext.hxx -------------------------------------------------------------------------------- /tools/Logparser/COM/Readme.htm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/COM/Readme.htm -------------------------------------------------------------------------------- /tools/Logparser/EULA.rtf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/EULA.rtf -------------------------------------------------------------------------------- /tools/Logparser/LogParser.chm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/LogParser.chm -------------------------------------------------------------------------------- /tools/Logparser/LogParser.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/LogParser.dll -------------------------------------------------------------------------------- /tools/Logparser/LogParser.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/LogParser.exe -------------------------------------------------------------------------------- /tools/Logparser/Samples/COM/BooksXML/AssemblyInfo.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/COM/BooksXML/AssemblyInfo.cs -------------------------------------------------------------------------------- /tools/Logparser/Samples/COM/BooksXML/Readme.htm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/COM/BooksXML/Readme.htm -------------------------------------------------------------------------------- /tools/Logparser/Samples/COM/BooksXML/XMLInputFormat.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/COM/BooksXML/XMLInputFormat.cs -------------------------------------------------------------------------------- /tools/Logparser/Samples/COM/BooksXML/XMLInputFormat.snk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/COM/BooksXML/XMLInputFormat.snk -------------------------------------------------------------------------------- /tools/Logparser/Samples/COM/BooksXML/books.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/COM/BooksXML/books.xml -------------------------------------------------------------------------------- /tools/Logparser/Samples/COM/ProcessesInputFormat/ClassFactory.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/COM/ProcessesInputFormat/ClassFactory.h -------------------------------------------------------------------------------- /tools/Logparser/Samples/COM/ProcessesInputFormat/ILogParserInputContext.hxx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/COM/ProcessesInputFormat/ILogParserInputContext.hxx -------------------------------------------------------------------------------- /tools/Logparser/Samples/COM/ProcessesInputFormat/Main.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/COM/ProcessesInputFormat/Main.cpp -------------------------------------------------------------------------------- /tools/Logparser/Samples/COM/ProcessesInputFormat/ProcessesInputContext.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/COM/ProcessesInputFormat/ProcessesInputContext.cpp -------------------------------------------------------------------------------- /tools/Logparser/Samples/COM/ProcessesInputFormat/ProcessesInputContext.def: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/COM/ProcessesInputFormat/ProcessesInputContext.def -------------------------------------------------------------------------------- /tools/Logparser/Samples/COM/ProcessesInputFormat/ProcessesInputContext.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/COM/ProcessesInputFormat/ProcessesInputContext.h -------------------------------------------------------------------------------- /tools/Logparser/Samples/COM/ProcessesInputFormat/Readme.htm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/COM/ProcessesInputFormat/Readme.htm -------------------------------------------------------------------------------- /tools/Logparser/Samples/COM/ProcessesInputFormat/makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/COM/ProcessesInputFormat/makefile -------------------------------------------------------------------------------- /tools/Logparser/Samples/COM/QFE/QFE.wsc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/COM/QFE/QFE.wsc -------------------------------------------------------------------------------- /tools/Logparser/Samples/COM/QFE/Readme.htm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/COM/QFE/Readme.htm -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/AppPools.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/AppPools.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/AspErrors.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/AspErrors.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/AuthFailures.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/AuthFailures.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/BytesPerSec.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/BytesPerSec.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/ClientUrls.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/ClientUrls.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/Errors.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/Errors.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/EventIDDistrib.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/EventIDDistrib.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/ExtensionByte.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/ExtensionByte.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/Extensions.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/Extensions.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/FilenameLengths.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/FilenameLengths.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/HiddenFiles.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/HiddenFiles.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/LogonFailureStats.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/LogonFailureStats.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/LogonFailures.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/LogonFailures.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/LogonSuccesses.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/LogonSuccesses.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/Readme.htm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/Readme.htm -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/RequestsPerHour.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/RequestsPerHour.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/StatusSubStatusCount.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/StatusSubStatusCount.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/Top20URIs.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/Top20URIs.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/Top20Verbs.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/Top20Verbs.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/UrlScanComments.sql: -------------------------------------------------------------------------------- 1 | SELECT DISTINCT Comment 2 | FROM URLSCAN -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/VirtualDirWrite.sql: -------------------------------------------------------------------------------- 1 | SELECT ObjectPath 2 | FROM IIS://localhost/W3SVC 3 | WHERE BIT_AND(AccessFlags, 0x02) <> 0 4 | -------------------------------------------------------------------------------- /tools/Logparser/Samples/Queries/Words.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Queries/Words.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/Scripts/BlockNimda.vbs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Scripts/BlockNimda.vbs -------------------------------------------------------------------------------- /tools/Logparser/Samples/Scripts/DumpTraceReqs.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Scripts/DumpTraceReqs.js -------------------------------------------------------------------------------- /tools/Logparser/Samples/Scripts/DumpTraceReqs_RTM.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Scripts/DumpTraceReqs_RTM.js -------------------------------------------------------------------------------- /tools/Logparser/Samples/Scripts/ErrorCodes.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Scripts/ErrorCodes.js -------------------------------------------------------------------------------- /tools/Logparser/Samples/Scripts/FindSlowFilters.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Scripts/FindSlowFilters.js -------------------------------------------------------------------------------- /tools/Logparser/Samples/Scripts/GetTraceRequestTimes_RTM.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Scripts/GetTraceRequestTimes_RTM.js -------------------------------------------------------------------------------- /tools/Logparser/Samples/Scripts/HackerScan.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Scripts/HackerScan.js -------------------------------------------------------------------------------- /tools/Logparser/Samples/Scripts/HackerScan.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Scripts/HackerScan.txt -------------------------------------------------------------------------------- /tools/Logparser/Samples/Scripts/LogonMonitor.vbs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Scripts/LogonMonitor.vbs -------------------------------------------------------------------------------- /tools/Logparser/Samples/Scripts/Mimemaps.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Scripts/Mimemaps.js -------------------------------------------------------------------------------- /tools/Logparser/Samples/Scripts/VDirHits.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/Scripts/VDirHits.js -------------------------------------------------------------------------------- /tools/Logparser/Samples/TemplateFiles/ASPErrors.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/TemplateFiles/ASPErrors.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/TemplateFiles/ASPErrors.tpl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/TemplateFiles/ASPErrors.tpl -------------------------------------------------------------------------------- /tools/Logparser/Samples/TemplateFiles/EventLogs.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/TemplateFiles/EventLogs.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/TemplateFiles/EventLogs.tpl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/TemplateFiles/EventLogs.tpl -------------------------------------------------------------------------------- /tools/Logparser/Samples/TemplateFiles/Readme.htm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/TemplateFiles/Readme.htm -------------------------------------------------------------------------------- /tools/Logparser/Samples/TemplateFiles/ReferBrokenLinks.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/TemplateFiles/ReferBrokenLinks.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/TemplateFiles/ReferBrokenLinks.tpl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/TemplateFiles/ReferBrokenLinks.tpl -------------------------------------------------------------------------------- /tools/Logparser/Samples/TemplateFiles/StatusCodes.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/TemplateFiles/StatusCodes.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/TemplateFiles/StatusCodes.tpl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/TemplateFiles/StatusCodes.tpl -------------------------------------------------------------------------------- /tools/Logparser/Samples/TemplateFiles/Tinyget.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/TemplateFiles/Tinyget.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/TemplateFiles/Tinyget.tpl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/TemplateFiles/Tinyget.tpl -------------------------------------------------------------------------------- /tools/Logparser/Samples/TemplateFiles/WCat.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/TemplateFiles/WCat.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/TemplateFiles/WCat.tpl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/TemplateFiles/WCat.tpl -------------------------------------------------------------------------------- /tools/Logparser/Samples/XML/Query.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/XML/Query.sql -------------------------------------------------------------------------------- /tools/Logparser/Samples/XML/Readme.htm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/XML/Readme.htm -------------------------------------------------------------------------------- /tools/Logparser/Samples/XML/Table.xsl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Logparser/Samples/XML/Table.xsl -------------------------------------------------------------------------------- /tools/Windows_Collector_v1106_NEW/SglabIr_Collector_X64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Windows_Collector_v1106_NEW/SglabIr_Collector_X64.exe -------------------------------------------------------------------------------- /tools/Windows_Collector_v1106_NEW/SglabIr_Collector_X86.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Windows_Collector_v1106_NEW/SglabIr_Collector_X86.exe -------------------------------------------------------------------------------- /tools/Windows_Collector_v1106_NEW/startup.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xbinibini/emergency_response_batch/HEAD/tools/Windows_Collector_v1106_NEW/startup.bat --------------------------------------------------------------------------------