An analyst noticed some suspicious account activity on a workstation. We think the device may be compromised – can you look into this?
What I did was just go through each of the login attempts until one of them had a different login users.
Then inspected that further to find the flag
leveleffect{10gg3d}