Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1400' = '00000003'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1C00' = '00000000'
- %TEMP%\9230.tmp
- from <Full path to file> to <PATH_SAMPLE>.docx
- '%TEMP%\9230.tmp' --ping<Full path to file> 9A355DFDCD75525D6A55C33CD01C8CC4A215FD81F72ACCE398D3C6C77DB482143AB864B675D5AB7454C59857DC4674A5B1468CED6AD3FD39A6C4DC3B5DB3B507
- '%TEMP%\9230.tmp' --ping<Full path to file> 9A355DFDCD75525D6A55C33CD01C8CC4A215FD81F72ACCE398D3C6C77DB482143AB864B675D5AB7454C59857DC4674A5B1468CED6AD3FD39A6C4DC3B5DB3B507' (with hidden window)
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "<PATH_SAMPLE>.docx"