Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'FFE2F425' = '%APPDATA%\FFE2F425\bin.exe'
- <SYSTEM32>\ctfmon.exe
- firefox.exe
- firefox.exe process, nss3.dll module
- %APPDATA%\ffe2f425\bin.exe
- 're####aoneveter.cc':80
- DNS ASK re####aoneveter.cc
- '<SYSTEM32>\winver.exe'