Added Pcwutl.dll to LOLLibs

LOLLibs.md

@@ -7,6 +7,7 @@ If you are missing from the acknowledgement, please let me know (I did not forge
 [Advpack.dll](OSLibraries/Advpack.md)    
 [Ieadvpack.dll](OSLibraries/Ieadvpack.md)    
 [Ieframe.dll](OSLibraries/Ieframe.md)    
+[Pcwutl.dll](OSLibraries/Pcwutl.md)    
 [Shdocvw.dll](OSLibraries/Shdocvw.md)    
 [Shell32.dll](OSLibraries/Shell32.md)    
 [Url.dll](OSLibraries/Url.md)    

OSBinaries/Psr.md

@@ -5,6 +5,8 @@
 ```
 psr.exe /start /gui 0 /output c:\users\user\out.zip    
 
+psr.exe /start /maxsc 100 /gui 0 /output c:\users\user\out.zip    
+
 psr.exe /stop    
 ```
 
@@ -26,5 +28,23 @@ C:\Windows\SysWOW64\Psr.exe
 Notes:
 It does not log keystrokes. Only screenshots when something is clicked.
 
+psr.exe [/start |/stop][/output <fullfilepath>] [/sc (0|1)] [/maxsc <value>]
+    [/sketch (0|1)] [/slides (0|1)] [/gui (o|1)]
+    [/arcetl (0|1)] [/arcxml (0|1)] [/arcmht (0|1)]
+    [/stopevent <eventname>] [/maxlogsize <value>] [/recordpid <pid>]
+
+/start            :Start Recording. (Outputpath flag SHOULD be specified)
+/stop            :Stop Recording.
+/sc            :Capture screenshots for recorded steps.
+/maxsc            :Maximum number of recent screen captures.
+/maxlogsize        :Maximum log file size (in MB) before wrapping occurs.
+/gui            :Display control GUI.
+/arcetl            :Include raw ETW file in archive output.
+/arcxml            :Include MHT file in archive output.
+/recordpid        :Record all actions associated with given PID.
+/sketch            :Sketch UI if no screenshot was saved.
+/slides            :Create slide show HTML pages.
+/output            :Store output of record session in given path.
+/stopevent        :Event to signal after output files are generated.
 
  

OSLibraries/Pcwutl.md

@@ -0,0 +1,30 @@
+## Pcwutl.dll
+
+* Functions: Execute
+
+```
+rundll32.exe pcwutl.dll,LaunchApplication calc.exe
+```
+
+Acknowledgements:
+* Matt harr0ey - @harr0ey
+
+Code sample:
+* 
+
+Resources:
+* https://twitter.com/harr0ey/status/989617817849876488
+
+Full path:
+```
+c:\windows\system32\Pcwutl.dll
+c:\windows\sysWOW64\Pcwutl.dll
+```
+
+Notes:
+
+
+
+Detection:
+
+