Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'favn' = '%HOMEPATH%\unsuitab\Canth.vbs'
- canth.exe
- %HOMEPATH%\unsuitab\canth.exe
- %HOMEPATH%\unsuitab\canth.vbs
- 'drive.google.com':443
- DNS ASK drive.google.com
- '%HOMEPATH%\unsuitab\canth.exe'