Technical Information
- [<HKLM>\System\CurrentControlSet\Services\baby] 'ImagePath' = '<SYSTEM32>\Past1Dh9M.sys'
- 'baby' <SYSTEM32>\Past1Dh9M.sys
- %TEMP%\e_n30005\krnln.fnr
- %TEMP%\e_n30005\iext.fnr
- %TEMP%\e_n30005\eapi.fne
- %TEMP%\e_n30005\spec.fne
- %TEMP%\e_n30005\internet.fne
- %TEMP%\e_n30005\ethread.fne
- %WINDIR%\syswow64\past1dh9m.sys
- %WINDIR%\syswow64\past1dh9m.sys