[Cybercamp 2015] [Forense 4.4] Write UpDescription
There was an intrusion for some time and from this computer seems to have downloaded malicious programs to do a DDoS from this pc.
Question: How is called the computer name?
Resolution
We mount the 2 files into REGEDIT as seen in Forense 4.1.
There’s some registry keys named “ComputerName”, so we try to find one.
HKEY_USERS\FORENSIC_SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability | LastComputerName : DRONE-OPERATOR
SHA256(DRONE-OPERATOR) : 40ca2fc8a55570e5fddff64fd05d7a3238998504f71b356228275877f81bdc5a
Flag is 40ca2fc8a55570e5fddff64fd05d7a3238998504f71b356228275877f81bdc5a