Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1400' = '00000003'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1C00' = '00000000'
- %TEMP%\4f09.tmp
- from <Full path to file> to <PATH_SAMPLE>.docx
- '%TEMP%\4f09.tmp' --ping<Full path to file> 2CB70FF41897896D07FEA987A0F6D7F53D7E712FBA199C8DFD3287805C604CBA4A88FCEEB96CB9A3A6E6E6D0E93CA3E966E5C86FFFD43926E56D932C0FA02333
- '%TEMP%\4f09.tmp' --ping<Full path to file> 2CB70FF41897896D07FEA987A0F6D7F53D7E712FBA199C8DFD3287805C604CBA4A88FCEEB96CB9A3A6E6E6D0E93CA3E966E5C86FFFD43926E56D932C0FA02333' (with hidden window)
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "<PATH_SAMPLE>.docx"