1- checking some log file sorted by date and discorvering info at [SantasLaptopLogs]
-
decoding base64 string to bat and analysing it in shellbags weer u can see files that has been in satas desk
-
https://github.com/Grinchiest < SantaRat
-
fiding the password in operation-bag-of-toys in a commit https://github.com/Grinchiest/operation-bag-of-toys/commit/41615462e4fdc0ceeb4ef1bec693ec3de1125ed2 [TheGrinchiestGrinchmasOfAll]
-
entering the password in bag-of-toys.exe file in the vm and getting 228 files