Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1400' = '00000003'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1C00' = '00000000'
- %TEMP%\dcc7.tmp
- from <Full path to file> to <PATH_SAMPLE>.docx
- '%TEMP%\dcc7.tmp' --ping<Full path to file> 4FE9D2A3C68041872E6F402EF0CC525DC2E8A0EE031678786690B28E9C6741D0F0104B7C54658BF7ABD1513F4C174D615930DCC846C348EDEDB04D49E39A4B34
- '%TEMP%\dcc7.tmp' --ping<Full path to file> 4FE9D2A3C68041872E6F402EF0CC525DC2E8A0EE031678786690B28E9C6741D0F0104B7C54658BF7ABD1513F4C174D615930DCC846C348EDEDB04D49E39A4B34' (with hidden window)
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "<PATH_SAMPLE>.docx"