This is for a lab called "PRINT" from Blue teams labs online.

Investigation Submission Submit the Domain name used by the red teamers for their test setup ( 1 points) From the network traffic, what is the name of the file that is transferred via SMB? (4 points) What is the C drive location where the file from the previous question is copied? (4 points) Format: C:Ipath\tolfilelxxx.ext What is the attacker's IP:Port for reverse shell? (4 points) Format: IP:Port Submit EventID, AccessMask, ShareName when Accountname="printuser", Sourceaddress=Attacker's IP and Relative Target Name is "spoolss" (4 points) Submit Parent Command Line for the process WerFault.exe (4 points) Format: C:Ipath|tolfilelxxx.exe After getting the reverse shell, the attacker tried the command "whoami", what will be the output of this command? Note: whoami displays user, group, and privileges information for the user who is currently logged on (4 points)