Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Ohsolgil' = '%PROGRAM_FILES%\Ohsolgil\Ohsolgil.exe'
- %PROGRAM_FILES%\Ohsolgil\Ohsolgil.exe /INS
- <SYSTEM32>\regsvr32.exe /s "browseui.dll"
- %PROGRAM_FILES%\Ohsolgil\uninstall.exe
- %TEMP%\RGI3.tmp
- %TEMP%\nss2.tmp\KillProcDLL.dll
- %PROGRAM_FILES%\Ohsolgil\Ohsolgil.exe
- %TEMP%\RGI3.tmp
- %TEMP%\nss2.tmp\KillProcDLL.dll
- 'www.co##pol.com':80
- www.co##pol.com/Ohsolgil/OhsolgilUpdate.asp
- www.co##pol.com/Codepol/dtb_logins.asp
- DNS ASK www.co##pol.com
- '<IP-адрес в локальной сети>':1036