Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1400' = '00000003'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1C00' = '00000000'
- %TEMP%\fa84.tmp
- from <Full path to file> to <PATH_SAMPLE>.docx
- '%TEMP%\fa84.tmp' --ping<Full path to file> A8BBE316BB4D07032AA9450A63C5192EFFB98B88EC180E75B2E2102EBF6070B08DE333C1F0CE8DD16A210A105BB7B3F42D2D8535DA2C8E189F00BC697CCA440F
- '%TEMP%\fa84.tmp' --ping<Full path to file> A8BBE316BB4D07032AA9450A63C5192EFFB98B88EC180E75B2E2102EBF6070B08DE333C1F0CE8DD16A210A105BB7B3F42D2D8535DA2C8E189F00BC697CCA440F' (with hidden window)
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "<PATH_SAMPLE>.docx"