Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1400' = '00000003'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1C00' = '00000000'
- %TEMP%\8352.tmp
- from <Full path to file> to <PATH_SAMPLE>.docx
- '%TEMP%\8352.tmp' --ping<Full path to file> 4D4479C4E4A6734DC458D1825CE9F4BE3F004A928A9CC86DE6B13D26E5787DC288818746D1FC60E47478BFCF6814E2A7F1D732FF989DEAD59B06FBD030BB3F67
- '%TEMP%\8352.tmp' --ping<Full path to file> 4D4479C4E4A6734DC458D1825CE9F4BE3F004A928A9CC86DE6B13D26E5787DC288818746D1FC60E47478BFCF6814E2A7F1D732FF989DEAD59B06FBD030BB3F67' (with hidden window)
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "<PATH_SAMPLE>.docx"