This challenge was created by aiglematth as part of the ctf club GCC. This was my first introduction to the Unicorn framework. The challenge has no real difficulty other than understanding the framework but remains very interesting to study. This post was written with many details for begginers.

This challenge was including in the forensic category of the HeroCTF v4 event, divided in 4 parts. The first one was about a deleted lnk file. In the second one we looked into Windows forensic (Schedule Task, WSL, Registry). In the third part we had a memory dump to examine. For the final part we had to reverse a rust malware.er