Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Rsjfhd clonrnkw] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Rsjfhd clonrnkw] 'ImagePath' = '%ProgramFiles%\Microsoft Awqosg\Wpilflq.exe'
- %ProgramFiles%\Microsoft Awqosg\Wpilflq.exe
- %ProgramFiles%\Microsoft Awqosg\Wpilflq.exe
- from <Full path to file> to <SYSTEM32>\144593.bak
- '94.##1.101.15':65525
- '%ProgramFiles%\Microsoft Awqosg\Wpilflq.exe'