Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1400' = '00000003'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1C00' = '00000000'
- %TEMP%\c59f.tmp
- from <Full path to file> to <PATH_SAMPLE>.docx
- '%TEMP%\c59f.tmp' --ping<Full path to file> 0EAA55831FA40E43BBD844E44A04B9C9A63A7A4EF98C6A195CFE0EFFDF35E8A58B0BB074CD4D5B4BB93D1C7986FF888E58B203EC595E80A6A06DCD20008C4F03
- '%TEMP%\c59f.tmp' --ping<Full path to file> 0EAA55831FA40E43BBD844E44A04B9C9A63A7A4EF98C6A195CFE0EFFDF35E8A58B0BB074CD4D5B4BB93D1C7986FF888E58B203EC595E80A6A06DCD20008C4F03' (with hidden window)
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "<PATH_SAMPLE>.docx"