.. /Dump64.exe
Star

Memory dump tool that comes with Microsoft Visual Studio


Paths:

Resources:
Acknowledgements:

Detection:

Dump

Creates a memory dump of the LSASS process.
dump64.exe <pid> out.dmp
Usecase: Create memory dump and parse it offline to retrieve credentials.
Privileges required: Administrator
OS: Windows 10, Windows 11
MITRE ATT&CK®: T1003.001