Skip to content
/ Windows-Quarantine-Restructurizer Public

Rebuild and analyze Windows quarantine file structure after its downloaded by systems EDR solution

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PawelMierzwa/Windows-Quarantine-Restructurizer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
Help
Help
 
 
.gitignore
.gitignore
 
 
HXQA2.py
HXQA2.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Windows Quarantine Restructurizer/Analyzer

Unpacks archive with quarantine files and recreates the original file structure of the Windows quarantine folder
After the restructurizing is done, the script decodes the files and writes out the quarantined files' information
Optionally dump the machine info and the actual quarantined files

This project is designed to work with file dumps of the Windows Quarantine from EDR solutions, but it can be slightly changed to work in other implementations for sure.

Options:

Flag Full flag Param Definition
-p --password PASSWORD Archive password
-o --output OUTPUT_PATH Output files' path
-m --mode MODE Hash type to show (md5, sha1, sha256)
-d --dump Dump the recovered files
-i --info Dump system information of the quarantine owner

Prerequisites:

pip install prettytable pyzipper isodate

Credits:

About

Rebuild and analyze Windows quarantine file structure after its downloaded by systems EDR solution

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages