Technical Information
- %WINDIR%\tasks\bagtags.job
- <SYSTEM32>\tasks\bagtags
- [<HKLM>\System\CurrentControlSet\Services\Not supportive Loyality] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Not supportive Loyality] 'ImagePath' = '%APPDATA%\Not supportive Loyality\Not supportive Loyality.exe'
- 'Not supportive Loyality' %APPDATA%\Not supportive Loyality\Not supportive Loyality.exe
- %ALLUSERSPROFILE%\{3ad5789b-29e0-674d-3ad5-5789b29ee26c}\<File name>.exe
- %APPDATA%\not supportive loyality\not supportive loyality.exe
- %ALLUSERSPROFILE%\{3ad5789b-29e0-674d-3ad5-5789b29ee26c}\<File name>.dat
- %APPDATA%\not supportive loyality\5bodv.dat
- 'ri###ynorth.biz':80
- 'al####el-pro.com':80
- http://ri###ynorth.biz/?q=#######################################################################################################################################################################...
- DNS ASK ri###ynorth.biz
- DNS ASK al####el-pro.com
- '%APPDATA%\not supportive loyality\not supportive loyality.exe'