Technical Information
- [<HKLM>\Software\Classes\UYZVUCUIEOJAJFM\shell\open\command] '' = '%TEMP%\C8d2wj5KPdIqJ2L.exe'
- <Drive name for removable media>:\how to decrypt files.txt
- %TEMP%\regasm.exe
- %TEMP%\c8d2wj5kpdiqj2l.exe
- 'fa######eamz.herokuapp.com':80
- http://fa######eamz.herokuapp.com/912974/3.exe?ha#########
- DNS ASK fa######eamz.herokuapp.com
- '%TEMP%\regasm.exe'