Need help on question 10 in "Wizard Spider DFIR: Ep.2 – Ransomware Analysis" lab