Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe,"\498060\repair.exe"'
- <SYSTEM32>\svchost.exe
- C:\498060\repair.exe
- C:\ca8a0d0991a62659a91ec3172b614dd4c142e7a9
- C:\ca8a0d0991a62659a91ec3172b614dd4c142e7a9
- from <Full path to file> to %TEMP%\5674
- 'do##.porche.ml':6543
- DNS ASK do##.porche.ml