User details : DFIR CTF Challenge - Ransomware ate my homework - Mellivora, the CTF engine

Level 1: Domain controller, 175 / 850 (21%)

Level 2: W10-PC3, 0 / 1,050 (0%)

Level 3: W10-PC5, 0 / 1,150 (0%)

Total: 175 / 3,050 (5.7%)

Challenge	Solved	Points
09. What is the IP used by the attackers to connect to the domain controller ? (Level 1: Domain controller)	#10, 11 months, 20 days after release (2021-11-01 13:46:31)	25
04. A foul-mouthed named script was executed a little after this user login. What is its name? (Level 1: Domain controller)	#10, 11 months, 20 days after release (2021-11-01 13:31:59)	50
05. The antivirus detected a malicious file around this time. Which name does it have? (Level 1: Domain controller)	#11, 11 months, 20 days after release (2021-10-31 19:53:23)	50
03. At what time can you see a logon type 10 user login on the domain controller? (Level 1: Domain controller)	#13, 11 months, 19 days after release (2021-10-31 14:34:42)	50