Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'tobeqcu' = 'regsvr32.exe /s "%LOCALAPPDATA%\VirtualStore\tobeqcu.dll"'
- thunderbird.exe
- %LOCALAPPDATA%\virtualstore\tobeqcu.dll
- '17#.#14.248.145':80
- '%ProgramFiles(x86)%\mozilla thunderbird\thunderbird.exe'