Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1400' = '00000003'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1C00' = '00000000'
- %TEMP%\a840.tmp
- from <Full path to file> to <PATH_SAMPLE>.docx
- '%TEMP%\a840.tmp' --ping<Full path to file> 85CE94B6EC69091656D8CD8128543C14B5A76340C07835E4D33127731D4C23E83492B33F09653361C3F91C3DA929C2D088ED43085B950DAD037B68527BEEE35A
- '%TEMP%\a840.tmp' --ping<Full path to file> 85CE94B6EC69091656D8CD8128543C14B5A76340C07835E4D33127731D4C23E83492B33F09653361C3F91C3DA929C2D088ED43085B950DAD037B68527BEEE35A' (with hidden window)
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "<PATH_SAMPLE>.docx"