Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'nOhLo01570' = '%ALLUSERSPROFILE%\nOhLo01570\nOhLo01570.exe'
- <PATH_SAMPLE>
- %ALLUSERSPROFILE%\nohlo01570\nohlo01570.exe
- %ALLUSERSPROFILE%\nohlo01570\nohlo01570
- <PATH_SAMPLE>
- '19#.#.147.14':80
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%ALLUSERSPROFILE%\nohlo01570\nohlo01570.exe' "<Full path to file>"