Rating:
Hourglass - Forensics
This challenge provided ova file of windows 10 operating system. According to the description we need to find something suspicious in the system.
I searched in different areas that might contain interesting or suspicious data.
I did not find anything until I entered the Task Scheduler and noticed a suspicious task that mention some path (C:\Windows\DiagTrack\Settings\settings.txt)
Here we can see the 'txt' file mentioned in the task suspicious task, which looks like a Base64 encoded string.
This is the decoded string, which is the flag:
uoftctf{T4sK_Sch3Dul3r_FUN}
