Ransomémoire 2/3 - Début d'investigation

Description

Phew, you were able to recover your precious file. Now you investigate the origin of this encryption.

The flag is case insensitive and follows the format FCSC{<pid>:<protocol>:<port>}, where:

<pid> is the PID of the process that dropped and performed the encryption and
<protocol> and <port> are the parameters of the connection with the C&C.

This challenge has been split into four parts:

Ransomémoire 0/3 - Pour commencer.
Ransomémoire 1/3 - Mon précieux.
Ransomémoire 2/3 - Début d’investigation.
Ransomémoire 3/3 - Doppelgänger.

Files

fcsc.7z
591.28 MiB – 754cb093af343356827d650270f9faa56cc4c44f44243ea08590edb1bc270b5e

Author

haxom

Flag

You don't have JavaScript actived. No problem! You can check your flag like this: echo -n 'PUT_THE_FLAG_HERE' | sha256sum # possible output: 5d54396b269baf432b77386dd62465a2dfa4993e8d5d90de745158d3a9b17cc9

Writeups

I've been looking for a long time and I still can't find the flag!

You can vote for the solutions you prefer by using the on their respective pages.

Date	Author	Language	Tags	Vote
2023-11-06	naacbin	🇬🇧	TeamFrance