Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\DumpIt] 'ImagePath' = '<DRIVERS>\DumpIt.sys'
- '<SYSTEM32>\cmd.exe' /c ipconfig /displaydns > Output\VolatileInfo\Network\dnscache.txt
- '<SYSTEM32>\ipconfig.exe' /displaydns
- '<SYSTEM32>\cmd.exe' /c cscript.exe //nologo <SYSTEM32>\eventquery.vbs /l application /fo csv /nh /v /fi "Datetime gt 08/22/2016,12:00:00AM" /fi "Datetime lt 09/02/2016,11:59:59PM" > Output\SystemInfo\Logs\applicat...
- '<SYSTEM32>\ipconfig.exe' /all
- '<Current directory>\Dumpit.exe'
- '<SYSTEM32>\cmd.exe' /c echo off
- '<SYSTEM32>\cmd.exe' /c ipconfig /all > Output\VolatileInfo\Network\ipconfig.txt
- <Current directory>\Output\VolatileInfo\Network\ipconfig.txt
- <Current directory>\Output\VolatileInfo\Network\dnscache.txt
- <Current directory>\Output\SystemInfo\Logs\application.csv
- <Current directory>\Output\VolatileInfo\Network\netconn.txt
- <Current directory>\Dumpit.exe
- <DRIVERS>\DumpIt.sys
- <Current directory>\CRNJEUFU-20160902-191501.raw
- <DRIVERS>\DumpIt.sys
- 'localhost':445