Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'vlc' = '%APPDATA%\vlc\vlc.exe'
- %WINDIR%\syswow64\notepad.exe
- %APPDATA%\vlc\vlc.exe
- %APPDATA%\dtserv32.exe
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'vlc';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'vlc' -Value '"%AP...
- '%APPDATA%\dtserv32.exe'
- '%WINDIR%\syswow64\notepad.exe' ' (with hidden window)
- '%APPDATA%\dtserv32.exe' ' (with hidden window)
- '%WINDIR%\syswow64\notepad.exe'