Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,"C:\{$3157-3295-4598-8131$}\svchost.exe"'
- hidden files
- System Restore (SR)
- 'C:\{$3157-3295-4598-8131$}\svchost.exe'
- C:\{$3157-3295-4598-8131$}\svchost.exe
- <Full path to file>
- C:\{$3157-3295-4598-8131$}\svchost.exe
- from <Full path to file> to %TEMP%\4238
- 'le##an.pw':11
- DNS ASK le##an.pw