Technical Information
- [HKLM\System\CurrentControlSet\Services\baby] 'ImagePath' = '<SYSTEM32>\Past2by91.sys'
- [HKLM\System\CurrentControlSet\Services\DBKDRVR54] 'ImagePath' = '<SYSTEM32>\mydri.sys'
- 'baby' <SYSTEM32>\Past2by91.sys
- 'DBKDRVR54' <SYSTEM32>\.\mydri.sys
- %WINDIR%\syswow64\past2by91.sys
- %WINDIR%\syswow64\mydri.sys
- %LOCALAPPDATA%\microsoft\internet explorer\msimgsiz.dat
- %WINDIR%\syswow64\mydri.sys
- %WINDIR%\syswow64\past2by91.sys
- 'ai###xian.com':80
- http://www.ai###xian.com/
- DNS ASK ai###xian.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''