CrewCrow

Identify the conferencing application used by CrewCrow members for their communications.

A) Zoom

Determine the last time Nefarious used the conferencing application.

.\PECmd.exe -d C:\Users\cu3rv0x\Desktop\CrewCrow\C\Windows\prefetch --csv output

A) 2024-07-16 09:02:02

Where is the conferencing application’s data stored?

A) C:\Users\Nefarious\AppData\Roaming\Zoom\data

Which Windows data protection service is used to secure the conferencing application’s database files?

A) DPAPI

Determine the sign-in option used by Nefarious.

A) Password

![[Pasted image 20260409084754.png]]

Retrieve the password used by Nefarious

A) ohsonefarious92

Find the key derivation function iterations used in the encryption process of the conferencing application’s database.

A) 4000

Find the key derivation function page size used in the encryption process.

A) 1024

Identify Nefarious email address.

A) nefarious92@outlook.com

What is the Meeting ID?

A) 86233834426

Retrieve the password used to encrypt the plan PDF file from the meeting chat. A) EOztYmVeUxp6TmV

Discover the location from which the upcoming cyber-attack will be launched.

A) Eastern Europe