Trebek 5 -> 10
Trebek 5 -> 6
The password for trebek6 is the name of the executable that is starting at 3/23/2017 8:08:53 PM via the Software Protection service as depicted in the event log on the desktop.
Get-WinEvent -Path .\application.evtx | Where-Object -Property TimeCreated -eq "3/23/2017 8:08:53 PM" | Format-List
Log Id: 900
Password: wlms
Trebek 6 -> 7
The password for trebek7 is the total number of DLLs within the βC:\program files\adobe\β folder and itβs subfolders PLUS the name of the file on the desktop.
Get-ChildItem -Recurse -Include *.dll βC:\program files\adobe\β | Measure-Object
Password: 40_reader
Trebek 7 -> 8
The password for trebek8 is the name of the program set to run prior to login if sticky keys are activated PLUS the name of the file on the desktop.
Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe"
Password: han_solo99
Trebek 8 -> 9
The password for trebek9 the first 8 bytes of the file located on the desktop. Combine the answer together with NO spaces.
Get-Content .\Clone_Trooper_data.pdf -Encoding byte -Total 8 | Write-Host -NoNewLine
Password: 779014403000
Trebek 9 -> 10
The password for trebek10 is the name of the potentially rogue share on the system PLUS the name of the file on the desktop.
Get-SMBShare
Password: shoretroopers$_hiding
Last updated
Was this helpful?