Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'lignendes' = '%HOMEPATH%\Usersponseret9\Gesimsens3.exe'
- ieinstal.exe
- %HOMEPATH%\usersponseret9\gesimsens3.exe
- http://sp###togo.com/HG/HB_encrypted_6D9D940.bin
- DNS ASK sp###togo.com
- '%ProgramFiles(x86)%\internet explorer\ieinstal.exe'