Trojan.DownLoader22.61246

Техническая информация

Для обеспечения автозапуска и распространения:

Модифицирует следующие ключи реестра:

[<HKLM>\SOFTWARE\Classes\PALHA\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'
[<HKLM>\SOFTWARE\Classes\PARAR\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'
[<HKLM>\SOFTWARE\Classes\PAJAR\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'
[<HKLM>\SOFTWARE\Classes\PAENC\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'
[<HKLM>\SOFTWARE\Classes\PAGZIP\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'
[<HKLM>\SOFTWARE\Classes\PATAR\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'
[<HKLM>\SOFTWARE\Classes\PAPBS\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\PABACKUP.EXE" "%1"'
[<HKLM>\SOFTWARE\Classes\PAPSF\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'
[<HKLM>\SOFTWARE\Classes\PACRY\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'
[<HKLM>\SOFTWARE\Classes\PAZOO\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'
[<HKLM>\SOFTWARE\Classes\PAISO\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'
[<HKLM>\SOFTWARE\Classes\PACAB\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'
[<HKLM>\SOFTWARE\Classes\PASZIP\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'
[<HKLM>\SOFTWARE\Classes\PAZIP\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'
[<HKLM>\SOFTWARE\Classes\PowerArchiver\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'PowerArchiver Tray' = '%ProgramFiles%\PowerArchiver\PASTARTER.EXE'
[<HKLM>\SOFTWARE\Classes\PABurnerOpen\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\PABURNTOOLS.EXE"'
[<HKLM>\SOFTWARE\Classes\PAZIPX\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'
[<HKLM>\SOFTWARE\Classes\PABH\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'
[<HKLM>\SOFTWARE\Classes\PABZIP2\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'
[<HKLM>\SOFTWARE\Classes\PAARJ\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'
[<HKLM>\SOFTWARE\Classes\PAACE\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'
[<HKLM>\SOFTWARE\Classes\PAARC\Shell\Open\command] '' = '"%ProgramFiles%\PowerArchiver\POWERARC.EXE" "%1"'

Вредоносные функции:

Запускает на исполнение:

'%ProgramFiles%\PowerArchiver\PASTARTER.EXE'
'%ProgramFiles%\PowerArchiver\_PAUTIL.EXE' RU /associate
'<SYSTEM32>\msiexec.exe' /Y "<SYSTEM32>\WBOCX.OCX"
'<SYSTEM32>\reg.exe' add "HKCU\Software\PowerArchiverInt\General" /v "Regnumber" /d "010564-21C40C-006D11-3A8790-3E805D-A54BCD-655941" /f
'<SYSTEM32>\reg.exe' add "HKCU\Software\PowerArchiverInt\General" /v "Regname" /d "VDOWN 2009" /f
'%ProgramFiles%\PowerArchiver\_PAUTIL.EXE' RU
'<SYSTEM32>\msiexec.exe' /i "PowerArchiver_2010_11.61.06.msi" /qb
'<SYSTEM32>\cmd.exe' /c %TEMP%\~1.bat "%TEMP%\7ZipSfx.000\install.exe"
'%TEMP%\7ZipSfx.000\install.exe'
'%WINDIR%\Installer\MSI4.tmp' /killpastarter
'<SYSTEM32>\msiexec.exe' -Embedding A5D047C127B738A0D9DB29A1A7C78581
'<SYSTEM32>\msiexec.exe' /V

Изменения в файловой системе:

Создает следующие файлы:

%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_Toolbar.VerticalSep.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_TaskBar.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_ToolBarBackground.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_UpDown.Horz.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_Toolbars.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_Tabs.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_Scrollbar.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_ReBar.Grip.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_StatusBarEdges.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_Tabs.Border.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_SunkEdge.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\RollUp.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\roll.wav
%ProgramFiles%\PowerArchiver\SKINS\MyPA\ScrollArrows.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\ScrollBarGripperVertDot.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\ScrollBarGripperHorzDot.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\Rebar.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_VertScroll.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_UpDown.Vert.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_VertScrollThumb.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\Radio.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\Progressbar.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_Progress.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_Button.CheckBox.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_Button.Radio.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_ComboButton.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_Buttons.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA ShellStyle.xps
%ProgramFiles%\PowerArchiver\SKINS\MyPA\menuextras.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\menubutton.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MenuFrame.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\Minimize.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MenuItem.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_MenuBar.Background.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_MenuBackground.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_MenuBar.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_MenuItem.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_MenuItem.Extras.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_HorzScrollThumb.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_GroupBox.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_ExtraImages.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_GroupBoxEdge.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_HorzScroll.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\MyPA.uis_HeaderBar.WB4
%ProgramFiles%\PowerArchiver\SKINS\MyPA\Separater.bmp
%ProgramFiles%\PowerArchiver\SFXS\PASZIPSFX.DAT
%ProgramFiles%\PowerArchiver\SFXS\PAPAESFX.DAT
%ProgramFiles%\PowerArchiver\SFXS\PAZIPSFX.DAT
%ProgramFiles%\PowerArchiver\pabackup.exe
%ProgramFiles%\PowerArchiver\_PAUTIL.EXE
%ProgramFiles%\PowerArchiver\SFXS\PACABSFX.DAT
%ProgramFiles%\PowerArchiver\STARBURN.DLL
%ProgramFiles%\PowerArchiver\PABURNTOOLS.EXE
%ProgramFiles%\PowerArchiver\WBHELP2.DLL
%ProgramFiles%\PowerArchiver\WnASPI32.dll
%ProgramFiles%\PowerArchiver\WBOCX.OCX
%WINDIR%\Installer\2752a.msi
%ALLUSERSPROFILE%\Desktop\PowerArchiver.lnk
%WINDIR%\Installer\{D775E16B-2FD6-4039-A3C9-883F33C4B9DC}\POWERARC.exe
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\fifo.log
%TEMP%\~DF8CC4.tmp
%ALLUSERSPROFILE%\Start Menu\PowerArchiver.lnk
%ProgramFiles%\PowerArchiver\ICONS\PAZIPX100.ICO
%ProgramFiles%\PowerArchiver\PAUNRAR3.DLL
%ProgramFiles%\PowerArchiver\PACLIB.DLL
%ALLUSERSPROFILE%\Start Menu\Programs\PowerArchiver\PowerArchiver.lnk
%ProgramFiles%\PowerArchiver\PABURNER116.DLL
%ProgramFiles%\PowerArchiver\Languages\PABURNER_RU.PLF
%ProgramFiles%\PowerArchiver\SKINS\MyPA\trans.wav
%ProgramFiles%\PowerArchiver\SKINS\MyPA\toolbuttons.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\Trans.bmp
%ProgramFiles%\PowerArchiver\UPDATE.INI
%ProgramFiles%\PowerArchiver\SKINS\MyPA\VScrollShaft.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\tool_bg.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\spinner.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\settings.ini
%ProgramFiles%\PowerArchiver\SKINS\MyPA\Status.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\tabs.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\TabPanel.bmp
%ProgramFiles%\PowerArchiver\SFXS\pacabsfx_RU.dat
%ProgramFiles%\PowerArchiver\Languages\PASTARTER_RU.PLF
%ProgramFiles%\PowerArchiver\SFXS\paszipsfx_RU.dat
%ProgramFiles%\PowerArchiver\SFXS\PAPAESFX_RU.DAT
%ProgramFiles%\PowerArchiver\SFXS\pazipsfx_RU.dat
%ProgramFiles%\PowerArchiver\Languages\PASHELL_RU.PLF
%ProgramFiles%\PowerArchiver\POWERARC_RU.CHM
%ProgramFiles%\PowerArchiver\LICENSE_RU.TXT
%ProgramFiles%\PowerArchiver\README_RU.TXT
%ProgramFiles%\PowerArchiver\Languages\PAMAIN_RU.PLF
%ProgramFiles%\PowerArchiver\WHATSNEW_RU.TXT
%ProgramFiles%\PowerArchiver\SKINS\MyPA\Menu.bmp
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING1.MAP
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING.VER
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\MAPPING2.MAP
%WINDIR%\Installer\MSI4.tmp
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.DATA
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.MAP
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\$WinMgmt.CFG
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\domain.txt
%WINDIR%\Installer\27528.ipi
%TEMP%\~DF2EDE.tmp
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\INDEX.BTR
%ProgramFiles%\PowerArchiver\LIBBZ2.DLL
%ProgramFiles%\PowerArchiver\ICONS\PA100.ico
%ProgramFiles%\PowerArchiver\PAISO.DLL
%ProgramFiles%\PowerArchiver\PASTARTER.EXE
%ProgramFiles%\PowerArchiver\PASHLEXT.DLL
%ProgramFiles%\PowerArchiver\ICONS\INSTALL.ICO
%WINDIR%\Installer\MSI5.tmp
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\Repository\FS\OBJECTS.MAP
C:\Config.Msi\27529.rbs
%ProgramFiles%\PowerArchiver\CABINET.DLL
%ProgramFiles%\PowerArchiver\7Z.DLL
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\ComDb.Dat
%APPDATA%\Microsoft\CryptnetUrlCache\Content\0797C381B2F87EB5A1D5573BD15BA4F4
%APPDATA%\Microsoft\CryptnetUrlCache\MetaData\0797C381B2F87EB5A1D5573BD15BA4F4
%WINDIR%\Installer\MSI2.tmp
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
%WINDIR%\Installer\MSI3.tmp
%APPDATA%\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
%TEMP%\7ZipSfx.000\install.exe
%TEMP%\7ZipSfx.000\PowerArchiver_2010_11.61.06.msi
%TEMP%\~1.bat
%APPDATA%\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
%WINDIR%\Installer\27526.msi
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SECURITY
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_.DEFAULT
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SOFTWARE
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SAM
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_MACHINE_SYSTEM
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-2052111302-484763869-725345543-1003
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2052111302-484763869-725345543-1003
C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP16\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
%ProgramFiles%\PowerArchiver\POWERARC.EXE
%ProgramFiles%\PowerArchiver\SKINS\MyPA\ComboBox.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\Close.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\ComboButton.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\dialog_bg.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\ComboButtonGlyph.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\CheckBox.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\!Credits.txt
%ProgramFiles%\PowerArchiver\SKINS\MyPA\VScrollThumb.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\arrowglyph-lr.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\Buttons.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\arrowglyph-ud.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\Header.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\groupbox-top.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\HScrollShaft.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\Maximize.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\HScrollThumb.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\Groupbox.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\FrameBottom.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\explorer_bg.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\FrameLeft.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\FrameTop.bmp
%ProgramFiles%\PowerArchiver\SKINS\MyPA\FrameRight.bmp
%ProgramFiles%\PowerArchiver\ICONS\PAZOO100.ICO
%ProgramFiles%\PowerArchiver\ICONS\PAARC100.ICO
%ProgramFiles%\PowerArchiver\ICONS\PAACE100.ICO
%ProgramFiles%\PowerArchiver\ICONS\PAARJ100.ICO
%ProgramFiles%\PowerArchiver\ICONS\PABZIP100.ICO
%ProgramFiles%\PowerArchiver\ICONS\PABH100.ICO
%ProgramFiles%\PowerArchiver\ICONS\PA7Z100.ICO
%ProgramFiles%\PowerArchiver\UNACEV2.DLL
%ProgramFiles%\PowerArchiver\TUTOR1.ZIP
<SYSTEM32>\WBHELP2.DLL
%ProgramFiles%\PowerArchiver\ZIPNEW.DAT
<SYSTEM32>\WBOCX.OCX
%ProgramFiles%\PowerArchiver\ICONS\PAPSF100.ICO
%ProgramFiles%\PowerArchiver\ICONS\PAPBS100.ICO
%ProgramFiles%\PowerArchiver\ICONS\PARAR100.ICO
%ProgramFiles%\PowerArchiver\ICONS\PAZIP100.ICO
%ProgramFiles%\PowerArchiver\ICONS\PATAR100.ICO
%ProgramFiles%\PowerArchiver\ICONS\PAPAE100.ICO
%ProgramFiles%\PowerArchiver\ICONS\PAGZIP100.ICO
%ProgramFiles%\PowerArchiver\ICONS\PACAB100.ICO
%ProgramFiles%\PowerArchiver\ICONS\PAISO100.ICO
%ProgramFiles%\PowerArchiver\ICONS\PALHA100.ICO
%ProgramFiles%\PowerArchiver\ICONS\PAJAR100.ICO

Присваивает атрибут 'скрытый' для следующих файлов:

%TEMP%\~1.bat

Удаляет следующие файлы:

C:\Config.Msi\27529.rbs
%WINDIR%\Installer\27526.msi
%WINDIR%\Installer\27528.ipi
%WINDIR%\Installer\MSI5.tmp
%WINDIR%\Installer\MSI2.tmp
%WINDIR%\Installer\MSI3.tmp
%WINDIR%\Installer\MSI4.tmp

Сетевая активность:

Подключается к:

'cs#######-2-crl.verisign.com':80
'crl.verisign.com':80
'wp#d':80

TCP:

Запросы HTTP GET:

http://cs#######-2-crl.verisign.com/CSC3-2009-2.crl
http://crl.verisign.com/pca3.crl
http://11#.#11.111.1/wpad.dat via wp#d

UDP:

DNS ASK cs#######-2-crl.verisign.com
DNS ASK crl.verisign.com
DNS ASK wp#d

Другое:

Ищет следующие окна:

ClassName: 'Shell_TrayWnd' WindowName: ''

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней