Dumping SAM via esentutl.exe
Execution
It's possible to use esentutl.exe that comes with Windows and dump SAM/Security hives like so:
Observation
The below are some potential IOCs for detecting this technique:
References
Last updated