Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '%WINDIR%\ctfmin.exe' = '%WINDIR%\ctfmin.exe'
- [<HKLM>\SOFTWARE\Classes\exefile\shell\open\command] '' = '%WINDIR%\ctfmin.exe %1'
- %WINDIR%\ctfmin.exe
- <SYSTEM32>\shutdown.exe -r -t 5 -c 恭喜发财
- %WINDIR%\ctfmin.exe
- %TEMP%\~DF2564.tmp
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''