Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1400' = '00000003'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1C00' = '00000000'
- %TEMP%\2be.tmp
- from <Full path to file> to <PATH_SAMPLE>.docx
- '%TEMP%\2be.tmp' --ping<Full path to file> AFE23D5BFA7402E7D7353AE6AEA4C2A5D84FBF9BB0FFDC83844DA60B9994C69939A0078CC80299BD04C873D33709FC90E99918582FD3DB386F94889F1AD30560
- '%TEMP%\2be.tmp' --ping<Full path to file> AFE23D5BFA7402E7D7353AE6AEA4C2A5D84FBF9BB0FFDC83844DA60B9994C69939A0078CC80299BD04C873D33709FC90E99918582FD3DB386F94889F1AD30560' (with hidden window)
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "<PATH_SAMPLE>.docx"