Win32.Expiro.47

Technical Information

To ensure autorun and distribution:

Creates the following services:

[<HKLM>\SYSTEM\ControlSet001\Services\NetDDE] 'Start' = '00000002'
[<HKLM>\SYSTEM\ControlSet001\Services\MSIServer] 'Start' = '00000002'
[<HKLM>\SYSTEM\ControlSet001\Services\mnmsrvc] 'Start' = '00000002'
[<HKLM>\SYSTEM\ControlSet001\Services\RDSessMgr] 'Start' = '00000002'
[<HKLM>\SYSTEM\ControlSet001\Services\WmiApSrv] 'Start' = '00000002'
[<HKLM>\SYSTEM\ControlSet001\Services\VSS] 'Start' = '00000002'
[<HKLM>\SYSTEM\ControlSet001\Services\TlntSvr] 'Start' = '00000002'
[<HKLM>\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32] 'Start' = '00000002'
[<HKLM>\SYSTEM\ControlSet001\Services\ClipSrv] 'Start' = '00000002'
[<HKLM>\SYSTEM\ControlSet001\Services\CiSvc] 'Start' = '00000002'
[<HKLM>\SYSTEM\ControlSet001\Services\clr_optimization_v4.0.30319_32] 'Start' = '00000002'
[<HKLM>\SYSTEM\ControlSet001\Services\ImapiService] 'Start' = '00000002'
[<HKLM>\SYSTEM\ControlSet001\Services\idsvc] 'Start' = '00000002'
[<HKLM>\SYSTEM\ControlSet001\Services\dmadmin] 'Start' = '00000002'

Infects the following executable system files:

<SYSTEM32>\sndrec32.exe
<SYSTEM32>\mstsc.exe
<SYSTEM32>\sndvol32.exe
<SYSTEM32>\ntbackup.exe
<SYSTEM32>\mspaint.exe
<SYSTEM32>\cmd.exe
<SYSTEM32>\utilman.exe
<SYSTEM32>\mobsync.exe
<SYSTEM32>\calc.exe
<SYSTEM32>\accwiz.exe
<SYSTEM32>\charmap.exe
<SYSTEM32>\winmine.exe
<SYSTEM32>\mshearts.exe
<SYSTEM32>\sol.exe
<SYSTEM32>\wupdmgr.exe
<SYSTEM32>\spider.exe
<SYSTEM32>\usmt\migwiz.exe
<SYSTEM32>\cleanmgr.exe
<SYSTEM32>\Restore\rstrui.exe
<SYSTEM32>\freecell.exe
<SYSTEM32>\odbcad32.exe
<SYSTEM32>\osk.exe
%WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
<SYSTEM32>\dmadmin.exe
<SYSTEM32>\imapi.exe
<SYSTEM32>\msiexec.exe
<SYSTEM32>\mnmsrvc.exe
<SYSTEM32>\cisvc.exe
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
<SYSTEM32>\clipsrv.exe
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
<SYSTEM32>\netdde.exe
<SYSTEM32>\wbem\wmiapsrv.exe
<SYSTEM32>\vssvc.exe
<SYSTEM32>\magnify.exe
<SYSTEM32>\narrator.exe
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
<SYSTEM32>\locator.exe
<SYSTEM32>\sessmgr.exe
<SYSTEM32>\scardsvr.exe
<SYSTEM32>\tlntsvr.exe
<SYSTEM32>\smlogsvc.exe

Malicious functions:

Executes the following:

%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {15383564-32F8-414B-8B46-A6A047BDEAA1} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {236DB335-BF42-4D91-AA7D-D0E3E53C2092} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {0EE97BFE-B119-4774-9196-A962FE4687C1} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {4FD62B67-CDD0-4B58-B922-3672EC21389B} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {9222CF85-D4E0-4F9F-A0DC-5C852272C33F} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {EA1462B6-A9C7-45DA-A6CE-54AB006079FA} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {A5BCC341-4413-4326-BC40-47786BDE74AC} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {643B8E8B-9D1E-4ED7-A75B-7CD824CDFC01} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {1A26B205-143F-4219-842D-62E95A931A54} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {ABABD775-D9C4-4586-AFEB-5EE97A98917B} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {3B28CEFC-D4A3-4477-BDF5-B31604360D78} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {44A0B0A1-D250-4246-8D3D-C97D4239B04F} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {FD46B850-E91E-495E-8E64-2B16CEADA25F} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {381903FA-E4F1-4AFB-8608-F68A1F7E79BA} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {FF0BC57D-E7FF-4C95-A10C-4E2FE30C8C90} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {8BC45C5C-66DA-43BD-901B-2CA775842E2B} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
<SYSTEM32>\msiexec.exe /V
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {C57C035C-43FB-4B6A-9195-CD4526059345} -Comment "NGen Worker Process"
<SYSTEM32>\dmadmin.exe /com
<SYSTEM32>\cisvc.exe
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {1998EA33-B10D-4236-AE33-07B954E0D8C1} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {910954BB-F0D9-4783-880F-25D6E1110180} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {A1048806-0988-44BB-826E-1CEFC1872AFD} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {8262AFD4-4752-4778-AA80-13EF7F9E4550} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {2820185D-38FE-455F-A8A8-0045F8701F8A} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {47598A99-B6F6-442B-8C45-1F624F292657} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {F725D795-C9BE-4DA8-9475-C99F79871F64} -Comment "NGen Worker Process"
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -UseCLSID {10FC267D-CCFC-48F1-A1DF-D3E0C02393CD} -Comment "NGen Worker Process"

Modifies settings of Windows Internet Explorer:

[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1406' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '1609' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '2103' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '2103' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '2103' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1406' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1609' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1406' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] '2103' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] '1406' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] '1609' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1609' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1609' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '2103' = '00000000'
[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] '1406' = '00000000'

Modifies file system :

Creates the following files:

<SYSTEM32>\odbcad32.vir
<SYSTEM32>\freecell.vir
<SYSTEM32>\Restore\rstrui.vir
%PROGRAM_FILES%\Windows NT\Accessories\wordpad.vir
<SYSTEM32>\mshearts.vir
<SYSTEM32>\spider.vir
%PROGRAM_FILES%\MSN\MSNCoreFiles\Install\msnsusii.vir
<SYSTEM32>\winmine.vir
<SYSTEM32>\sol.vir
%CommonProgramFiles%\Microsoft Shared\MSInfo\msinfo32.vir
<SYSTEM32>\sndrec32.vir
<SYSTEM32>\sndvol32.vir
<SYSTEM32>\calc.vir
<SYSTEM32>\mstsc.vir
<SYSTEM32>\mspaint.vir
<SYSTEM32>\cleanmgr.vir
<SYSTEM32>\usmt\migwiz.vir
<SYSTEM32>\ntbackup.vir
<SYSTEM32>\charmap.vir
%WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\cbc-0\CustomMarshalers.dll
%CommonProgramFiles%\Microsoft Shared\Speech\sapisvr.vir
%CommonProgramFiles%\Microsoft Shared\DW\DW20.vir
%CommonProgramFiles%\Microsoft Shared\DW\DWTRIG20.vir
%WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\d28-0\Microsoft.Build.Conversion.v4.0.dll
%WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\e0c-0\System.Runtime.Serialization.Formatters.Soap.dll
%WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\e38-0\System.Deployment.dll
%WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\dc4-0\Microsoft.Build.Tasks.v4.0.dll
%WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\de8-0\Microsoft.Build.Utilities.v4.0.dll
%WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\c74-0\WsatConfig.exe
%WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\b44-0\MSBuild.exe
%WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\b68-0\Microsoft.Build.Framework.dll
%PROGRAM_FILES%\Movie Maker\moviemk.vir
<SYSTEM32>\wupdmgr.vir
%WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\b8c-0\System.Xaml.dll
%WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\bdc-0\Microsoft.Build.Engine.dll
%WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\c28-0\SMSvcHost.exe
C:\Far2\Far.vir
%WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\bb0-0\Microsoft.Build.dll
<SYSTEM32>\mnmsrvc.vir
<SYSTEM32>\msiexec.vir
%TEMP%\WERa40f.dir00\appcompat.txt
%TEMP%\WERa40f.dir00\manifest.txt
<SYSTEM32>\netdde.vir
<SYSTEM32>\scardsvr.vir
<SYSTEM32>\smlogsvc.vir
<SYSTEM32>\sessmgr.vir
<SYSTEM32>\locator.vir
%TEMP%\WERa40f.dir00\infocard.exe.hdmp
<SYSTEM32>\clipsrv.vir
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.vir
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.vir
<SYSTEM32>\cisvc.vir
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.vir
<SYSTEM32>\imapi.vir
%TEMP%\WERa40f.dir00\infocard.exe.mdmp
<SYSTEM32>\dmadmin.vir
%WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.vir
%PROGRAM_FILES%\Outlook Express\msimn.vir
<LS_APPDATA>\wsr26zt32.dll
%PROGRAM_FILES%\Windows Media Player\wmplayer.vir
<SYSTEM32>\mobsync.vir
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\chrome.manifest
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\components\red.js
<SYSTEM32>\accwiz.vir
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\install.rdf
%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\chrome\content.jar
<SYSTEM32>\cmd.vir
<SYSTEM32>\wbem\wmiapsrv.vir
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\WPF\wpffontcache_v0400.vir
<SYSTEM32>\tlntsvr.vir
<SYSTEM32>\vssvc.vir
<SYSTEM32>\magnify.vir
<SYSTEM32>\utilman.vir
%PROGRAM_FILES%\Outlook Express\wab.vir
<SYSTEM32>\narrator.vir
<SYSTEM32>\osk.vir

Deletes the following files:

<SYSTEM32>\usmt\migwiz.vir
<SYSTEM32>\cleanmgr.vir
<SYSTEM32>\charmap.vir
%CommonProgramFiles%\Microsoft Shared\MSInfo\msinfo32.vir
<SYSTEM32>\odbcad32.vir
%PROGRAM_FILES%\Windows NT\Accessories\wordpad.vir
<SYSTEM32>\Restore\rstrui.vir
<SYSTEM32>\mstsc.vir
<SYSTEM32>\calc.vir
<SYSTEM32>\accwiz.vir
<SYSTEM32>\sndrec32.vir
<SYSTEM32>\ntbackup.vir
<SYSTEM32>\mspaint.vir
<SYSTEM32>\sndvol32.vir
%WINDIR%\assembly\NativeImages_v4.0.30319_32\index1c.dat
%WINDIR%\assembly\NativeImages_v4.0.30319_32\index1b.dat
<SYSTEM32>\wupdmgr.vir
C:\Far2\Far.vir
%CommonProgramFiles%\Microsoft Shared\Speech\sapisvr.vir
%CommonProgramFiles%\Microsoft Shared\DW\DWTRIG20.vir
%CommonProgramFiles%\Microsoft Shared\DW\DW20.vir
<SYSTEM32>\winmine.vir
<SYSTEM32>\mshearts.vir
<SYSTEM32>\freecell.vir
<SYSTEM32>\sol.vir
%PROGRAM_FILES%\Movie Maker\moviemk.vir
%PROGRAM_FILES%\MSN\MSNCoreFiles\Install\msnsusii.vir
<SYSTEM32>\spider.vir
%PROGRAM_FILES%\Outlook Express\msimn.vir
<SYSTEM32>\msiexec.vir
<SYSTEM32>\mnmsrvc.vir
<SYSTEM32>\imapi.vir
<SYSTEM32>\netdde.vir
<SYSTEM32>\sessmgr.vir
<SYSTEM32>\locator.vir
<SYSTEM32>\wbem\Logs\wbemess.lo_
<SYSTEM32>\clipsrv.vir
<SYSTEM32>\cisvc.vir
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.vir
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.vir
%WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.vir
<SYSTEM32>\dmadmin.vir
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.vir
<SYSTEM32>\utilman.vir
<SYSTEM32>\osk.vir
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\WPF\wpffontcache_v0400.vir
%PROGRAM_FILES%\Outlook Express\wab.vir
<SYSTEM32>\mobsync.vir
%PROGRAM_FILES%\Windows Media Player\wmplayer.vir
<SYSTEM32>\cmd.vir
<SYSTEM32>\tlntsvr.vir
<SYSTEM32>\smlogsvc.vir
<SYSTEM32>\scardsvr.vir
<SYSTEM32>\vssvc.vir
<SYSTEM32>\narrator.vir
<SYSTEM32>\magnify.vir
<SYSTEM32>\wbem\wmiapsrv.vir

Moves the following files:

from %WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\dc4-0\Microsoft.Build.Tasks.v4.0.dll to %WINDIR%\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\8973265600edd2135ecf5e369a087dfb\Microsoft.Build.Tasks.v4.0.ni.dll
from %WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\d28-0\Microsoft.Build.Conversion.v4.0.dll to %WINDIR%\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\837fa037ca302e7432ea9913ae453e70\Microsoft.Build.Conversion.v4.0.ni.dll
from %WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\cbc-0\CustomMarshalers.dll to %WINDIR%\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\d2574c8ae333ff959be2e0d83121ad10\CustomMarshalers.ni.dll
from %WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\e38-0\System.Deployment.dll to %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Deployment\90fd7fc9fbf5f4eed9135996b515a38a\System.Deployment.ni.dll
from %WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\e0c-0\System.Runtime.Serialization.Formatters.Soap.dll to %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ff3383438d688a0118d0fa19ed1dc4\System.Runtime.Serialization.Formatters.Soap.ni.dll
from %WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\de8-0\Microsoft.Build.Utilities.v4.0.dll to %WINDIR%\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\b384b96460ad28697e8990e56b0234d8\Microsoft.Build.Utilities.v4.0.ni.dll
from %WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\c74-0\WsatConfig.exe to %WINDIR%\assembly\NativeImages_v4.0.30319_32\WsatConfig\3c0d21e75c9a48aba6fba3ddff0fcf39\WsatConfig.ni.exe
from %WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\b8c-0\System.Xaml.dll to %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
from %WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\b68-0\Microsoft.Build.Framework.dll to %WINDIR%\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\11ef4be6ee227fce3725d6df534297a4\Microsoft.Build.Framework.ni.dll
from %WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\b44-0\MSBuild.exe to %WINDIR%\assembly\NativeImages_v4.0.30319_32\MSBuild\aa25092606e5e9826db7a7bd0adb9b2b\MSBuild.ni.exe
from %WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\c28-0\SMSvcHost.exe to %WINDIR%\assembly\NativeImages_v4.0.30319_32\SMSvcHost\38f0d77629891e7808424103aaef0728\SMSvcHost.ni.exe
from %WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\bdc-0\Microsoft.Build.Engine.dll to %WINDIR%\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\7cfd4a64a95807ee7cb6ae50cfabd93c\Microsoft.Build.Engine.ni.dll
from %WINDIR%\assembly\NativeImages_v4.0.30319_32\Temp\bb0-0\Microsoft.Build.dll to %WINDIR%\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\3bfb841477d28ca866b91211f50199bb\Microsoft.Build.ni.dll

Miscellaneous:

Searches for the following windows:

ClassName: 'Shell_TrayWnd' WindowName: ''
ClassName: 'OutlookExpressHiddenWindow' WindowName: ''

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

Technical Information