Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\CRMSvc] 'ImagePath' = '"%WINDIR%\CRMSvc.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\CRMSvc] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\CRMSvc.exe' = '%WINDIR%\CRMSvc.exe:*:Enabled:CRMSvc'
- '%WINDIR%\CRMSvc.exe' --install
- '<SYSTEM32>\sc.exe' failure "CRMSvc" reset= 2 actions= restart/10000
- '%WINDIR%\CRMSvc.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%WINDIR%\CRMSvc.exe" CRMSvc ENABLE
- '<SYSTEM32>\cmd.exe' /C netsh firewall delete allowedprogram "%WINDIR%\CRMSvc.exe"
- '<SYSTEM32>\netsh.exe' firewall delete allowedprogram "%WINDIR%\CRMSvc.exe"
- '<SYSTEM32>\cmd.exe' /C netsh firewall add allowedprogram "%WINDIR%\CRMSvc.exe" CRMSvc ENABLE
- %WINDIR%\CRMSvc.InstallState
- %WINDIR%\CRMSvc.InstallLog
- %WINDIR%\CRMSvc.exe
- %WINDIR%\CRMSvc.InstallState
- %WINDIR%\CRMSvc.InstallLog
- '5.#.16.230':2247
- '17#.#.118.173':2247
- 'wp#d':80
- '17#.9.8.183':2247
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK wp#d