783 B
783 B
Persist
Although Santa just updated his infra, problems still occur. He keeps complaining about slow boot time and a blue window popping up for a split second during startup. The IT elves support suggested that he should restart his computer. Ah, classic IT support!
Download Link: http://46.101.25.140/forensics_persist.zip
Flag
Progress so far
- The zip file contains ä windows memory dump
- As the intro text states the boot time is slow and blue windows pop up. This might be ä Powershell reverse shell.
- So it is probably reasonable to check the windows autostart and the accoring registry keys
- I was not able to find anything as of yet
- Probably the
autostartsplugin forvolatility2would help. But I'm using version 3 and the plugin is not compatible.