# Window Pains

### Problem

Created by: syyntax

One of De Monne's employees had their personal Windows computer hacked by a member of DEADFACE. The attacker managed to exploit a portion of a database backup that contains sensitive employee and customer PII.

Inspect the memory dump and tell us the Windows Major Operating System Version, bit version, and the image date/time (UTC, no spaces or special characters). Submit the flag as flag{OS\_BIT\_YYYYMMDDhhmmss}.

Example: flag{WindowsXP\_32\_202110150900}

### Solution

```bash
sudo vol -f physmemraw windows.info.Info
```

![Result of vol comma](https://1833529925-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FinQyBSsBMfzzjTjEh3xk%2Fuploads%2F34C98g8enKE0pPt006gh%2Fimage.png?alt=media\&token=55c48806-678d-490b-8140-9505c85e19ec)

{% hint style="success" %}
flag{Windows10\_64\_20210907145744}
{% endhint %}