Windows Remote Access Dialer

Paths:

C:\Windows\System32\rasautou.exe

Detection: rasautou.exe command line containing -d and -p

Execute

Loads the target .DLL specified in -d and executes the export specified in -p. Options removed in Windows 10.

rasautou -d powershell.dll -p powershell -a a -e e