Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Task Scheduler Client' = '<SYSTEM32>\rclientsvc.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\rclientsvc.exe' = '<SYSTEM32>\rclientsvc.exe:*:Enabled:Task Scheduler Client'
- '<SYSTEM32>\rclientsvc.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "<SYSTEM32>\rclientsvc.exe" "Task Scheduler Client" ENABLE
- <SYSTEM32>\rclientsvc.exe
- <SYSTEM32>\9125y5yta.dat
- 'qf###mjailm.com':80
- 'hc####meterg.com':80
- qf###mjailm.com/faq.php
- hc####meterg.com/solomon.php
- DNS ASK qf###mjailm.com
- DNS ASK hc####meterg.com