Technical Information
- %WINDIR%\tasks\aquatext.job
- <SYSTEM32>\tasks\aquatext
- [<HKLM>\System\CurrentControlSet\Services\Hurtful Nest] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Hurtful Nest] 'ImagePath' = '%APPDATA%\Hurtful Nest\Hurtful Nest.exe'
- 'Hurtful Nest' %APPDATA%\Hurtful Nest\Hurtful Nest.exe
- %APPDATA%\hurtful nest\hurtful nest.exe
- %ALLUSERSPROFILE%\{8ae1150a-b5cd-8038-8ae1-1150ab5c542a}\<File name>.exe
- %ALLUSERSPROFILE%\{8ae1150a-b5cd-8038-8ae1-1150ab5c542a}\<File name>.dat
- %APPDATA%\hurtful nest\fba00.dat
- 'pa###tmodel.biz':80
- http://pa###tmodel.biz/?q=#######################################################################################################################################################################...
- DNS ASK pa###tmodel.biz
- '%APPDATA%\hurtful nest\hurtful nest.exe'