TryHackMe | Dunkle Materie Walkthrough
Dunkle Materie Writeup Investigate the ransomware attack using ProcDot Link- https://tryhackme.com/room/dunklematerieptxc9 Once you have connected to the machine, launch Procdoct which is present in the Taskbar with a Red Dot symbol. Load the files from "Analysis Files" folder present in the Desktop into Procdot. Click the ... button. The most suspicious process in the list appears to be exploreer.exe (PID 7128). We will double click on that and then click Refresh button. The chart loads and we are now ready for investigating... Provide the two PIDs spawned from the malicious executable. (In the order as they appear in the analysis tool) Click the ... button. The 2 PIDs that appear to be malicious are 8644 and 7128 Provide the full path where the ransomware initially got executed? (Include the full path in your answer) Open the "LogFile.csv" file in notepad and search for exploreer.exe. You will find the full path as " c:\users\sales\appdata\local\temp\explor...