Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Grouping Filtering AuthIP Access Brightness Tools] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Grouping Filtering AuthIP Access Brightness Tools] 'ImagePath' = 'C:\tcqcseyygki\ytjnoyb.exe'
- 'Grouping Filtering AuthIP Access Brightness Tools' C:\tcqcseyygki\ytjnoyb.exe
- %WINDIR%\tcqcseyygki\peoliqjebv
- C:\tcqcseyygki\peoliqjebv
- C:\tcqcseyygki\stofxamznozribiq8.exe
- C:\tcqcseyygki\ytjnoyb.exe
- C:\tcqcseyygki\dwarkdjn.exe
- C:\tcqcseyygki\czqtckrbuxkh
- C:\tcqcseyygki\ytjnoyb.exe
- C:\tcqcseyygki\dwarkdjn.exe
- %WINDIR%\tcqcseyygki\peoliqjebv
- C:\tcqcseyygki\stofxamznozribiq8.exe
- %WINDIR%\tcqcseyygki\peoliqjebv
- '18#.#55.161.27':20052
- '85.##.122.169':40540
- '18#.#55.19.91':30767
- '19#.#47.86.10':25432
- '37.##2.223.103':22969
- '86.##.69.232':41590
- '74.#5.64.25':22739
- 'C:\tcqcseyygki\stofxamznozribiq8.exe'
- 'C:\tcqcseyygki\ytjnoyb.exe'
- 'C:\tcqcseyygki\dwarkdjn.exe' "c:\tcqcseyygki\ytjnoyb.exe"