Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Kaval' = '%TEMP%\Gaarangl9\Tularemi8.exe'
- ieinstal.exe
- %TEMP%\gaarangl9\tularemi8.exe
- '79.##4.225.103':39561
- http://35.##3.126.66/WEALTHNETS_UUamewtG103.bin
- '%ProgramFiles(x86)%\internet explorer\ieinstal.exe'