Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '<SYSTEM32>\DllStart.dll'
- <SYSTEM32>\ctfmon.exe
- 'go###.#imsanggil.com':80
- http://go###.#imsanggil.com/v1/_filedn_V1H01.html
- DNS ASK go###.#imsanggil.com