Helpful Navigation Toolbar

Tuesday, February 11, 2014

Small update to Windows Live Response tools


Good news everyone!! I added PeStudio 8.06 and Last Activity View to the latest version of the Windows Live Response tools. Last Activity View runs without any user interaction when run as an Administrator, so I put it in that section of the batch script rather than having it run in the non-Administrative privileges portion.

For more about PeStudio please click here
For more about Last Activity View please click here

Last Activity View seems to add some additional Unicode characters into the output from time to time so it is not 100% reliable, but it can help give you some insight to what activities occurred on the system(s) prior to running the Windows Live Response tools.


Browsing to the Chewbacca malware, as seen with Last Activity View





LiveResponseCollection-Cedarpelta.zip - download here 

MD5: fb53258f180407a836ae9bcd1e4d757d
SHA256: 6e37189598f3d67458ef98605dca916941a12d4c9c73db102c58782ad05fb3b
Updated: April 11, 2019





No comments:

Post a Comment