mirror of https://github.com/dirtbags/moth.git
14 lines
596 B
HTML
Executable File
14 lines
596 B
HTML
Executable File
|
|
You have suspicions that a certain windows box has been infected by a Trojan. You have been given access to a memory image from this box.<A href="http://10.1.1.2/10/xp-laptop-2005-06-25.img">xp-laptop-2005-06-25.img</A> Use the memory image to determine if the machine has been infected.
|
|
</BR>
|
|
In order to answer the questions:
|
|
</BR>
|
|
- Determine if the machine has been infected.
|
|
</BR>
|
|
- If it has not been infected, list "no" as your answer.
|
|
</BR>
|
|
- If it has been infected, list the process name of the Trojan
|
|
</BR>
|
|
HINT: You know from googling that the Trojan uses the passWD.log file.
|
|
|