Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run\] 'firefoxx' = '"%APPDATA%\firefoxx\firefoxx.exe"'
- %APPDATA%\firefoxx\firefoxx.exe
- %TEMP%\install.vbs
- %APPDATA%\firefoxx\firefoxx.exe
- http://al##iz.in/a/a.bin
- DNS ASK al##iz.in
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\install.vbs"
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\install.vbs"' (with hidden window)