IOC: As a Windows SDK binary, execution on a system may be suspicious
Dump
Creates a memory dump of the LSASS process.
dump64.exe <pid> out.dmp
Usecase: Create memory dump and parse it offline to retrieve credentials.
Privileges required: Administrator
OS: Windows 10, Windows 11
MITRE ATT&CK®: T1003.001