We received this memory dump from our client recently. Someone accessed his system when he was not there and he found some rather strange files being accessed. Find those files and they might be useful. I quote his exact statement,
The names were not readable. They were composed of alphabets and numbers but I wasn't able to make out what exactly it was.
Also, he noticed his most loved application that he always used crashed every time he ran it. Was it a virus?
Note-1: This challenge is composed of 3 flags. If you think 2nd flag is the end, it isn't!! :P
Note-2: There was a small mistake when making this challenge. If you find any string which has the string "L4B_3_D0n3!!" in it, please change it to "L4B_5_D0n3!!" and then proceed.
Note-3: You'll get the stage 2 flag only when you have the stage 1 flag.
Challenge file: MemLabs_Lab5
The commpressed archive
- MD5 hash: d72a2141baa6670d46c77b5f452f09f7
The memory dump
- MD5 hash: 9dd6cb1134c9b018020bad44f27394db
Please follow the flag submission rules when sending the email for solution verification.