RUN AS LOCALSYSTEM USER
EDITABLE PARAMETERS:
this script has been scanned with virustotal.com and xcitium verdict cloud.
PYTHON SCRIPT FILE SHA1 VALUE - aa16a70b00d3564448623a45c0e5631d88224463
JSON FILE SHA1 VALUE - 3200c37ba55110c462b2c201d50d8b21644e5112
directories = ["foldername_1", "foldername_2", "foldername_3"]
import os
from subprocess import PIPE, Popen
import ctypes
class disable_file_system_redirection:
_disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
_revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
def __enter__(self):
self.old_value = ctypes.c_long()
self.success = self._disable(ctypes.byref(self.old_value))
def __exit__(self, type, value, traceback):
if self.success:
self._revert(self.old_value)
lc_directories = [i.lower() for i in directories]
found_directories_ls = []
with disable_file_system_redirection():
disks = os.popen('wmic logicaldisk get name | findstr /v "Name"').read().strip().split()
for disk in disks:
for root, dirs, files in os.walk(disk + "\\"):
found_Dirs = filter(lambda x: x if x.lower() in lc_directories else False, dirs)
if found_Dirs:
found_Dirs_ls = list(map(lambda x: root+"\\"+x, found_Dirs))
found_directories_ls.extend(found_Dirs_ls)
if found_directories_ls:
print("Found these Directories shown below:")
print("\n".join(found_directories_ls))
else:
print("couldn't find any of the given directories")
Comments