Gregory's Server
**Реестр**
regedit
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
reg query HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
**Соединения**
netstat -ano
*Подозрительные файлы**
forfiles /D -10 /S /M *.exe /C "cmd /c echo @path"
forfiles /D -10 /S /M *.exe /C "cmd /c echo @ext @fname @fdate"
forfiles /p c: /S /D -10
**Настройки файрвола**
netsh firewall show config
netsh advfirewall show currentprofile
Get-NetFirewallRule | select DisplayName,Direction,Action,Enabled | Where-Object Enabled -eq $true | Sort-Object Direction, DisplayName | Format-Table -AutoSize
Get-NetFirewallProfile
**Сессии с другими узлами**
net use
net session
Get-SmbMapping
Get-SmbConnection
**Логи**
eventvwr.msc
Get-EventLog -List
Get-EventLog Application -After (Get-Date).AddHours(-2) | Format-Table -AutoSize
Get-EventLog System -After (Get-Date).AddHours(-2) | Format-Table -AutoSize
Get-EventLog System -After (Get-Date).AddHours(-2) | Where-Object {$_.Message -like "*Server*"}