Products & Services
We are testing RDR and now it seems that there is no good possibility to get out full cmd commands when incident is happenned. If we run long powershell script the last part of base64 is allways missing.
In the activity view you can also click on the command line text and this will display a popup where the full command line is available (you can either scroll or select and copy paste from there to see the full command):
Alternatively you can also click 3 times on the text. This will also select the full command which can be directly copied into the clipboard.
If I do that 3 click it will copy fields, but it not seems to be complete. As you can see bellow there are missing ") at the end of the line.
powershell.exe <hidden> FromBase64String(''H4sIAA4B3FwCA7VWbW/aSBD+nEj9D1aFhK0QjANpmkiVbs07wQnEQHgpOi322iysvWCvCdDrf78x2GmqJHftSWflZb07MzvzzDMzdiLfEpT7ki3KUUf69uH0pIMD7ElyZrm3qzkpw3pXa+XkBA4yi7b0RZInaLWqcA9Tf3pzU46CgPji+J6vE4HCkHgzRkkoK9Jf0uOcBOT8frYglpC+SZk/83XGZ5glYrsytuZEOke+HZ+1uYVjb/LmilEhZ79+zSqTc22ar64jzEI5a+5CQby8zVhWkb4r8YW93YrIWYNaAQ+5I/KP1C9e5Pt+iB1yB9Y2xCBizu0wq0AM8BMQEQW+BNHE6sdDOQvLTsAtZNsBCcNsTprEhifT6R/yJLn1IfIF9Ui+6QsS8JVJgg21SJhvYN9m5IE4U9AyRUB9d6ooILbhSyJn/IixnPQ7ZuQ78pRi9qtK8kslkOqIQMlBFl9FaXA7YuSol33DzUPeFXjS3ANs3z+cfjh1Uqo4l4tH9yVVYHUyOawJeCd3eEgPgl+kQk4y4CYseLCD10wviIgyfcZWyqw5q41z7xvQUmmQXTqwMRlwak9B