Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1400' = '00000003'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1C00' = '00000000'
- %TEMP%\acd2.tmp
- from <Full path to file> to <PATH_SAMPLE>.docx
- '%TEMP%\acd2.tmp' --ping<Full path to file> BC7895B183D1DB2578DD1BE2B4B1C582693C718B5C587BC232495D833B73C46FB1211E4BE9BD67302D4B3AD30CD906C582151E54B0A37AD38CBF3005310B1969
- '%TEMP%\acd2.tmp' --ping<Full path to file> BC7895B183D1DB2578DD1BE2B4B1C582693C718B5C587BC232495D833B73C46FB1211E4BE9BD67302D4B3AD30CD906C582151E54B0A37AD38CBF3005310B1969' (with hidden window)
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "<PATH_SAMPLE>.docx"