rundll32.exe shdocvw.dll, OpenURL [path to file.url]
This is nothing new, but just documenting for the sake of documenting.
It crossed my mind to look for all the DLLs that refer to OpenURL – an API that is exported by the url.dll – which is used to launch URLs (and was a subject of the first part of the series). I quickly discovered that ieframe.dll also exports identically named function; a quick googling around followed and I noticed it was a subject to previous analysis (CVE-2016-3353) – as a result, the vulnerability that allowed remote execution of code was patched.
Still, the built-in functionality can help to launch other programs via proxy e.g. using the .url file:
rundll32 ieframe.dll, OpenURL <path to local URL file>
will launch calculator.