Ransomware: Bad Rabbit - Registry key
Hi
the question is: What is the full registry key path which gets registered in regard to the "cscc" service?
The obvious answer is: HKLM\System\CurrentControlSet\Services\cscc
You find it it on the analyst vm in splunk, on the malware vm. But that's not accepted.
If anybody knows what is actually expected?
So - I managed to work out the answer using OSINT, since the lab didn't seem to be working at the time I looked at it (August). Though, annoyingly, I didn't record specifically where I found it. The actual answer, is like your obvious answer, but with another word (technically, two words added together like "TwoWords") added after "...Services\cscc\".
My notes from the time:
"Cheated. ;-p Googled and found something saying you can find it in the results of searching for "cscc registry" - however, that search returns zero hits for me... is this lab still working?".
Checking today - that search does return results which seem to include the answer you need...