What is the computer's name?

What is the Timezone of the compromised machine? Format: UTC+0 (no-space)

What was the first vulnerability the attacker was able to exploit?

What is the OS build number?

How many users are on the compromised machine?

What is the webserver package installed on the machine?

What is the name of the vulnerable web app installed on the webserver?

What is the user agent used in the HTTP requests sent by the SQL injection attack tool?

The attacker read multiple files through LFI vulnerability. One of them is related to network configuration. What is the filename?

The attacker tried to update some firewall rules using netsh command. Provide the value of the type parameter in the executed command?

How many users were added by the attacker?

When did the attacker create the first user?

What is the NThash of the user's password set by the attacker?

What is The MITRE ID corresponding to the technique used to keep persistence?

The attacker uploaded a simple command shell through file upload vulnerability. Provide the name of the URL parameter used to execute commands?

One of the uploaded files by the attacker has an md5 that starts with "559411". Provide the full hash.

The attacker used Command Injection to add user "hacker" to the "Remote Desktop Users" Group. Provide the IP address that was part of the executed command?

The attacker dropped a shellcode through SQLi vulnerability. The shellcode was checking for a specific version of PHP. Provide the PHP version number?