Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1400' = '00000003'
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] '1C00' = '00000000'
- %ALLUSERSPROFILE%\media source\medirsruam
- %ProgramFiles%\medias~1\medirsruam.exe
- %APPDATA%\microsoft\windows\templates\<File name>.exe .docx
- %APPDATA%\microsoft\windows\templates\~$bzj.exe .docx
- from %ALLUSERSPROFILE%\media source\medirsruam to %ALLUSERSPROFILE%\media source\medirsruam.zip
- '19#.#54.227.102':4286
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "%APPDATA%\Microsoft\Windows\Templates\<File name>.exe .docx"