# Full WriteUp

Full Writeup on our website: [http://www.aperikube.fr/docs/tjctf_2018/virusvolatile](http://www.aperikube.fr/docs/tjctf_2018/virusvolatile)

-------------
# TL;DR

In this task the author gaves us a Windows 7 memory dump. First, there is a strange file in *Downloads* directory: *keylogger.py*.

After dumping the evil file, we are able to get the log file. In this log file I was able to find the first part of the flag.

To retrieve the second part, I had to take a look on downloaded file in Chrome. One file is terminated by a curly brace. By sorting files by weight, I was able to concatenate all names and get the second part.