Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1400' = '00000003'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1C00' = '00000000'
- %TEMP%\c16b.tmp
- from <Full path to file> to <PATH_SAMPLE>.docx
- '%TEMP%\c16b.tmp' --ping<Full path to file> 353BF56A2BF33A46FB60366AA8A2F3EC3F5A2281881674AA5BA13B6D5E25DDC19AD4368B81615798E53C571900A543B5EA7CB9C65E4EB7B76A1665786D7AD83C
- '%TEMP%\c16b.tmp' --ping<Full path to file> 353BF56A2BF33A46FB60366AA8A2F3EC3F5A2281881674AA5BA13B6D5E25DDC19AD4368B81615798E53C571900A543B5EA7CB9C65E4EB7B76A1665786D7AD83C' (with hidden window)
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "<PATH_SAMPLE>.docx"