Техническая информация
Для обеспечения автозапуска и распространения
Модифицирует следующие ключи реестра
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'MWREGICBC.exe' = '"%ProgramFiles(x86)%\ICBCEbankTools\MingWah\MWREGICBC.exe"'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'MWREGICBC_NEW.exe' = '"%ProgramFiles(x86)%\ICBCEbankTools\MingWah\MWICBCUKeyToolU.exe" /RunMode AutoRun'
Создает или изменяет следующие файлы
- %WINDIR%\tasks\icbcmwautoruntask.job
- <SYSTEM32>\tasks\icbcmwautoruntask
Вредоносные функции
Изменяет следующие настройки браузера Windows Internet Explorer
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '2201' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1405' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '120B' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1004' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1001' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1208' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] '1200' = '00000000'
Изменения в файловой системе
Создает следующие файлы
- %TEMP%\midwarev2package_a80b0da5\combinefile.combine
- %ProgramFiles(x86)%\icbcebanktools\mingwah\0000347b00007440.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\000034b000001406.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\000034e1000009d0.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\000036140000747f.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\000036de00001fa0.esf
- %WINDIR%\syswow64\0000374700005f2d.esf
- %WINDIR%\syswow64\0000397500006ac6.esf
- %WINDIR%\syswow64\000039a900000a8d.esf
- %WINDIR%\syswow64\00003a74000035ae.esf
- %WINDIR%\syswow64\00003b7200000096.esf
- %WINDIR%\syswow64\00003c7100004b7d.esf
- <SYSTEM32>\00003c7100004b7d.esf
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_id.ini
- <SYSTEM32>\00003da40000362c.esf
- <SYSTEM32>\00003ed7000020da.esf
- <SYSTEM32>\000040070000618c.esf
- %WINDIR%\downloaded program files\000040070000618c.esf
- %WINDIR%\downloaded program files\0000483100005890.esf
- %WINDIR%\downloaded program files\000071fb00002293.esf
- %WINDIR%\downloaded program files\00007a5600000f61.esf
- %ProgramFiles(x86)%\icbcebanktools\icbcebankplugin\0000008200007096.esf
- %ProgramFiles(x86)%\icbcebanktools\icbcebankplugin\000000b300006660.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\uninstall.exe
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\client-end software of icbc internet banking\mw&wdc\ukey managertool(mw&wdc).lnk
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\client-end software of icbc internet banking\mw&wdc\uninstall.lnk
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\client-end software of icbc internet banking\mw&wdc\guide to usb-shield.lnk
- %ProgramFiles(x86)%\icbcebanktools\mingwah\0000341600005eaf.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\0000344a00007e76.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\000033e200003ee9.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\000033b10000491f.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\0000337d00002958.esf
- %TEMP%\midwarev2package_a80b0da5\logo.png
- %TEMP%\midwarev2package_a80b0da5\logo.ico
- %TEMP%\midwarev2package_a80b0da5\splash.bmp
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_common.ini
- %TEMP%\midwarev2package_a80b0da5\uninstall.exe
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_cn.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_tc.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_en.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_ru.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_fr.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_jp.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_kr.ini
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\client-end software of icbc internet banking\mw&wdc\icbc internet banking.lnk
- <SYSTEM32>\00003ea300000113.esf
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_ar.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_th.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_de.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_kz.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_nl.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\addin(x64)\osproxy64.exe
- %TEMP%\4d26572043535020666f722049434243205635.bin
- %TEMP%\midwarev2package_a80b0da5\packagefiles\reg\0000327e00005e70.esf
- %TEMP%\midwarev2package_a80b0da5\packagefiles\certtoreg\0000327e00005e70.esf
- %TEMP%\midwarev2package_a80b0da5\packagefiles\certtoreg\000032b200007e37.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\000032e300007401.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\00003317000013c7.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\0000334c0000338e.esf
- %TEMP%\midwarev2package_a80b0da5\installconfig.xml
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_pl.ini
- C:\users\public\desktop\icbc internet banking.lnk
Удаляет следующие файлы
- %WINDIR%\syswow64\0000374700005f2d.esf
- %TEMP%\midwarev2package_a80b0da5\packagefiles\reg\x86_64.reg
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_th.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_tc.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_ru.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_pl.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_nl.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_kz.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_kr.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_jp.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_id.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_fr.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_en.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_de.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_common.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_cn.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\installconfig_ar.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\certtoreg\icbc_root.cer
- %TEMP%\midwarev2package_a80b0da5\packagefiles\certtoreg\icbc_person_root.cer
- %TEMP%\midwarev2package_a80b0da5\packagefiles\addin(x64)\osproxy64.exe
- %TEMP%\midwarev2package_a80b0da5\logo.png
- %TEMP%\midwarev2package_a80b0da5\logo.ico
- %TEMP%\midwarev2package_a80b0da5\installconfig.xml
- %TEMP%\midwarev2package_a80b0da5\combinefile.combine
- %TEMP%\midwarev2package_a80b0da5\splash.bmp
- %TEMP%\midwarev2package_a80b0da5\uninstall.exe
Перемещает следующие файлы
- %TEMP%\midwarev2package_a80b0da5\packagefiles\reg\0000327e00005e70.esf в %TEMP%\midwarev2package_a80b0da5\packagefiles\reg\x86_64.reg
- %ProgramFiles(x86)%\icbcebanktools\mingwah\0000341600005eaf.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\netbankmidwarev2cfg_ru.ini
- %ProgramFiles(x86)%\icbcebanktools\mingwah\0000341600005eaf.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\netbankmidwarev2cfg_fr.ini
- %ProgramFiles(x86)%\icbcebanktools\mingwah\0000344a00007e76.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\netbankmidwarev2cfg_jp.ini
- %ProgramFiles(x86)%\icbcebanktools\mingwah\0000344a00007e76.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\netbankmidwarev2cfg_kr.ini
- %ProgramFiles(x86)%\icbcebanktools\mingwah\0000344a00007e76.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\netbankmidwarev2cfg_ar.ini
- %ProgramFiles(x86)%\icbcebanktools\mingwah\0000347b00007440.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\netbankmidwarev2cfg_id.ini
- %ProgramFiles(x86)%\icbcebanktools\mingwah\0000347b00007440.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\netbankmidwarev2cfg_pl.ini
- %ProgramFiles(x86)%\icbcebanktools\mingwah\0000347b00007440.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\netbankmidwarev2cfg_th.ini
- %ProgramFiles(x86)%\icbcebanktools\mingwah\000034b000001406.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\netbankmidwarev2cfg_de.ini
- %ProgramFiles(x86)%\icbcebanktools\mingwah\000034b000001406.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\netbankmidwarev2cfg_kz.ini
- %ProgramFiles(x86)%\icbcebanktools\mingwah\000034b000001406.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\netbankmidwarev2cfg_nl.ini
- %ProgramFiles(x86)%\icbcebanktools\mingwah\000034b000001406.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\mwregicbc.exe
- %ProgramFiles(x86)%\icbcebanktools\mingwah\000034e1000009d0.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\mwicbcukeyui.exe
- %ProgramFiles(x86)%\icbcebanktools\mingwah\000036140000747f.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\mwicbcukeytoolu.exe
- %ProgramFiles(x86)%\icbcebanktools\mingwah\000036de00001fa0.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\icbc user manual_sc.chm
- %WINDIR%\syswow64\0000397500006ac6.esf в %WINDIR%\syswow64\midwarev2config_icbc.bin
- %WINDIR%\syswow64\000039a900000a8d.esf в %WINDIR%\syswow64\icbcpkcs11_v1.dll
- %ProgramFiles(x86)%\icbcebanktools\icbcebankplugin\0000008200007096.esf в %ProgramFiles(x86)%\icbcebanktools\icbcebankplugin\icbc_chrome_mw_nativehost.exe
- %WINDIR%\downloaded program files\00007a5600000f61.esf в %WINDIR%\downloaded program files\icbcgm_mwusbkey.dll
- %WINDIR%\downloaded program files\000071fb00002293.esf в %WINDIR%\downloaded program files\icbc_mwusbkey.dll
- %WINDIR%\downloaded program files\0000483100005890.esf в %WINDIR%\downloaded program files\icbcgm_mwusbkey_64.dll
- %WINDIR%\downloaded program files\000040070000618c.esf в %WINDIR%\downloaded program files\icbc_mwusbkey_64.dll
- <SYSTEM32>\000040070000618c.esf в <SYSTEM32>\icbcpkcs11_v1.sig
- <SYSTEM32>\00003ea300000113.esf в <SYSTEM32>\icbccsps.dll
- <SYSTEM32>\00003ed7000020da.esf в <SYSTEM32>\esminica.dll
- <SYSTEM32>\00003da40000362c.esf в <SYSTEM32>\icbcpkcs11_v1.bin
- <SYSTEM32>\00003c7100004b7d.esf в <SYSTEM32>\icbcpkcs11_v1.dll
- %WINDIR%\syswow64\00003c7100004b7d.esf в %WINDIR%\syswow64\icbcpkcs11_v1.sig
- %WINDIR%\syswow64\00003b7200000096.esf в %WINDIR%\syswow64\esminica.dll
- %WINDIR%\syswow64\00003a74000035ae.esf в %WINDIR%\syswow64\icbccsps.dll
- %WINDIR%\syswow64\00003a74000035ae.esf в %WINDIR%\syswow64\icbcpkcs11_v1.bin
- %ProgramFiles(x86)%\icbcebanktools\icbcebankplugin\000000b300006660.esf в %ProgramFiles(x86)%\icbcebanktools\icbcebankplugin\icbc.chrome.mw.plugin-win.json
- %ProgramFiles(x86)%\icbcebanktools\mingwah\0000341600005eaf.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\netbankmidwarev2cfg_cn.ini
- %ProgramFiles(x86)%\icbcebanktools\mingwah\0000341600005eaf.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\netbankmidwarev2cfg_en.ini
- %ProgramFiles(x86)%\icbcebanktools\mingwah\0000341600005eaf.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\netbankmidwarev2cfg_tc.ini
- %TEMP%\midwarev2package_a80b0da5\packagefiles\reg\0000327e00005e70.esf в %TEMP%\midwarev2package_a80b0da5\packagefiles\reg\x86.reg
- %TEMP%\midwarev2package_a80b0da5\packagefiles\reg\0000327e00005e70.esf в %TEMP%\midwarev2package_a80b0da5\packagefiles\reg\x64.reg
- %TEMP%\midwarev2package_a80b0da5\packagefiles\certtoreg\0000327e00005e70.esf в %TEMP%\midwarev2package_a80b0da5\packagefiles\certtoreg\icbc_root.cer
- %TEMP%\midwarev2package_a80b0da5\packagefiles\certtoreg\000032b200007e37.esf в %TEMP%\midwarev2package_a80b0da5\packagefiles\certtoreg\icbc_person_root.cer
- %TEMP%\midwarev2package_a80b0da5\packagefiles\certtoreg\000032b200007e37.esf в %TEMP%\midwarev2package_a80b0da5\packagefiles\certtoreg\icbc_person_ca.cer
- %TEMP%\midwarev2package_a80b0da5\packagefiles\certtoreg\000032b200007e37.esf в %TEMP%\midwarev2package_a80b0da5\packagefiles\certtoreg\icbc_corpor_root.cer
- %TEMP%\midwarev2package_a80b0da5\packagefiles\certtoreg\000032b200007e37.esf в %TEMP%\midwarev2package_a80b0da5\packagefiles\certtoreg\icbc_corpor_ca.cer
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\000032e300007401.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\warning.ico
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\000032e300007401.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\usbkey_confirm.png
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\00003317000013c7.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\shift_normal.bmp
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\00003317000013c7.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\shift_hover.bmp
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\00003317000013c7.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\shift_down.bmp
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\00003317000013c7.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\managertool.ico
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\00003317000013c7.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\mail.ico
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\00003317000013c7.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\logomantool.png
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\0000334c0000338e.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\logoprocess.png
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\0000334c0000338e.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\logo.png
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\000033e200003ee9.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\caps_hover.bmp
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\000033e200003ee9.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\caps_normal.bmp
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\000033e200003ee9.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\cert.ico
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\000033e200003ee9.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\close.ico
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\000033b10000491f.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\error.ico
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\000033b10000491f.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\information.ico
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\000033b10000491f.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\keyboard.bmp
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\000033b10000491f.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\key.ico
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\000033b10000491f.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\keyboard.ico
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\0000337d00002958.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\key_down.bmp
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\0000337d00002958.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\key_hover.bmp
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\0000337d00002958.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\key_normal.bmp
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\0000334c0000338e.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\lock.ico
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\0000334c0000338e.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\logo.bmp
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\000033e200003ee9.esf в %ProgramFiles(x86)%\icbcebanktools\mingwah\res\caps_down.bmp
- %ProgramFiles(x86)%\icbcebanktools\icbcebankplugin\000000b300006660.esf в %ProgramFiles(x86)%\icbcebanktools\icbcebankplugin\icbc_mw_usbkey_newchrome.crx
Подменяет следующие файлы
- %TEMP%\midwarev2package_a80b0da5\packagefiles\reg\0000327e00005e70.esf
- %TEMP%\midwarev2package_a80b0da5\packagefiles\certtoreg\000032b200007e37.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\000032e300007401.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\00003317000013c7.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\0000334c0000338e.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\0000337d00002958.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\000033b10000491f.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\res\000033e200003ee9.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\0000341600005eaf.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\0000344a00007e76.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\0000347b00007440.esf
- %ProgramFiles(x86)%\icbcebanktools\mingwah\000034b000001406.esf
- %WINDIR%\syswow64\00003a74000035ae.esf
- %ProgramFiles(x86)%\icbcebanktools\icbcebankplugin\000000b300006660.esf
Другое
Добавляет корневой сертификат
Создает и запускает на исполнение
- '%ProgramFiles(x86)%\icbcebanktools\mingwah\mwicbcukeytoolu.exe' /RunMode AutoRun
- '%ProgramFiles(x86)%\icbcebanktools\mingwah\mwicbcukeyui.exe' /SessionName 49434243_Session1_Admin
- '<SYSTEM32>\regsvr32.exe' /s "%WINDIR%\Downloaded Program Files\icbc_mwusbkey_64.dll"' (со скрытым окном)
- '<SYSTEM32>\regsvr32.exe' /s "%WINDIR%\Downloaded Program Files\icbcgm_MWusbkey_64.dll"' (со скрытым окном)
- '%WINDIR%\syswow64\regsvr32.exe' /s "%WINDIR%\Downloaded Program Files\icbc_mwusbkey.dll"' (со скрытым окном)
- '%WINDIR%\syswow64\regsvr32.exe' /s "%WINDIR%\Downloaded Program Files\icbcgm_MWusbkey.dll"' (со скрытым окном)
- '%ProgramFiles(x86)%\icbcebanktools\mingwah\mwicbcukeytoolu.exe' /RunMode AutoRun' (со скрытым окном)
Запускает на исполнение
- '<SYSTEM32>\regsvr32.exe' /s "%WINDIR%\Downloaded Program Files\icbc_mwusbkey_64.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%WINDIR%\Downloaded Program Files\icbcgm_MWusbkey_64.dll"
- '%WINDIR%\syswow64\regsvr32.exe' /s "%WINDIR%\Downloaded Program Files\icbc_mwusbkey.dll"
- '%WINDIR%\syswow64\regsvr32.exe' /s "%WINDIR%\Downloaded Program Files\icbcgm_MWusbkey.dll"
- '<SYSTEM32>\taskeng.exe' {C6C1E741-940F-48A0-A195-D98BA6AF1694} S-1-5-21-1960123792-2022915161-3775307078-1001:zfngcimuxs\user:Interactive:[1]
