Win32.HLLW.Autoruner2.18895

Техническая информация

Для обеспечения автозапуска и распространения:

Модифицирует следующие ключи реестра:

[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ctfmon' = '%ALLUSERSPROFILE%\Application Data\services.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'krnl32 dllhost' = '<DRIVERS>\dllhost.exe'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '<DRIVERS>\svchost.exe'

Создает следующие файлы на съемном носителе:

<Имя диска съемного носителя>:\Autorun.exe
<Имя диска съемного носителя>:\Autorun.inf

Вредоносные функции:

Для затруднения выявления своего присутствия в системе

блокирует отображение:

скрытых файлов

блокирует запуск следующих системных утилит:

Диспетчера задач (Taskmgr)
Редактора реестра (RegEdit)

Создает и запускает на исполнение:

'<DRIVERS>\dllhost.exe' /pid=5716
'<DRIVERS>\svchost.exe' /pid=5668
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=5772
'<DRIVERS>\dllhost.exe' /pid=5732
'<DRIVERS>\svchost.exe' /pid=5592
'<DRIVERS>\dllhost.exe' /pid=5556
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=5636
'<DRIVERS>\dllhost.exe' /pid=5616
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=5856
'<DRIVERS>\dllhost.exe' /pid=6052
'<DRIVERS>\svchost.exe' /pid=5992
'<DRIVERS>\svchost.exe' /pid=3856
'<DRIVERS>\svchost.exe' /pid=6068
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=5868
'<DRIVERS>\svchost.exe' /pid=5872
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=6036
'<DRIVERS>\dllhost.exe' /pid=5948
'<DRIVERS>\svchost.exe' /pid=5532
'<DRIVERS>\svchost.exe' /pid=5096
'<DRIVERS>\dllhost.exe' /pid=5020
'<DRIVERS>\svchost.exe' /pid=5212
'<DRIVERS>\svchost.exe' /pid=5092
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=4948
'<DRIVERS>\dllhost.exe' /pid=4984
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=5068
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=5060
'<DRIVERS>\svchost.exe' /pid=5244
'<DRIVERS>\dllhost.exe' /pid=5412
'<DRIVERS>\svchost.exe' /pid=5380
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=5516
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=5468
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=5268
'<DRIVERS>\dllhost.exe' /pid=5220
'<DRIVERS>\svchost.exe' /pid=5356
'<DRIVERS>\dllhost.exe' /pid=5324
'<DRIVERS>\dllhost.exe' /pid=6088
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=5964
'<DRIVERS>\svchost.exe' /pid=4004
'<DRIVERS>\dllhost.exe' /pid=3856
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=5220
'<DRIVERS>\dllhost.exe' /pid=5092
'<DRIVERS>\svchost.exe' /pid=5796
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=5304
'<DRIVERS>\svchost.exe' /pid=3704
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=4520
'<DRIVERS>\dllhost.exe' /pid=4332
'<DRIVERS>\dllhost.exe' /pid=5156
'<DRIVERS>\dllhost.exe' /pid=4780
'<DRIVERS>\svchost.exe' /pid=3068
'<DRIVERS>\svchost.exe' /pid=380
'<DRIVERS>\svchost.exe' /pid=4220
'<DRIVERS>\dllhost.exe' /pid=4244
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=5156
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=4164
'<DRIVERS>\svchost.exe' /pid=4244
'<DRIVERS>\svchost.exe' /pid=4452
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=4332
'<DRIVERS>\dllhost.exe' /pid=380
'<DRIVERS>\svchost.exe' /pid=2220
'<DRIVERS>\svchost.exe' /pid=3352
'<DRIVERS>\dllhost.exe' /pid=3224
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=4540
'<DRIVERS>\svchost.exe' /pid=4892
'<DRIVERS>\svchost.exe' /pid=4880
'<DRIVERS>\dllhost.exe' /pid=5080
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=4984
'<DRIVERS>\dllhost.exe' /pid=4620
'<DRIVERS>\svchost.exe' /pid=4588
'<DRIVERS>\dllhost.exe' /pid=4740
'<DRIVERS>\svchost.exe' /pid=4692
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=5908
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=5900
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=5948
'<DRIVERS>\svchost.exe' /pid=5932
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=2736
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=2708
'<DRIVERS>\dllhost.exe' /pid=5872
'<DRIVERS>\svchost.exe' /pid=2648
'<DRIVERS>\svchost.exe' /pid=5940
'<DRIVERS>\dllhost.exe' /pid=6068
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=6092
'<DRIVERS>\dllhost.exe' /pid=6116
'<DRIVERS>\svchost.exe' /pid=6084
'<DRIVERS>\svchost.exe' /pid=5988
'<DRIVERS>\dllhost.exe' /pid=5964
'<DRIVERS>\svchost.exe' /pid=6036
'<DRIVERS>\svchost.exe' /pid=6020
'<DRIVERS>\svchost.exe' /pid=268
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=2880
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=2828
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=3868
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=3352
'<DRIVERS>\dllhost.exe'
'<DRIVERS>\svchost.exe'
'<DRIVERS>\svchost.exe' /pid=2672
'%ALLUSERSPROFILE%\Application Data\services.exe'
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=3856
'<DRIVERS>\dllhost.exe' /pid=1496
'<DRIVERS>\svchost.exe' /pid=2556
'<DRIVERS>\svchost.exe' /pid=1792
'<DRIVERS>\dllhost.exe' /pid=1488
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=3928
'<DRIVERS>\dllhost.exe' /pid=3952
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=2492
'<DRIVERS>\svchost.exe' /pid=4008
'<DRIVERS>\dllhost.exe' /pid=4588
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=4556
'<DRIVERS>\svchost.exe' /pid=4628
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=4620
'<DRIVERS>\dllhost.exe' /pid=4452
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=4392
'<DRIVERS>\dllhost.exe' /pid=4540
'<DRIVERS>\svchost.exe' /pid=4500
'<DRIVERS>\dllhost.exe' /pid=4692
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=4836
'<DRIVERS>\dllhost.exe' /pid=4864
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=4892
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=4900
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=4740
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=4748
'<DRIVERS>\svchost.exe' /pid=4780
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=4772
'<DRIVERS>\svchost.exe' /pid=4328
'<DRIVERS>\dllhost.exe' /pid=4004
'<DRIVERS>\svchost.exe' /pid=3976
'<DRIVERS>\svchost.exe' /pid=1592
'<DRIVERS>\dllhost.exe' /pid=2216
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=3776
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=6140
'<DRIVERS>\svchost.exe' /pid=3928
'<DRIVERS>\dllhost.exe' /pid=3832
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=2556
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=4244
'<DRIVERS>\dllhost.exe' /pid=3508
'<DRIVERS>\svchost.exe' /pid=4300
'<DRIVERS>\dllhost.exe' /pid=4316
'<DRIVERS>\svchost.exe' /pid=2708
'<DRIVERS>\dllhost.exe' /pid=1792
'<DRIVERS>\svchost.exe' /pid=3004
'%ALLUSERSPROFILE%\Application Data\services.exe' /pid=2868

Изменяет следующие настройки проводника Windows (Windows Explorer):

[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoDrives' = '00000004'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoControlPanel' = '00000001'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoFolderOptions' = '00000001'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoStartMenuMorePrograms' = '00000001'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoClose' = '00000001'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoFind' = '00000001'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoRun' = '00000001'

Изменения в файловой системе:

Создает следующие файлы:

<DRIVERS>\dllhost.exe
%ALLUSERSPROFILE%\Application Data\services.exe
C:\Autorun.exe
C:\Autorun.inf
<DRIVERS>\svchost.exe

Присваивает атрибут 'скрытый' для следующих файлов:

%ALLUSERSPROFILE%\Application Data\services.exe
C:\Autorun.exe
<Имя диска съемного носителя>:\Autorun.exe
<DRIVERS>\dllhost.exe
C:\Autorun.inf
<Имя диска съемного носителя>:\Autorun.inf
<DRIVERS>\svchost.exe

Удаляет следующие файлы:

%TEMP%\~DF49E3.tmp
%TEMP%\~DF644C.tmp
%TEMP%\~DF6319.tmp
%TEMP%\~DF4F88.tmp
%TEMP%\~DF2A9A.tmp
%TEMP%\~DF31BA.tmp
%TEMP%\~DF416B.tmp
%TEMP%\~DF6978.tmp
%TEMP%\~DFA980.tmp
%TEMP%\~DFB6A7.tmp
%TEMP%\~DFADA3.tmp
%TEMP%\~DF99AD.tmp
%TEMP%\~DF7522.tmp
%TEMP%\~DF82D7.tmp
%TEMP%\~DF91A4.tmp
%TEMP%\~DFBDDA.tmp
%TEMP%\~DFC698.tmp
%TEMP%\~DFC95D.tmp
%TEMP%\~DFAD1D.tmp
%TEMP%\~DF8EB2.tmp
%TEMP%\~DF9BF9.tmp
%TEMP%\~DFA72C.tmp
%TEMP%\~DFD481.tmp
%TEMP%\~DFFEF.tmp
%TEMP%\~DF10B9.tmp
%TEMP%\~DF1ECA.tmp
%TEMP%\~DFF4D2.tmp
%TEMP%\~DFE2A8.tmp
%TEMP%\~DFEF39.tmp
%TEMP%\~DFFC77.tmp
%TEMP%\~DFCA9D.tmp
%TEMP%\~DF85BB.tmp
%TEMP%\~DF9476.tmp
%TEMP%\~DF9413.tmp
%TEMP%\~DF7E04.tmp
%TEMP%\~DF608C.tmp
%TEMP%\~DF6DB7.tmp
%TEMP%\~DF6E91.tmp
%TEMP%\~DFAB40.tmp
%TEMP%\~DFCFF4.tmp
%TEMP%\~DFDE28.tmp
%TEMP%\~DFE7C9.tmp
%TEMP%\~DFC3BB.tmp
%TEMP%\~DFA98C.tmp
%TEMP%\~DFBDA5.tmp
%TEMP%\~DFC8A3.tmp
%TEMP%\~DFFC10.tmp
%TEMP%\~DF4A0.tmp
%TEMP%\~DF646.tmp
%TEMP%\~DFEB1D.tmp
%TEMP%\~DFC1BF.tmp
%TEMP%\~DFD86F.tmp
%TEMP%\~DFCF6E.tmp
%TEMP%\~DF928.tmp
%TEMP%\~DF4036.tmp
%TEMP%\~DF4EF3.tmp
%TEMP%\~DF58C1.tmp
%TEMP%\~DF3920.tmp
%TEMP%\~DF1A5D.tmp
%TEMP%\~DF2046.tmp
%TEMP%\~DF2B4F.tmp
%TEMP%\~DF84B4.tmp
%TEMP%\~DFDC5D.tmp
%TEMP%\~DFE47A.tmp
%TEMP%\~DFF4EA.tmp
%TEMP%\~DFD179.tmp
%TEMP%\~DFB7AE.tmp
%TEMP%\~DFC1CE.tmp
%TEMP%\~DFC912.tmp
%TEMP%\~DF4D8.tmp
%TEMP%\~DF2EAE.tmp
%TEMP%\~DF38BF.tmp
%TEMP%\~DF4162.tmp
%TEMP%\~DF2071.tmp
%TEMP%\~DFFF58.tmp
%TEMP%\~DF1459.tmp
%TEMP%\~DF17BB.tmp
%TEMP%\~DF444F.tmp
%TEMP%\~DF4E2B.tmp
%TEMP%\~DF5A47.tmp
%TEMP%\~DF4374.tmp
%TEMP%\~DF210C.tmp
%TEMP%\~DF2B5D.tmp
%TEMP%\~DF3AA9.tmp
%TEMP%\~DF6249.tmp
%TEMP%\~DF99F7.tmp
%TEMP%\~DF9F9F.tmp
%TEMP%\~DFAD19.tmp
%TEMP%\~DF911E.tmp
%TEMP%\~DF68B2.tmp
%TEMP%\~DF768E.tmp
%TEMP%\~DF80CD.tmp
%TEMP%\~DF4F53.tmp
%TEMP%\~DF15FE.tmp
%TEMP%\~DF17C5.tmp
%TEMP%\~DF24BE.tmp
%TEMP%\~DFBF2.tmp
%TEMP%\~DFEBE1.tmp
%TEMP%\~DFFC09.tmp
%TEMP%\~DFFDF6.tmp
%TEMP%\~DF2FD5.tmp
%TEMP%\~DF6E3B.tmp
%TEMP%\~DF6A38.tmp
%TEMP%\~DF76F9.tmp
%TEMP%\~DF59C6.tmp
%TEMP%\~DF3FCC.tmp
%TEMP%\~DF47CF.tmp
%TEMP%\~DF554F.tmp
%TEMP%\~DF7D82.tmp
%TEMP%\~DF8C84.tmp
%TEMP%\~DF94DD.tmp
%TEMP%\~DF76C9.tmp
%TEMP%\~DF5662.tmp
%TEMP%\~DF61A3.tmp
%TEMP%\~DF61F0.tmp
%TEMP%\~DF9A30.tmp
%TEMP%\~DFCF7A.tmp
%TEMP%\~DFD9D1.tmp
%TEMP%\~DFEDB6.tmp
%TEMP%\~DFC5A0.tmp
%TEMP%\~DFA59B.tmp
%TEMP%\~DFB143.tmp
%TEMP%\~DFB467.tmp
%TEMP%\~DFF5.tmp
%TEMP%\~DFDE4.tmp
%TEMP%\~DF1A18.tmp
%TEMP%\~DFFCB1.tmp
%TEMP%\~DFE499.tmp
%TEMP%\~DFEB9B.tmp
%TEMP%\~DFEA79.tmp
%TEMP%\~DF1206.tmp
%TEMP%\~DF5656.tmp
%TEMP%\~DF5B73.tmp
%TEMP%\~DF658F.tmp
%TEMP%\~DF4864.tmp
%TEMP%\~DF2609.tmp
%TEMP%\~DF32CA.tmp
%TEMP%\~DF4376.tmp
%TEMP%\~DF64E5.tmp
%TEMP%\~DF7438.tmp
%TEMP%\~DF8629.tmp
%TEMP%\~DF60E1.tmp
%TEMP%\~DF4589.tmp
%TEMP%\~DF54C8.tmp
%TEMP%\~DF488F.tmp
%TEMP%\~DF8713.tmp
%TEMP%\~DFBB5F.tmp
%TEMP%\~DFC78E.tmp
%TEMP%\~DFD435.tmp
%TEMP%\~DFB358.tmp
%TEMP%\~DF92FA.tmp
%TEMP%\~DFA13A.tmp
%TEMP%\~DFA4FE.tmp
%TEMP%\~DF6B0B.tmp
%TEMP%\~DF38EC.tmp
%TEMP%\~DF4295.tmp
%TEMP%\~DF5680.tmp
%TEMP%\~DF264D.tmp
%TEMP%\~DFE21.tmp
%TEMP%\~DF1ADA.tmp
%TEMP%\~DF29F2.tmp
%TEMP%\~DF5F12.tmp
%TEMP%\~DF83A4.tmp
%TEMP%\~DF9314.tmp
%TEMP%\~DF9E9D.tmp
%TEMP%\~DF8555.tmp
%TEMP%\~DF6B59.tmp
%TEMP%\~DF7969.tmp
%TEMP%\~DF7007.tmp
%TEMP%\~DFA240.tmp
%TEMP%\~DFACDD.tmp
%TEMP%\~DFB33F.tmp
%TEMP%\~DF9903.tmp
%TEMP%\~DF6F87.tmp
%TEMP%\~DF7E7F.tmp
%TEMP%\~DF87F0.tmp
%TEMP%\~DFC3A9.tmp
%TEMP%\~DFFCD7.tmp
%TEMP%\~DFF8C2.tmp
%TEMP%\~DFDAE.tmp
%TEMP%\~DFE4B8.tmp
%TEMP%\~DFC481.tmp
%TEMP%\~DFC6D5.tmp
%TEMP%\~DFDB3E.tmp
%TEMP%\~DF39F1.tmp
%TEMP%\~DFB325.tmp
%TEMP%\~DFC707.tmp
%TEMP%\~DFC143.tmp
%TEMP%\~DFA5D4.tmp
%TEMP%\~DF8E8B.tmp
%TEMP%\~DF908C.tmp
%TEMP%\~DFA114.tmp
%TEMP%\~DFD458.tmp
%TEMP%\~DF76B.tmp
%TEMP%\~DFFBAC.tmp
%TEMP%\~DF1821.tmp
%TEMP%\~DFFBD3.tmp
%TEMP%\~DFDF63.tmp
%TEMP%\~DFD7EC.tmp
%TEMP%\~DFEAC6.tmp
%TEMP%\~DF200E.tmp
%TEMP%\~DF212C.tmp
%TEMP%\~DF317A.tmp
%TEMP%\~DF161A.tmp
%TEMP%\~DFF9E1.tmp
%TEMP%\~DF7B0.tmp
%TEMP%\~DF7E4.tmp
%TEMP%\~DF37E3.tmp
%TEMP%\~DF7293.tmp
%TEMP%\~DF78B5.tmp
%TEMP%\~DF7C3E.tmp
%TEMP%\~DF638C.tmp
%TEMP%\~DF41EC.tmp
%TEMP%\~DF4FD8.tmp
%TEMP%\~DF5E86.tmp
%TEMP%\~DF1B5D.tmp
%TEMP%\~DFDB11.tmp
%TEMP%\~DFD94C.tmp
%TEMP%\~DFE8F7.tmp
%TEMP%\~DFC802.tmp
%TEMP%\~DFB8F1.tmp
%TEMP%\~DFB794.tmp
%TEMP%\~DFC42C.tmp
%TEMP%\~DFF0A1.tmp
%TEMP%\~DF1C93.tmp
%TEMP%\~DF2864.tmp
%TEMP%\~DF2ABF.tmp
%TEMP%\~DF13AC.tmp
%TEMP%\~DFF87D.tmp
%TEMP%\~DFE2.tmp
%TEMP%\~DF895.tmp
%TEMP%\~DF58C0.tmp
%TEMP%\~DF5851.tmp
%TEMP%\~DF68E6.tmp
%TEMP%\~DF4561.tmp
%TEMP%\~DF274A.tmp
%TEMP%\~DF2D4E.tmp
%TEMP%\~DF3B48.tmp
%TEMP%\~DF6F8C.tmp
%TEMP%\~DF9922.tmp
%TEMP%\~DFA074.tmp
%TEMP%\~DFAFF0.tmp
%TEMP%\~DF93F5.tmp
%TEMP%\~DF7DD0.tmp
%TEMP%\~DF7EDA.tmp
%TEMP%\~DF8C8B.tmp
%TEMP%\~DFB8B3.tmp
%TEMP%\~DFC1C3.tmp
%TEMP%\~DFCE00.tmp
%TEMP%\~DFADF6.tmp
%TEMP%\~DF9B12.tmp
%TEMP%\~DFA313.tmp
%TEMP%\~DFAED9.tmp
%TEMP%\~DFDB10.tmp
%TEMP%\~DF659.tmp
%TEMP%\~DF15C4.tmp
%TEMP%\~DF1C33.tmp
%TEMP%\~DF441.tmp
%TEMP%\~DFEB6D.tmp
%TEMP%\~DFE7A5.tmp
%TEMP%\~DFF9FA.tmp
%TEMP%\~DF2FF0.tmp
%TEMP%\~DF2C53.tmp
%TEMP%\~DF458B.tmp
%TEMP%\~DF3131.tmp
%TEMP%\~DF29.tmp
%TEMP%\~DFB79.tmp
%TEMP%\~DF16F7.tmp
%TEMP%\~DF45C7.tmp
%TEMP%\~DF796B.tmp
%TEMP%\~DF86A8.tmp
%TEMP%\~DF8D12.tmp
%TEMP%\~DF6E22.tmp
%TEMP%\~DF540E.tmp
%TEMP%\~DF6251.tmp
%TEMP%\~DF5C3E.tmp
%TEMP%\~DF2C6F.tmp
%TEMP%\~DFE70D.tmp
%TEMP%\~DFFC17.tmp
%TEMP%\~DFFE.tmp
%TEMP%\~DFF2BF.tmp
%TEMP%\~DFC75D.tmp
%TEMP%\~DFD619.tmp
%TEMP%\~DFDEE6.tmp
%TEMP%\~DFA9D.tmp
%TEMP%\~DF448A.tmp
%TEMP%\~DF5643.tmp
%TEMP%\~DF52F6.tmp
%TEMP%\~DF3D4A.tmp
%TEMP%\~DF1721.tmp
%TEMP%\~DF2A70.tmp
%TEMP%\~DF2CC3.tmp
%TEMP%\~DF5D57.tmp
%TEMP%\~DF6AD5.tmp
%TEMP%\~DF6A4C.tmp
%TEMP%\~DF5138.tmp
%TEMP%\~DF360D.tmp
%TEMP%\~DF3D31.tmp
%TEMP%\~DF4B14.tmp
%TEMP%\~DF7DF4.tmp
%TEMP%\~DFAB1C.tmp
%TEMP%\~DFB67E.tmp
%TEMP%\~DFC563.tmp
%TEMP%\~DF9F6F.tmp
%TEMP%\~DF80E3.tmp
%TEMP%\~DF8E96.tmp
%TEMP%\~DF930B.tmp
%TEMP%\~DFF211.tmp
%TEMP%\~DF5551.tmp
%TEMP%\~DF55FB.tmp
%TEMP%\~DF509D.tmp
%TEMP%\~DF3945.tmp
%TEMP%\~DF20DC.tmp
%TEMP%\~DF38EA.tmp
%TEMP%\~DF3810.tmp
%TEMP%\~DF6A25.tmp
%TEMP%\~DF9B55.tmp
%TEMP%\~DFAB8D.tmp
%TEMP%\~DFAAD1.tmp
%TEMP%\~DF94C1.tmp
%TEMP%\~DF6A15.tmp
%TEMP%\~DF7FD5.tmp
%TEMP%\~DF90CD.tmp
%TEMP%\~DFB639.tmp
%TEMP%\~DFB247.tmp
%TEMP%\~DFC7AD.tmp
%TEMP%\~DFB479.tmp
%TEMP%\~DF8F53.tmp
%TEMP%\~DF9FCC.tmp
%TEMP%\~DFA489.tmp
%TEMP%\~DFD21A.tmp
%TEMP%\~DF236.tmp
%TEMP%\~DF73D.tmp
%TEMP%\~DF152E.tmp
%TEMP%\~DFF3C4.tmp
%TEMP%\~DFDD49.tmp
%TEMP%\~DFF294.tmp
%TEMP%\~DFEF9A.tmp
%TEMP%\~DFBC7D.tmp
%TEMP%\~DF8EEF.tmp
%TEMP%\~DF97FB.tmp
%TEMP%\~DFA020.tmp
%TEMP%\~DF811F.tmp
%TEMP%\~DF6792.tmp
%TEMP%\~DF6D41.tmp
%TEMP%\~DF7BEB.tmp
%TEMP%\~DFAC54.tmp
%TEMP%\~DFE1C1.tmp
%TEMP%\~DFE09E.tmp
%TEMP%\~DFF1E1.tmp
%TEMP%\~DFDABB.tmp
%TEMP%\~DFB798.tmp
%TEMP%\~DFC593.tmp
%TEMP%\~DFCA77.tmp
%TEMP%\~DF49.tmp
%TEMP%\~DFFB61.tmp
%TEMP%\~DFFFC.tmp
%TEMP%\~DFF720.tmp
%TEMP%\~DFBCBA.tmp
%TEMP%\~DFC7B5.tmp
%TEMP%\~DFEB11.tmp
%TEMP%\~DFE8A.tmp
%TEMP%\~DF476B.tmp
%TEMP%\~DF5626.tmp
%TEMP%\~DF5E99.tmp
%TEMP%\~DF39A6.tmp
%TEMP%\~DF1FA4.tmp
%TEMP%\~DF195D.tmp
%TEMP%\~DF28FF.tmp
%TEMP%\~DF8242.tmp
%TEMP%\~DF8D38.tmp
%TEMP%\~DF964C.tmp
%TEMP%\~DF771D.tmp
%TEMP%\~DF5EB6.tmp
%TEMP%\~DF6F3E.tmp
%TEMP%\~DF68C3.tmp
%TEMP%\~DFA6E4.tmp
%TEMP%\~DFD64D.tmp
%TEMP%\~DFD35A.tmp
%TEMP%\~DFDCC7.tmp
%TEMP%\~DFCA93.tmp
%TEMP%\~DFB0DE.tmp
%TEMP%\~DFB88D.tmp
%TEMP%\~DFC71D.tmp
%TEMP%\~DFFCEF.tmp
%TEMP%\~DFF8FD.tmp
%TEMP%\~DF1084.tmp
%TEMP%\~DFDB81.tmp
%TEMP%\~DFC9F5.tmp
%TEMP%\~DFBEF7.tmp
%TEMP%\~DFCE9B.tmp
%TEMP%\~DF1230.tmp
%TEMP%\~DF3A51.tmp
%TEMP%\~DF4BC9.tmp
%TEMP%\~DF5397.tmp
%TEMP%\~DF3064.tmp
%TEMP%\~DF1264.tmp
%TEMP%\~DF1D45.tmp
%TEMP%\~DF256C.tmp
%TEMP%\~DFE962.tmp
%TEMP%\~DFACFF.tmp
%TEMP%\~DFBDAE.tmp
%TEMP%\~DFCC15.tmp
%TEMP%\~DFB161.tmp
%TEMP%\~DF93A1.tmp
%TEMP%\~DF9D2B.tmp
%TEMP%\~DF9E00.tmp
%TEMP%\~DFE248.tmp
%TEMP%\~DFB7.tmp
%TEMP%\~DF9E7.tmp
%TEMP%\~DF11C8.tmp
%TEMP%\~DFF75A.tmp
%TEMP%\~DFE12C.tmp
%TEMP%\~DFE59E.tmp
%TEMP%\~DFFB6C.tmp
%TEMP%\~DF1BA7.tmp
%TEMP%\~DF318F.tmp
%TEMP%\~DF344B.tmp
%TEMP%\~DF19A3.tmp
%TEMP%\~DFFE85.tmp
%TEMP%\~DF5E7.tmp
%TEMP%\~DF1D2E.tmp
%TEMP%\~DF35A9.tmp
%TEMP%\~DF6D19.tmp
%TEMP%\~DF7B4B.tmp
%TEMP%\~DF8352.tmp
%TEMP%\~DF6EC0.tmp
%TEMP%\~DF441A.tmp
%TEMP%\~DF58E9.tmp
%TEMP%\~DF645B.tmp
%TEMP%\~DFB49E.tmp
%TEMP%\~DF1CFB.tmp
%TEMP%\~DF2653.tmp
%TEMP%\~DF2EE1.tmp
%TEMP%\~DF1BD7.tmp
%TEMP%\~DFF7BF.tmp
%TEMP%\~DF795.tmp
%TEMP%\~DF103C.tmp
%TEMP%\~DF36E3.tmp
%TEMP%\~DF73E5.tmp
%TEMP%\~DF768B.tmp
%TEMP%\~DF87BD.tmp
%TEMP%\~DF6787.tmp
%TEMP%\~DF422E.tmp
%TEMP%\~DF4DF2.tmp
%TEMP%\~DF5BC8.tmp
%TEMP%\~DF8E2A.tmp
%TEMP%\~DF994E.tmp
%TEMP%\~DF9DD3.tmp
%TEMP%\~DF8164.tmp
%TEMP%\~DF6167.tmp
%TEMP%\~DF6C26.tmp
%TEMP%\~DF7669.tmp
%TEMP%\~DFAF2C.tmp
%TEMP%\~DFDD0D.tmp
%TEMP%\~DFDA84.tmp
%TEMP%\~DFEB1A.tmp
%TEMP%\~DFD1AF.tmp
%TEMP%\~DFB37D.tmp
%TEMP%\~DFC007.tmp
%TEMP%\~DFC754.tmp
%TEMP%\~DF88A9.tmp
%TEMP%\~DF3FE6.tmp
%TEMP%\~DF51D1.tmp
%TEMP%\~DF584F.tmp
%TEMP%\~DF4260.tmp
%TEMP%\~DF25A8.tmp
%TEMP%\~DF3062.tmp
%TEMP%\~DF3C89.tmp
%TEMP%\~DF6704.tmp
%TEMP%\~DF98C3.tmp
%TEMP%\~DFA48F.tmp
%TEMP%\~DFAFA9.tmp
%TEMP%\~DF8D43.tmp
%TEMP%\~DF6DD6.tmp
%TEMP%\~DF7819.tmp
%TEMP%\~DF8517.tmp
%TEMP%\~DFB61B.tmp
%TEMP%\~DFC94E.tmp
%TEMP%\~DFCC18.tmp
%TEMP%\~DFA9DF.tmp
%TEMP%\~DF97A6.tmp
%TEMP%\~DF9C94.tmp
%TEMP%\~DFA1DE.tmp
%TEMP%\~DFDBFD.tmp
%TEMP%\~DFF791.tmp
%TEMP%\~DF8BB.tmp
%TEMP%\~DF1BD9.tmp
%TEMP%\~DFFFA8.tmp
%TEMP%\~DFDD69.tmp
%TEMP%\~DFF010.tmp
%TEMP%\~DFEB3C.tmp

Другое:

Ищет следующие окна:

ClassName: '' WindowName: 'Command Prompt'
ClassName: '' WindowName: 'System Configuration Utility'

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация