Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Ntds] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Ntds] 'ImagePath' = '%CommonProgramFiles(x86)%\Microsoft Shared\MSInfo\ntds.sys'
- 'Ntds' %CommonProgramFiles(x86)%\Microsoft Shared\MSInfo\ntds.sys
- %CommonProgramFiles(x86)%\microsoft shared\msinfo\msinfo.exe
- %CommonProgramFiles(x86)%\microsoft shared\msinfo\testsys.sys
- %CommonProgramFiles(x86)%\microsoft shared\msinfo\ntds.sys
- %CommonProgramFiles(x86)%\microsoft shared\msinfo\nmhelp.dll
- 'ba##u.com':80
- http://www.ba##u.com/index.php
- DNS ASK ba##u.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%CommonProgramFiles(x86)%\microsoft shared\msinfo\msinfo.exe'
- '%CommonProgramFiles(x86)%\microsoft shared\msinfo\msinfo.exe' ' (with hidden window)