Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1400' = '00000003'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1C00' = '00000000'
- %TEMP%\f1cd.tmp
- from <Full path to file> to <PATH_SAMPLE>.docx
- '%TEMP%\f1cd.tmp' --ping<Full path to file> 7C9A6F06E2AE014382297E562F3661EA1539E711BC0C680D9D02BD5B8C73C41B5405070367B81E4844C21EF1E2E978BF38B49CBCD5348F0E7606448EA4FFE25B
- '%TEMP%\f1cd.tmp' --ping<Full path to file> 7C9A6F06E2AE014382297E562F3661EA1539E711BC0C680D9D02BD5B8C73C41B5405070367B81E4844C21EF1E2E978BF38B49CBCD5348F0E7606448EA4FFE25B' (with hidden window)
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "<PATH_SAMPLE>.docx"