Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] '{5D244A7C-74D3-44E3-B1AE-D6673CB1E53A}' = ''
- %WINDIR%\inf\tthook.dll
- <Current directory>\delself.bat
- '%WINDIR%\syswow64\cmd.exe' /c delself.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c delself.bat