Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'PdfUpgrade' = '%WINDIR%\pop.exe'
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN /v PdfUpgrade /d %WINDIR%\pop.exe
- '<SYSTEM32>\taskkill.exe' /im pop.exe /f
- %WINDIR%\pop.exe
- %TEMP%\~DF9EA4740F2BEAEE25.TMP
- ClassName: '' WindowName: ''