Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'frica' = '%TEMP%\Hypat\orismolog.exe'
- ieinstal.exe
- %TEMP%\hypat\orismolog.exe
- http://35.##3.126.66/WEALTHNETS_UUamewtG103.bin
- '%ProgramFiles(x86)%\internet explorer\ieinstal.exe'