: The file must be in the same folder as the extraction executable.
Use Windows AppLocker or Windows Defender Application Control (WDAC) to prevent unauthorized scripts from running. Ensure that all administrative scripts are digitally signed by a trusted internal authority before deployment. Deploy Endpoint Detection and Response (EDR)
This write-up analyzes the script, a common filename used in both legitimate administrative contexts and malicious credential-harvesting activities. Executive Summary get-keys.bat
:export set /p regpath="Enter registry path (e.g., HKLM\Software): " set /p exportfile="Enter export filename (e.g., backup.reg): " reg export "%regpath%" "%exportfile%" echo Exported to %exportfile% pause goto menu
To safeguard your environment against malicious script execution, implement the following defenses: : The file must be in the same
echo Done. endlocal goto :eof
REM The 'skip=1' ignores the header line "OA3xOriginalProductKey". REM The second FOR loop is a trick to remove invisible trailing characters. FOR /F "skip=1" %%A IN ('WMIC Path SoftwareLicensingService GET OA3xOriginalProductKey') DO ( FOR %%B IN (%%A) DO SET "ProductKey=%%B" ) Deploy Endpoint Detection and Response (EDR) This write-up
Whether you are a helpdesk technician managing 500 PCs or a hobbyist rebuilding a vintage Windows 7 machine, the ability to extract a product key with a double-click is a superpower. Just remember: with great power comes great responsibility. Use get-keys.bat only on machines you own or have explicit permission to audit.
Keep Windows Defender or a third-party EDR active to catch known credential-stealing signatures.
Here are some common use cases for get-keys.bat :