Forum Discussion

Bronze III

1 month ago

Ransomware: LockBit

I can't figure out what question 7 is looking for as the answer. I ensured I was looking at logs with an EventType of SetValue, I ensured it was LockBit.exe doing the event, but nothing I've tried fr...

help & support

immersive labs

ArthurDent

Bronze III

1 month ago

Nevermind. Figured it out by looking at all the Type 13 logs.

Andrea
Bronze I
18 days ago
What was the answer, I am struggling to figure this out?
- ArthurDent
  Bronze III
  18 days ago
  It's asking for the first change, so you need to sort the events - the _time field only goes down to the second so there are a whole lot of events in the same second; the UtcTime is more precise - sort on that and get the first one. It just wants the channel name by itself.
  - Andrea
    Bronze I
    18 days ago
    Thanks, I was able to finally figure it out.

Forum Discussion

Ransomware: LockBit

Featured Places

Help

Related Content

Ransomware: Darkside - Question 9

Ransomware: Darkside - Question 8

Ransomware: Annabelle Entry Point

Ransomware: Bad Rabbit - Registry key

Ransomware: Snake

Recent Discussions

APT34: Glimpse - Question 4

Hafnium: ProxyLogon (Offensive) - Question 3

Hafnium: ProxyLogon (Offensive) - Question 3

Threat Actors: Salt Typhoon – SNAPPYBEE Campaign Analysis - Question 3

Threat Actors: Mint Sandstorm – Campaign Analysis - Question 9