Challenge-2

题目描述 #

嫌疑人在受害者电脑上执行了恶意 vbs 脚本、受害者电脑“上线”了。请找出 vbs 脚本通联的 IP 与端口。答案提交格式 flag{md5(ip:port)}。

Flag #

event.category : "process"
and event.action : ("start" or "process_started" or "Process Create*")
and (process.parent.pid : 736 or winlog.event_data.ParentProcessId : 736)

bGZiESdaBt.exe
====
process.name.text : "bGZiESdaBt.exe"

172.30.143.124 4455
172.30.143.124:4455
Previous Challenge-1 Challenge-3 Next