Ducky

A USB device was plugged into a workstation after being found unattended. Shortly after, abnormal system activity was observed, suggesting that the device emulated user input rather than acting as a standard storage medium.

Your task is to analyze a USB capture of the session and reconstruct what was executed on the machine. The evidence is embedded in low-level USB HID communication, where keyboard events were transmitted as raw input data. By interpreting this interaction, you can recover the sequence of actions performed and identify the external endpoint involved in the attack chain.

Flag format: flag{*******.******.**}