VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: PublicClient大厅.exe
file size: 821248
file type: application/x-dosexec
MD5: 5f573b031fd9802ec49755d8fe90e760
sha1: 5e05c83dde29391766b7dc25e6a1abc202b45121

 CreateProcess

ApplicationName: C:\Users\Administrator\AppData\Local\Temp\._cache_1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
CmdLine: "C:\Users\Administrator\AppData\Local\Temp\._cache_1620642626136_5f573b031fd9802ec49755d8fe90e760.exe"
childid: 2844
childname: ._cache_1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\._cache_1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
drop_type: 2
name: 1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
noNeedLine: 1
path: C:\Users\Administrator\AppData\Local\Temp\1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
pid: 2208
ApplicationName: C:\ProgramData\Synaptics\Synaptics.exe
CmdLine: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
childid: 1252
childname: Synaptics.exe
childpath: C:\ProgramData\Synaptics\Synaptics.exe
drop_type: 1
name: 1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
pid: 2208
ApplicationName:
CmdLine: "C:\Program Files\Java\jre1.8.0_151\bin\javaw.exe" -jar "C:\Users\Administrator\AppData\Local\Temp\._cache_1620642626136_5f573b031fd9802ec49755d8fe90e760.exe"
childid: 2892
childname: javaw.exe
childpath: C:\Program Files\Java\jre1.8.0_151\bin\javaw.exe
drop_type:
name: ._cache_1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
noNeedLine: 1
path: C:\Users\Administrator\AppData\Local\Temp\._cache_1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
pid: 2844
ApplicationName: C:\Windows\splwow64.exe
CmdLine: C:\Windows\splwow64.exe 12288
childid: 2932
childname: splwow64.exe
childpath: C:\Windows\splwow64.exe
drop_type:
name: EXCEL.EXE
noNeedLine:
path: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
pid: 2432
ApplicationName:
CmdLine:
childid: 2208
childname: 1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
drop_type:
name:
noNeedLine:
path:
pid: 2992
ApplicationName:
CmdLine:
childid: 580
childname: svchost.exe
childpath: C:\Windows\System32\svchost.exe
drop_type:
name:
noNeedLine:
path:
pid: 456
ApplicationName:
CmdLine:
childid: 2432
childname: EXCEL.EXE
childpath: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
drop_type:
name: svchost.exe
noNeedLine:
path: C:\Windows\System32\svchost.exe
pid: 580

 Summary

buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: 0
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: UNCAsIntranet
buffer: 1
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: AutoDetect
buffer: 0
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: UNCAsIntranet
buffer: 1
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
type: REG_DWORD
valuename: AutoDetect
buffer: C:\ProgramData\Synaptics\Synaptics.exe
processid: 2208
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
type: REG_SZ
valuename: Synaptics Pointing Device Driver
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2208
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: d/~\x00\x80 \x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
processid: 2432
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
type: REG_BINARY
valuename: d/~
buffer: Off
processid: 2432
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
type: REG_SZ
valuename: 2052
buffer: Off
processid: 2432
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
type: REG_SZ
valuename: 1033
buffer: On
processid: 2432
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
type: REG_SZ
valuename: 2052
buffer: On
processid: 2432
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
type: REG_SZ
valuename: 1033
buffer: 1386938497
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004119210000000000000000F01FEC\Usage
type: REG_DWORD
valuename: EXCELFiles
buffer: 1386938392
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109610040800000000000F01FEC\Usage
type: REG_DWORD
valuename: EXCELFilesIntl_2052
buffer: \x80 \x00\x00\x88\xfe\xb5\x9f\x87E\xd7\x01\x00\x00\x00\x00
processid: 2432
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
type: REG_BINARY
valuename: MTTT
buffer: !"\x7f\x00\x80 \x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\xa2\x00\x00\x00\x01\x00\x00\x00d\x00\x00\x002\x00\x00\x00c\x00:\x00\\x00p\x00r\x00o\x00g\x00r\x00a\x00~\x002\x00\\x00m\x00i\x00c\x00r\x00o\x00s\x00~\x001\x00\\x00o\x00f\x00f\x00i\x00c\x00e\x001\x004\x00\\x00a\x00d\x00d\x00i\x00n\x00s\x00\\x00t\x00c\x00s\x00c\x00c\x00o\x00n\x00v\x00.\x00d\x00l\x00l\x00\x00\x00c\x00h\x00i\x00n\x00e\x00s\x00e\x00 \x00c\x00o\x00n\x00v\x00e\x00r\x00s\x00i\x00o\x00n\x00 \x00a\x00d\x00d\x00i\x00n\x00\x00\x00
processid: 2432
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
type: REG_BINARY
valuename: !"\x7f
buffer: 1386939014
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004119210000000000000000F01FEC\Usage
type: REG_DWORD
valuename: ProductFiles
buffer: 1386938427
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004119210000000000000000F01FEC\Usage
type: REG_DWORD
valuename: VBAFiles
buffer: Microsoft Excel(产品激活失败)
processid: 2432
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
type: REG_SZ
valuename: ExcelName
buffer: 25
processid: 2432
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU\HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU\(Default)
type: REG_DWORD
valuename: Max Display
buffer: [F00000000][T01D361D79865AEE0][O00000000]*E:\
processid: 2432
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU\HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU\(Default)
type: REG_SZ
valuename: Item 1
buffer: [F00000000][T01D35911B2D8DFF0][O00000000]*C:\Users\Administrator\Documents\
processid: 2432
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU\HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU\(Default)
type: REG_SZ
valuename: Item 2
buffer: 25
processid: 2432
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\File MRU\HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\File MRU\(Default)
type: REG_DWORD
valuename: Max Display
buffer: [F00000000][T01D361D79865AEE0][O00000000]*E:\A0.xls
processid: 2432
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\File MRU\HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\File MRU\(Default)
type: REG_SZ
valuename: Item 1
buffer: [F00000000][T01D35911B2D8DFF0][O00000000]*C:\Users\Administrator\Documents\22.xlsx
processid: 2432
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\File MRU\HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\File MRU\(Default)
type: REG_SZ
valuename: Item 2
buffer: 343
processid: 2432
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Options
type: REG_DWORD
valuename: Options
buffer: \x01\x01\x00\x00\x00\x00\x00\x00\x12\x00\x03\x00\x00\x00\x02\x01\xff\xff\x8f\x05\x00\x00\x01\x00\x18\x00\x00\x00\x10\x00\x00\x02\x00\x02\xfe\x00\x00\x00\x00\xc8\x00\x00\x00\x04\x01\x8e\x00\xcc\x01\x1e\x02\x02\x00\x02\xfe\x00\x00\x00\x00\xc8\x00\x00\x00\x04\x01\x8e\x00\xcc\x01\x1e\x02\x02\x00\x02\xfe\x00\x00\x00\x00\xc8\x00\x00\x00\x04\x01\x8e\x00\xcc\x01\x1e\x02\x02\x01\xff\xff"\x07\x00\x00\x08\x01\x00\x00\x00\x00\x11\x00\x00\x03\x01\x03\xfe\x00\x00\x00\x00\x00\x00\x00\x00J\x01\xd4\x00J\x01\xd4\x00\x03\x01\x03\xfe\x00\x00\x00\x00\x00\x00\x00\x00J\x01\xd4\x00J\x01\xd4\x00\x03\x01\x03\xfe\x00\x00\x00\x00\x00\x00\x00\x00J\x01\xd4\x00J\x01\xd4\x00\x02\x01\xff\xff)\x08\x00\x00\x05\x01\x18\x00\x00\x00\x10\x00\x00\x01\x00\x01\xfe\x00\x00\x00\x00\x00\x00x\x00,\x01\xf7\x00 \x03o\x01\x01\x00\x01\xfe\x00\x00\x00\x00\x00\x00x\x00,\x01\xf7\x00 \x03o\x01\x01\x00\x01\xfe\x00\x00\x00\x00\x00\x00x\x00,\x01\xf7\x00 \x03o\x01\x02\x01\xff\xff/\x08\x00\x00A\x01\x18
processid: 2432
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Toolbars\Settings
type: REG_BINARY
valuename: Microsoft Excel
buffer: f2\x00\x00\x01\x01\x00\x00\x00\x00\x00\x00z\x00\x03\x00\x00\x00\x02\x01\xff\xff \x01\x00\x00\x08\x01\x00\x01\x01\x00\x10\x00\x00\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8\x01\x1a\x01\xb8\x01\x1a\x01\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8\x01\x1a\x01\xb8\x01\x1a\x01\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8\x01\x1a\x01\xb8\x01\x1a\x01\x01\x00\x07\x00\x02\x01\xff\xff \x01\x00\x00\x08\x01\x00\x01\x01\x00\x10\x00\x00\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb\x01=\x01\xdb\x01=\x01\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb\x01=\x01\xdb\x01=\x01\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb\x01=\x01\xdb\x01=\x01\x02\x00\x07\x00\x02\x01\xff\xff\xa9\x03\x00\x00\x00\x01\x00\x00\x01\x00\x10\x00\x00\x04\x00\x01\x0b\x00\x00\x00\x00\x00\x00\x00\x00\xeb\x00\xb1\x00\xeb\x00\xb1\x00\x04\x00\x01\x0b\x00\x00\x00\x00\x00\x00\x00\x00\xeb\x00\xb1\x00\xeb\x00\xb1\x00\x04\x00\x01\x0b\x00\x00\x00\x00\x00\x00\x00\x00\xeb\x00\xb1\x00\xeb\x00\xb1
processid: 2432
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Options
type: REG_BINARY
valuename: CmdBarData
buffer: 1386939015
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004119210000000000000000F01FEC\Usage
type: REG_DWORD
valuename: ProductFiles
buffer: 1386939016
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004119210000000000000000F01FEC\Usage
type: REG_DWORD
valuename: ProductFiles
buffer: 32586
processid: 2432
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
type: REG_DWORD
valuename: MTTF
buffer: 32586
processid: 2432
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
type: REG_DWORD
valuename: MTTA

 Behavior_analysis

message: 企图通过长时间休眠躲避沙箱检测
name: 长时间休眠
szSubkey:
score: 2

 Dropped_Save

analysis_result: 安全
create: 0
how: del
md5: e566fc53051035e1e6fd0ed1823de0f9
name: 4034C045.tmp
new_size: 17KB (18387bytes)
operation: 释放后删除文件
path: C:\Users\Administrator\AppData\Local\Temp\4034C045.tmp
processid: 2432
processname: EXCEL.EXE
sha1: 00bc96c48b98676ecd67e81a6f1d7754e4156044
sha256: 8e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15
size: 18387
this_path: /data/cuckoo/storage/analyses/1000564/files/4189136838/4034C045.tmp
type: Microsoft Excel 2007+
analysis_result: 安全
create: 0
how: del
md5: d41d8cd98f00b204e9800998ecf8427e
name: CVRFFE4.tmp.cvr
new_size: 0bytes
operation: 释放后删除文件
path: C:\Users\Administrator\AppData\Local\Temp\CVRFFE4.tmp.cvr
processid: 2432
processname: EXCEL.EXE
sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709
sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
size: 0
this_path: /data/cuckoo/storage/analyses/1000564/files/4846131240/CVRFFE4.tmp.cvr
type: empty
analysis_result: 安全
create: 0
how: write
md5: 23922f60a324f05bbe46d7a3005a05db
name: ._cache_1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
new_size: 48KB (49706bytes)
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\._cache_1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
processid: 2208
processname: 1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
sha1: ecf5403bb00b828bfec92c7b89f25261810c0c51
sha256: 43adfb924fa21821f29e650dd434420f91160fbbb4b5dc641498c01291ebcbe2
size: 49706
this_path: /data/cuckoo/storage/analyses/1000564/files/1000/._cache_1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: d41d8cd98f00b204e9800998ecf8427e
name: ~$2A1tQPLw.xlsm
new_size: 0bytes
operation: 修改文件
path: C:\Users\Administrator\AppData\Local\Temp\~$2A1tQPLw.xlsm
processid: 2432
processname: EXCEL.EXE
sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709
sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
size: 0
this_path: /data/cuckoo/storage/analyses/1000564/files/1002/~$2A1tQPLw.xlsm
type: empty
analysis_result: 安全
create: 0
how: write
md5: d41d8cd98f00b204e9800998ecf8427e
name: ~$22.xlsx
new_size: 0bytes
operation: 修改文件
path: C:\Users\Administrator\Documents\~$22.xlsx
processid: 2432
processname: EXCEL.EXE
sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709
sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
size: 0
this_path: /data/cuckoo/storage/analyses/1000564/files/1003/~$22.xlsx
type: empty
analysis_result: 安全
create: 0
how: move
md5: d41d8cd98f00b204e9800998ecf8427e
name: 2A1tQPLw.xlsm
new_size: 0bytes
operation: 拷贝覆盖文件
path: C:\Users\Administrator\AppData\Local\Temp\2A1tQPLw.xlsm
processid: 2432
processname: EXCEL.EXE
sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709
sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
size: 0
this_path: /data/cuckoo/storage/analyses/1000564/files/1004/2A1tQPLw.xlsm
type: empty

 Dropped Unsave

analysis_result: Trojan.Win32.XRed.mg
create: 0
how: move
md5: 198874018bfaabca9d59cf18abfc0bb2
name: Synaptics.exe
new_size: 753KB (771584bytes)
operation: 拷贝覆盖文件
path: C:\ProgramData\Synaptics\Synaptics.exe
processid: 2208
processname: 1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
sha1: 9862bf055756ebe4fefbfa6f4a0719dbdd5de6e9
sha256: 5b9187c07375ace5b7de15a03608b1fd20fe77cd1a22049d028e7fbaea48b22e
size: 771584
this_path: /data/cuckoo/storage/analyses/1000564/files/1001/Synaptics.exe
type: PE32 executable (GUI) Intel 80386, for MS Windows

 Malicious

attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过从资源段释放文件并运行的方式,以达到隐藏恶意代码的目的
num: 150
process_id: 2208
process_name: 1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
rulename: 从资源段释放文件并运行
attck_tactics: 其他恶意行为
level: 2
matchedinfo: 恶意程序通过从资源段释放资源到内存中,进行解密操作
num: 150
process_id: 2208
process_name: 1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
rulename: 加载资源到内存
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 182
process_id: 2208
process_name: 1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 持久化
level: 1
matchedinfo: 恶意程序通过打开服务控制管理器(Service Control Manager),以达到对服务进行控制的目的
num: 556
process_id: 2208
process_name: 1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
rulename: 打开服务控制管理器
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 561
process_id: 2208
process_name: 1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 675
process_id: 2208
process_name: 1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
rulename: 获取隐藏文件设置
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 一般被用于文件的加密、数据的加密传输或可能被用于勒索者病毒中
num: 4625
process_id: 2208
process_name: 1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
rulename: 调用加密算法库
attck_tactics: 持久化
level: 1
matchedinfo: 恶意程序通过写入注册表,以达修改用户修改代理
num: 7809
process_id: 2208
process_name: 1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
rulename: 修改浏览器代理
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序通过调用关键api的获取系统的用户名,以达到收集用户信息的目的
num: 7849
process_id: 2208
process_name: 1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
rulename: 获取当前用户名
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 8817
process_id: 2208
process_name: 1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 防御逃逸
level: 2
matchedinfo: 检查程序运行时监视鼠标是否移动。一般被恶意软件用于沙盒逃逸
num: 11323
process_id: 2208
process_name: 1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
rulename: 获取当前鼠标位置
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 7
process_id: 2844
process_name: ._cache_1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过从资源段释放文件并运行的方式,以达到隐藏恶意代码的目的
num: 38
process_id: 2844
process_name: ._cache_1620642626136_5f573b031fd9802ec49755d8fe90e760.exe
rulename: 从资源段释放文件并运行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 46
process_id: 2892
process_name: javaw.exe
rulename: 遍历文件
attck_tactics: 基础信息获取
level: 1
matchedinfo: 恶意程序会通过收集电脑配置信息来进行信息的统计
num: 70
process_id: 2892
process_name: javaw.exe
rulename: 系统配置信息收集
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 163
process_id: 2892
process_name: javaw.exe
rulename: 修改内存地址为可读可写可执行