Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run\] 'firefoxx' = '"%APPDATA%\firefoxx\firefoxx.exe"'
- %APPDATA%\firefoxx\firefoxx.exe
- %TEMP%\install.vbs
- %APPDATA%\firefoxx\firefoxx.exe
- %TEMP%\install.vbs
- http://al##iz.in/a/a3.bin
- http://ra##ts.in/a/a3.bin
- DNS ASK al##iz.in
- DNS ASK ra##ts.in
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\install.vbs"
- '%APPDATA%\firefoxx\firefoxx.exe'
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\install.vbs"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "%APPDATA%\firefoxx\firefoxx.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "%APPDATA%\firefoxx\firefoxx.exe"