Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{86F4BDA2-C04B-4662-953A-9A47C1F10C5C}' = ''
- %WINDIR%\syswow64\windows.dll
- %TEMP%\exea006.tmp
- %WINDIR%\syswow64\windows.dll
- '%TEMP%\exea006.tmp' 132 <Full path to file>