SupremoRemoteDesktop
Appsv1.1
Author: epoxigen
description
Supremo Remote Desktop Control Logs
paths
2 paths
CommunicationsSupremo Connection Logs
C:\ProgramData\SupremoRemoteDesktop\Log*.logIncludes Supremo.00.Client.log and Supremo.00.Incoming.log
CommunicationsSupremo File Transfer Inbox
C:\ProgramData\SupremoRemoteDesktop\InboxIncludes files transferred to the inbox folder during a remote session. See Supremo.00.FileTransfer.log
› paths use Windows environment syntax
collection commands
# PowerShell Artifact Collection Script
# Target: SupremoRemoteDesktop
# Run as Administrator
#Requires -RunAsAdministrator
$ErrorActionPreference = "SilentlyContinue"
$DestBase = "D:\Evidence"
# Function to handle directory creation and copying
function Collect-Artifact {
param (
[string]$SourcePath,
[string]$FolderName
)
$FullDest = Join-Path -Path $DestBase -ChildPath $FolderName
if (-not (Test-Path -Path $FullDest)) {
New-Item -ItemType Directory -Path $FullDest -Force | Out-Null
}
Copy-Item -Path $SourcePath -Destination $FullDest -Recurse -Force
}
# 1. Supremo Connection Logs
Collect-Artifact -SourcePath "C:\ProgramData\SupremoRemoteDesktop\Log\*.log" -FolderName "Supremo_Connection_Logs"
# 2. Supremo File Transfer Inbox
Collect-Artifact -SourcePath "C:\ProgramData\SupremoRemoteDesktop\Inbox\*" -FolderName "Supremo_File_Transfer_Inbox"
Write-Host "Collection complete!" -ForegroundColor Green› Save as .ps1 and run as Administrator. Use: powershell -ExecutionPolicy Bypass -File script.ps1