Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] 'Vvks' = '%LOCALAPPDATA%\Vvks\Vvks.hta'
- %WINDIR%\explorer.exe
- <SYSTEM32>\cmmon32.exe
- iexplore.exe
- firefox.exe
- explorer.exe
- iexplore.exe process, wininet.dll module
- <SYSTEM32>\autochk.exe
- %LOCALAPPDATA%\vvks\vvksest.exe
- %LOCALAPPDATA%\vvks\vvks.hta
- 'drive.google.com':443
- 'do#########ocs.googleusercontent.com':443
- DNS ASK microsoft.com
- DNS ASK drive.google.com
- DNS ASK do#########ocs.googleusercontent.com
- '<SYSTEM32>\cmmon32.exe'
- '<SYSTEM32>\cmd.exe' del "<Full path to file>"