Analyse mémoire - Pour commencer (2/2)

Description

The memory dump was taken while a user was working on a highly sensitive document. If the workstation was compromised, this document may have been stolen. Can you find:

the name of the document editing software,
the name of the document.

The flag is in the format FCSC{<software name>:<document name>} where:

<software name> is the name of the editing software’s executable, and
<document name> is the name of the document being edited by the user (without the file path).

For example: FCSC{calc.exe:My accounts 2025.txt}.

Files

analyse-memoire.tar.xz
1.05 GiB – 59dbdb3d2e0eb219afc63fa086069b0e21cad79060ca3752b75e910058fce206

Author

haxom

Flag

You don't have JavaScript actived. No problem! You can check your flag like this: echo -n 'PUT_THE_FLAG_HERE' | sha256sum # possible output: 9338390dfb01c8b65643ea68464087131d450c82348cecb7d4288b7a60d1dfab # possible output: 8aaca9ab034613f265c7ad032bc8d90120b7c73ede7ae3ac4768590f55d3f63c

Writeups

I've been looking for a long time and I still can't find the flag!

You can vote for the solutions you prefer by using the on their respective pages.

Date	Author	Language	Tags
2025-05-02	Cyrhades	🇫🇷