The purpose of this report is to detail the artifacts left by a third-party remote access tool during its setup and use. A third-party remote access tool allows people not physically in contact with a device to control, interact with it, and see its screen. Tools that do not allow visual interaction such as PsExec are not included in this study.
The motivation to do this study came from a tweet made by @IcsNick, listing "Remote Admin Tools that are abused by threat actors"1. Indeed, threat ac