3615 Incident 2/3

forensics memory windows FCSC 2019 solved on

star star

Description

Yet another victim has been compromised by a ransomware. Paying the ransom is not an option, its amount is way too high. We called you to restore the encrypted files.

Recover the encryption key used by the ransomware!

Note : The flag follows this format: ECSC{hey.hex()}.

This challenge has been split into three parts:

Files

  • mem.dmp.tar.xz
    338.19 MiB – 6003d62b4b4ecd8fb43be8802f6f429400c77a2bb082f0b7d3f93550e62babe5

Author

alx

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

I've been looking for a long time and I still can't find the flag!

You can vote for the solutions you prefer by using the on their respective pages.

DateAuthor Language Tags Vote
2023-12-07
hashp4
🇫🇷