End-of-Life (EoL)

Return the memory dump file script

Follow these instructions to run files using the D2Winpmem automation.
You can run files using the D2Winpmem automation, which returns the memory dump file to the War Room. Useful when dealing with any type of malware. You can use this for both shared agents and D2 agents.
  1. Go to the
    page and search for
  2. Select
    Copy Script
  3. In the
    line in the script, change it to the file you want to run. For example,
  4. In the
    var exename = 'winpmem_2.0.1.exe';
    line write the file you want to execute.
  5. In the
    var dumpFile
    add the file you want to run.
    //+New-collectorD2/New-collectorD2.bat // { if (env.OS !== 'windows') { throw ('script can only run on Windows'); } var arch = wmi_query('select OSArchitecture from win32_operatingsystem')[0].OSArchitecture; var exename = 'Testd2.bat'; var dumpFile = env.TEMP+ '\\New-collectorD2.bat'; var output = execute('cmd /c dir /s ' + env.TEMP , 30); // 10 minutes timeout pack(output); //if (output.Success) { // pack_file(dumpFile); // del(dumpFile); // } else { // throw output.Error; //} // pack('Winpmem failed: ' + ex); //}
  6. Click

Recommended For You