Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'VCL' = 'vcl32.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'VCL' = 'vcl32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{40563F1B-8B9A-11D5-EBA1-F78EEEEEE983}] 'StubPath' = 'msdbc32.exe'
- [<HKLM>\Software\Classes\exefile\shell\open\command] '' = '<SYSTEM32>\concp32.exe "%1" %*'
- <SYSTEM32>\explorer.exe
- <SYSTEM32>\vcl32.exe
- <SYSTEM32>\msdbc32.exe
- <SYSTEM32>\concp32.exe
- %WINDIR%\svchost.exe
- '%WINDIR%\svchost.exe'
- '%WINDIR%\svchost.exe' ' (with hidden window)