Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1400' = '00000003'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1C00' = '00000000'
- %TEMP%\6f46.tmp
- from <Full path to file> to <PATH_SAMPLE>.docx
- '%TEMP%\6f46.tmp' --ping<Full path to file> 72E479510CCD87F912A706109D659FD457BEAC5531F236C7494ADEC87F8BA81A29B22FC98C9B4DE8199BEC93007D7715D320FCBDB5E6CDE82ACB1ECC06DB8EC8
- '%TEMP%\6f46.tmp' --ping<Full path to file> 72E479510CCD87F912A706109D659FD457BEAC5531F236C7494ADEC87F8BA81A29B22FC98C9B4DE8199BEC93007D7715D320FCBDB5E6CDE82ACB1ECC06DB8EC8' (with hidden window)
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "<PATH_SAMPLE>.docx"