Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\kkqhms] 'Start' = '00000002'
- <SYSTEM32>\sc.exe start kkqhms
- <SYSTEM32>\sc.exe stop null
- <SYSTEM32>\sc.exe create kkqhms type= kernel binpath= "%ALLUSERSPROFILE%\Application Data\JBNLTHI\kkqhms.bin" start= auto
- %TEMP%\1.tmp
- %ALLUSERSPROFILE%\Application Data\JBNLTHI\kkqhms.bin
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- %ALLUSERSPROFILE%\Application Data\JBNLTHI\fts4497.htt
- 'rp##.21civ.com':80
- rp##.21civ.com/az.php?st######################################################
- DNS ASK rp##.21civ.com
- ClassName: 'Shell_TrayWnd' WindowName: ''