diff --git a/malware-analysis_ref_and_memo.md b/malware-analysis_ref_and_memo.md index 23e16c6..5cf1e73 100644 --- a/malware-analysis_ref_and_memo.md +++ b/malware-analysis_ref_and_memo.md @@ -147,6 +147,15 @@ DFIR,マルウェア解析,OSINTに特化したUbuntuベースのディスト - RegShot - RegistryChangesView - CyberChef +- wql + - wqlで子プロセスの検索 + ``` +$procs=Start-Process "programname.exe" -PassThru +echo $procs.Id +$queryNameVersion="SELECT * FROM Win32_Process WHERE ParentProcessId=" + $procs.Id +$child_process=Get-WmiObject -Query $queryNameVersion +echo $child_process + ``` ### Online Sandbox |name|site|remarks|