One of the employees at Lockman Group gave an IT department the call; the user is frustrated and mentioned that all of his files are renamed to a weird file extension that he has never seen before. After looking at the user's workstation, the IT guy already knew what was going on and transferred the case to the Incident Response team for further investigation.
You are the incident responder. Let's see if you can solve this challenge using the infamous Redline tool. Happy Hunting, my friend!
https://tryhackme.com/room/revilcorp
you can find the answer for Q1 and 2 in the “System Information” section
To answer this question, I first considered looking at prefetch files or recent documents or Jump lists However, this is my first time using Redline, so I wasn’t sure where to look. I decided to check the "File Download History" section and found two downloads: one for WinRAR and another for Tor. The WinRAR download looked suspicious because it originated from an IP address.