Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Wscucq ygcsuays] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Wscucq ygcsuays] 'ImagePath' = '%ProgramFiles(x86)%\Microsoft Farujt\Oiwguiy.exe'
- 'Wscucq ygcsuays' %ProgramFiles(x86)%\Microsoft Farujt\Oiwguiy.exe
- Handler for all processes: %TEMP%\zeb30FE.tmp
- Handler for all processes: %WINDIR%\TEMP\fgb453A.tmp
- %TEMP%\zeb30fe.tmp
- %ProgramFiles(x86)%\microsoft farujt\oiwguiy.exe
- %WINDIR%\temp\fgb453a.tmp
- C:\1716.vbs
- %WINDIR%\temp\ohb498e.tmp
- %ProgramFiles(x86)%\microsoft farujt\oiwguiy.exe
- %WINDIR%\temp\ohb498e.tmp
- C:\1716.vbs
- '58####12.f3322.net':1155
- DNS ASK 58####12.f3322.net
- '%ProgramFiles(x86)%\microsoft farujt\oiwguiy.exe'
- '%WINDIR%\syswow64\wscript.exe' "C:\1716.vbs"
- '%WINDIR%\syswow64\wscript.exe' "C:\1716.vbs"' (with hidden window)