Hi guys, I’ve solved all the tasks of this Sherlock, but I’m stuck on task 9, I can’t find the necessary file, and sha1 up*****.*** is not suitable. There is also a problem with task 16, I tried all the options that I could find and I can’t. Does anyone have any ideas?
Hi!
I’m stuck too in the task 9 because i cannot find the file in the artifacs so… i’m little lost with it but i can help you and give you a hint for the question 16.
Question 16:
Ok, probably you saw the file dropped by the opponent, but ask yourself something. This is the real name of the file? How can you see if the name of the file was modified? With the USNJournal you can see it.
And i’m stucked too in the Question 2, because i’m seeing a .json with a lot of data, even the script of powershell that init all but nothing works for the questions 2 and 3 
I found the answer to 9 in one of the files here C\ProgramData\Microsoft\Windows Defender\Support
And a little hint to start to resolve the 2? because after i think all will go more easy :s
browser history
Nice! Can you give me a hint for question 1… I have been struggling to find that one. I have completed 2-12 so far.
1 Like
powershell)
1 Like
Gotcha… I msged you I don’t want to ruin it for others
What is the malware family this is associated with this? I feel like I tried them all and none worked
I also struggled with this task
Summary
in the end I opened the community tab on virustotal and scrolled down, at the bottom there was an answer
1 Like
How did you get it up in virustotal? Since its not a provided file?
Friends, if someone has a problem with task 4, be careful, you only need to specify HH-mm there
the archive with the task contains the necessary file, but most likely it was deleted by the defender or antivirus on your PC