Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Wsfjrp lcvutvrm] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Wsfjrp lcvutvrm] 'ImagePath' = '%WINDIR%\Keauiwo.exe'
- 'Wsfjrp lcvutvrm' %WINDIR%\Keauiwo.exe
- %ProgramFiles%\apppatch\mysqld.dll
- %WINDIR%\keauiwo.exe
- '10#.#51.213.139':8897
- '10#.#51.213.139':2018
- '10#.#51.213.139':2018
- '%WINDIR%\keauiwo.exe'
- '%WINDIR%\keauiwo.exe' Win7