Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Rsfwhi Eye Protect] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Rsfwhi Eye Protect] 'ImagePath' = '%ProgramFiles(x86)%\Windows NT\Usermo.exe'
- 'Rsfwhi Eye Protect' %ProgramFiles(x86)%\Windows NT\Usermo.exe
- 'Rsfwhi Eye Protect' %ProgramFiles(x86)%\Windows NT\
- %ProgramFiles(x86)%\windows nt\usermo.exe
- %ProgramFiles(x86)%\windows nt\usermo.exe
- '98.##9.99.149':2553
- 'cy##0.ltd':2033
- http://98.###.99.149:2553/152.jpg via 98.##9.99.149
- 'cy##0.ltd':2033
- DNS ASK cy##0.ltd
- '%ProgramFiles(x86)%\windows nt\usermo.exe'
- '%ProgramFiles(x86)%\windows nt\usermo.exe' Win7