Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\WinLogon\] 'Userinit' = '<SYSTEM32>\userinit.exe,<Full path to file>'
- <PATH_SAMPLE>.tda
- <PATH_SAMPLE>.tsh
- <PATH_SAMPLE>.bin
- <PATH_SAMPLE>.tda
- '19#.#8.226.12':80
- '%WINDIR%\syswow64\cmd.exe' /C "route.exe print > "<PATH_SAMPLE>.tda""' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C "route.exe print > "<PATH_SAMPLE>.tda""
- '%WINDIR%\syswow64\route.exe' print