foREGround
One of our research VMs started acting weirdly. Also, it is now sending weird DNS requests.. Must be something with the video driver. I tried to fix the registry but now it bluescreens all the time.
Can you fix the registry? And if you could look into the network packets, too, that would be GReAT.
HINT: I tried importing suspicious registry keys to a VM (paying attention to the OS version). Had to be very careful when importing REG_SZ registry values tho, Windows has traps set and waiting for you here and there. I also wonder why BSODs occur, do you have WinDBG warmed up?
We are preparing something more than just a writeup. Stay tuned for updates on Securelist!
SAS{1R_1S_TH3_B3ST_S0URCE_OF_R3S3ARCH}
Solved by: 0 teams