User details : DFIR CTF Challenge - Ransomware ate my homework - Mellivora, the CTF engine

Level 1: Domain controller, 275 / 850 (32%)

Level 2: W10-PC3, 0 / 1,050 (0%)

Level 3: W10-PC5, 0 / 1,150 (0%)

Total: 275 / 3,050 (9%)

Challenge	Solved	Points
09_Extra. Which kind of authentication used the attacker to log into the system? (Level 1: Domain controller)	#9, 9 months after release (2021-08-11 20:54:29)	100
09. What is the IP used by the attackers to connect to the domain controller ? (Level 1: Domain controller)	#9, 9 months after release (2021-08-11 20:32:50)	25
04. A foul-mouthed named script was executed a little after this user login. What is its name? (Level 1: Domain controller)	#9, 9 months after release (2021-08-11 20:18:25)	50
05. The antivirus detected a malicious file around this time. Which name does it have? (Level 1: Domain controller)	#10, 8 months, 29 days after release (2021-08-11 16:09:26)	50
03. At what time can you see a logon type 10 user login on the domain controller? (Level 1: Domain controller)	#12, 8 months, 29 days after release (2021-08-11 15:56:14)	50