Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\KIADHNQS] 'ImagePath' = '<DRIVERS>\KIADHNQS.sys'
- NtWriteVirtualMemory, handler: KIADHNQS.sys
- NtReadVirtualMemory, handler: KIADHNQS.sys
- NtOpenProcess, handler: KIADHNQS.sys
- <DRIVERS>\KIADHNQS.sys
- <DRIVERS>\KIADHNQS.sys
- '12#.#25.114.144':80
- http://www.ba##u.com/ via 12#.#25.114.144
- DNS ASK www.ba##u.com
- ClassName: 'Shell_TrayWnd' WindowName: ''