- This batch script is meant to be run from a Windows command prompt.
- The script will copy registry entries commonly used by malware into a text file for analysis. It is meant to be used as a way to simplify searching for persistent objects that may be missed by AntiVirus/AntiMalware programs.
- Some registry keys may require admin rights to query.
C:>regscrape.bat
- This will create regscrape.txt in the same directory the script is run from, where you can evaluate for malicious entries/anomalies.
- Note that not all queries will return results.
- This is just a tool to help scoping of incidents. It not meant as a replacement for AntiVirus/AntiMalware software or legitimate forensics investigations.