Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '%APPDATA%\STF3eqURS.exe'
- %HOMEPATH%\desktop\<File name>.docx
- %APPDATA%\stf3equrs.exe
- nul
- http://bi#.ly/2fmwcur
- DNS ASK google.com
- DNS ASK bi#.ly
- DNS ASK go##le.ru
- '%APPDATA%\stf3equrs.exe'
- '%WINDIR%\syswow64\cmd.exe' /c "%HOMEPATH%\Desktop\<File name>.docx"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ping -n 1 localhost > nul & del /f /q "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "%HOMEPATH%\Desktop\<File name>.docx"
- '%WINDIR%\syswow64\cmd.exe' /c ping -n 1 localhost > nul & del /f /q "<Full path to file>"
- '%WINDIR%\syswow64\ping.exe' -n 1 localhost