Return the memory dump file script

Follow these instructions to run files using the D2Winpmem automation.
You can run files using the D2Winpmem automation, which returns the memory dump file to the War Room. Useful when dealing with any type of malware. You can use this for both shared agents and D2 agents.
  1. Go to the
    Automations
    page and search for
    D2Winpmem
    automation.
  2. Select
    Copy Script
    .
  3. In the
    //+winpmem/winpmem_2.0.1.exe
    line in the script, change it to the file you want to run. For example,
    //+New-collectorD2/New-collectorD2.bat
  4. In the
    var exename = 'winpmem_2.0.1.exe';
    line write the file you want to execute.
  5. In the
    var dumpFile
    add the file you want to run.
    //+New-collectorD2/New-collectorD2.bat // { if (env.OS !== 'windows') { throw ('script can only run on Windows'); } var arch = wmi_query('select OSArchitecture from win32_operatingsystem')[0].OSArchitecture; var exename = 'Testd2.bat'; var dumpFile = env.TEMP+ '\\New-collectorD2.bat'; var output = execute('cmd /c dir /s ' + env.TEMP , 30); // 10 minutes timeout pack(output); //if (output.Success) { // pack_file(dumpFile); // del(dumpFile); // } else { // throw output.Error; //} // pack('Winpmem failed: ' + ex); //}
  6. Click
    Save
    .

Recommended For You