xmrig | 3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078

Analysis

max time kernel
149s
max time network
152s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
03-12-2024 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
Size

731KB
MD5

6634a952b1d18ed9db3a60b0e605d8c0
SHA1

556c5876f530719212deb3bdd2d49cdfa9b5bc58
SHA256

3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
SHA512

77203be137f41ddf535f7297bf87cf6a9fdc8251d14ed5e9999c63552d351086fa783af238d9a0cd9d3bdd7e703cc589dffc5730e0ee0b80774a0bce4cb39805
SSDEEP

12288:Yvz3zPzJWjGA036wN/4qyqFULsJ8zcoqGYmMRGWbp5JbUbZWioXjgRgse/dByaKX:Y9QGA0K8FULsJCc8YoiJbUckRgsebhAt

Score

10^/10

xmrig xmrig_linux credential_access defense_evasion discovery miner

Malware Config

Signatures

Xmrig family
xmrig
Xmrig_linux family
xmrig_linux
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig
Contacts a large (48119) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
behavioral1/memory/1596-1-0x0000000000400000-0x0000000000918408-memory.dmp	xmrig

Deletes itself 1 IoCs

pid	Process
1596	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for modification	/dev/misc/watchdog	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078

Enumerates running processes
Discovers information about currently running processes on the system

Reads process memory 1 TTPs 64 IoCs

Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

credential_access

Proc Filesystem

T1003.007

description	ioc	Process
File opened for reading	/proc/79/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/217/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/15/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/22/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/86/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/990/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/13/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/25/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/223/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/781/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/607/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/737/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/7/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/11/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/211/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/259/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/748/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/75/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/962/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/500/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/583/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/99/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/118/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/409/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/499/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/308/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/412/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/629/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/23/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/78/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/81/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/82/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/19/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/94/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/841/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/222/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/956/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/6/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/73/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/77/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/216/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/209/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/633/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/219/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/10/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/76/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/88/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/4/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/983/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/589/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/991/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/85/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/97/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/109/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/585/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/93/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/766/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/836/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/215/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/218/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/600/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/871/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/971/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	hub4kkg55qg2rl76sx4d5z	1596	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078

Enumerates kernel/hardware configuration 1 TTPs 4 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/firmware/dmi/tables/DMI	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/sys/devices/system/node/node0/hugepages/hugepages-2048kB/free_hugepages	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/sys/firmware/dmi/tables/smbios_entry_point	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/1676/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2733/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/3613/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/214/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/1127/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2139/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/3270/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/3452/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/86/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/590/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/1164/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/1193/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/1807/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2877/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/3158/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/3234/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2140/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2874/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2896/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/3589/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/3594/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/216/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/1145/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/1398/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2529/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/3223/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/3317/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/3352/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/112/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/1145/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/1789/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2532/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2778/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/3459/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/607/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/1075/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/1537/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/1901/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2126/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2133/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2651/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2868/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/3609/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/80/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/633/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/1176/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2238/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2580/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2848/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/1803/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/3074/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/635/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/1606/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/1753/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/3317/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/83/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/3127/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/211/exe	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/1816/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2388/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/3113/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/1294/cmdline	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2327/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
File opened for reading	/proc/2651/maps	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078	3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078

/tmp/3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
/tmp/3ef65ce27d39b037d75bdc16b197e04f3b391f76c2da5f2f755e2ded38bb9078
1⤵
- Deletes itself
- Modifies Watchdog functionality
- Reads process memory
- Changes its process name
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

OS Credential Dumping

T1003

Proc Filesystem

T1003.007

Discovery

Network Service Discovery

T1046

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1596-1-0x0000000000400000-0x0000000000918408-memory.dmp

Download