Need help on question 10 in "Wizard Spider DFIR: Ep.2 – Ransomware Analysis" lab

Based on the name of the .html files, file hash and the behavior observed, what is the name of the ransomware used by the attackers?

How can I approach the search for the above task on elastic search