We need your help!

Our beloved organization is facing some serious IT challenges. We are not quite sure yet what is happening but a lot of critical files have been renamed or encrypted but eventually became useless. Our lead Incident Responder performed preliminary investigation and acquired the image and memory dump from a machine believed to have played a key role in this situation.
Can you please take a look and help us, time is running fast! We even accept bitcoins if you consider it helpful 😋

All answers are case insensitive except passwords. You are expected to provide precise copies of findings even those containing extra spaces or typos. Depending on progress you will unlock additional questions.

Evidence and Zip password will be provided directly by a member of the XFIR team.