Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1400' = '00000003'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1C00' = '00000000'
- %TEMP%\814f.tmp
- from <Full path to file> to <PATH_SAMPLE>.docx
- '%TEMP%\814f.tmp' --ping<Full path to file> 542BA6DE506DC7AA602ABCE705F30E7EC8E4936610BC2687B14B7756B5C150D3DB42C407AF99480620186AF4F1AC805DA5E7BDF25F16CF52378ECD79CE76E250
- '%TEMP%\814f.tmp' --ping<Full path to file> 542BA6DE506DC7AA602ABCE705F30E7EC8E4936610BC2687B14B7756B5C150D3DB42C407AF99480620186AF4F1AC805DA5E7BDF25F16CF52378ECD79CE76E250' (with hidden window)
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "<PATH_SAMPLE>.docx"