Packet Cyclone

Personal Rating: Easy

This challenge was another log analysis challenge and we have a lot of evtx files:

Rclone was used for exfiltration, which you could find out with the right sigma/yara rules. Those rules turned out to work to get the flag: