Good news everyone!! I added PeStudio 8.06 and Last Activity View to the latest version of the Windows Live Response tools. Last Activity View runs without any user interaction when run as an Administrator, so I put it in that section of the batch script rather than having it run in the non-Administrative privileges portion.
For more about PeStudio please click here
For more about Last Activity View please click here
Last Activity View seems to add some additional Unicode characters into the output from time to time so it is not 100% reliable, but it can help give you some insight to what activities occurred on the system(s) prior to running the Windows Live Response tools.
|Browsing to the Chewbacca malware, as seen with Last Activity View|
LiveResponseCollection-Cedarpelta.zip - download here
Updated: September 5, 2019
Post a Comment