Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'PdfUpgrade' = '%WINDIR%\pop.exe'
- '<SYSTEM32>\taskkill.exe' /im pop.exe /f
- %WINDIR%\aa.pdf
- %WINDIR%\pop.exe
- ClassName: '' WindowName: ''
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN /v PdfUpgrade /d %WINDIR%\pop.exe