Welcome, Analyst. Threat actors regularly interact with sub-systems inside Windows structures, leaving operational marks inside Event Logs (.evtx) and Sysmon telemetry.
Your objective is to traverse the four distinct analytical profiles within the matrix, dissect host evidence files, parse account modifications, trace process spawns, and verify your indicators to construct an attack map.
Scope: Parse the baseline event structures inside the primary logs to identify a brute force attack and subsequent malware download.
Target Artifact: windows log/ Practice-Security.evtx
Target Artifact: windows log/Practice-Sysmon.evtx
Scope: Triage remote infiltration vectors across RDP, various Phishing stages, and malicious USB propagation.
Target Artifact: windows log/ Practice\RDP Case\RDP-Security.evtx
Target Artifact: windows log/ Practice\Phishing Case 1-3
Target Artifact: windows log/ Practice\ Phishing Case 3\Phishing-Sysmon.evtx
Target Artifact: windows log/ Practice\USB Case\USB-Sysmon.evtx
Scope: Investigate running telemetry for active attachment exploitation paths and information stealer malware.
Target Artifact: windows log/ Practice2\Task 3\invoice.pdf.exe
Target Artifact: Windows log\Practice\Task 5\stealer.exe
Scope: Isolate persistence mechanism artifacts across automated run keys, backdoored services, and shadow user parameters.