Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '1' = '"<Full path to file>"'
- <SYSTEM32>\vds.exe
- %WINDIR%\logs\windowsbackup\wbadmin.0.etl
- D:\readme-warning.txt
- '<SYSTEM32>\cmd.exe' ' (with hidden window)
- '<SYSTEM32>\cmd.exe'
- '<SYSTEM32>\vssvc.exe'
- '<SYSTEM32>\svchost.exe' -k swprv
- '<SYSTEM32>\wbadmin.exe' delete catalog -quiet
- '<SYSTEM32>\wbengine.exe'
- '<SYSTEM32>\vds.exe'