Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ckxyefmb' = 'regsvr32.exe /s "%LOCALAPPDATA%\Thunderbird\Ckxyefmb.dll"'
- crashreporter.exe
- %LOCALAPPDATA%\thunderbird\ckxyefmb.dll
- '10#.#06.180.132':80
- http://20#.#44.69.24/en-us/cUJIX0BdIEQYSUhHOx5dQklEXUNISF0=
- '%ProgramFiles(x86)%\mozilla firefox\crashreporter.exe'