What time did the attacker scan the network?

What is the 'channel' ID parameter in the command line of PID 13048 ?

The attacker opened a .txt file in his folder with notepad, what is the objectID associated with this activity ?

Inside the folder used by the attacker, there is a .txt file name. what is its name ?

What is the name of Netbios, IP and

hostname of the Active Directory Domain?

How many failures is there on an account from the attacker machine? And on which account?

As an Administrator, the attacker executed a commandline that allowed him to create a domain persistence. What is the command ?

Bonus (flag this question to answer it at the end of the quiz) :

By analysing the .vhdx, the remote access tools folder might leak some information regarding the public IP of the attacker. Can you find his public IP ?

The LibreOffice binary has been run?