VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

cf92838fa10248a6996228b8898b3206    Hybrid analysis report

Basic Information

file name: cf92838fa10248a6996228b8898b3206
file size: 171372
file type: data
Submission time: 2019-09-07 09:20:03
MD5: cf92838fa10248a6996228b8898b3206
sha1: 2df22de4a42208fcd5dfe8c5c92f9c22e03aa432
sha256: 78c2b867ce2acd5ed747323a0d49e962f4c29c547f4430c792f71787a23db561
enviorment_description: Windows 7 32 bit (HWP Support)
total_processes: 0
total_signatures: 0
file_analysis: 0
mitre_attcks: 0

Document analysis report

uuid: java:java.util.UUID
xmlns: http://www.misp-project.org/
Event
id: 9c1a3d2a-909b-4555-b168-820fc21156e9
date: 2019-09-07
info: Falcon Sandbox auto-generated for \"78c2b867ce2acd5ed747323a0d49e962f4c29c547f4430c792f71787a23db561\"
analysis: 2
distribution: 1
published: 1
Attribute
category: External analysis
type: link
value: https://www.hybrid-analysis.com/search?query=78c2b867ce2acd5ed747323a0d49e962f4c29c547f4430c792f71787a23db561
distribution: 1
category: External analysis
type: comment
value: Falcon Sandbox v8.30 Copyright 2019 Hybrid Analysis GmbH, All Rights Reserved, www.payload-security.com
distribution: 1
category: Payload delivery
type: filename|md5
value: 78c2b867ce2acd5ed747323a0d49e962f4c29c547f4430c792f71787a23db561|cf92838fa10248a6996228b8898b3206
distribution: 1
category: Payload delivery
type: filename|sha1
value: 78c2b867ce2acd5ed747323a0d49e962f4c29c547f4430c792f71787a23db561|2df22de4a42208fcd5dfe8c5c92f9c22e03aa432
distribution: 1
category: Payload delivery
type: filename|sha256
value: 78c2b867ce2acd5ed747323a0d49e962f4c29c547f4430c792f71787a23db561|78c2b867ce2acd5ed747323a0d49e962f4c29c547f4430c792f71787a23db561
distribution: 1
category: Payload delivery
type: filename|sha512
value: 78c2b867ce2acd5ed747323a0d49e962f4c29c547f4430c792f71787a23db561|798c534ef88186fcc7f83857ac30fbdea509b2d77a6a35b106e087256642b01aa5f47aef9df637a22343c77e85699274f0042b13fde99c11e1c32569fa9ad303
distribution: 1
category: Payload installation
type: filename|md5
value: ~_92838fa10248a6996228b8898b3206.doc|b60c0bb79b4b53294d99905c973caba3
distribution: 1
category: Payload installation
type: filename|sha1
value: ~_92838fa10248a6996228b8898b3206.doc|a7716d014025ca03b5324c8220e2459eea70b6b1
distribution: 1
category: Payload installation
type: filename|sha256
value: ~_92838fa10248a6996228b8898b3206.doc|a101d3605f8d1ca5cfb10c48dbdb24c45f2627c48f44a2bd2604b88c7b90d5f0
distribution: 1
category: Payload installation
type: filename|sha512
value: ~_92838fa10248a6996228b8898b3206.doc|98a2f8cbef4ac51e845950fa7919ba129f2b0ff0c932ccc3e236f6619af525d2f80ccfab16a9576a3e16c439422665495cd6cb3855d2e80905e0e967b6a5cd44
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0002.doc|00ba87cdb8ce5d2f527045b40efd76cd
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0002.doc|67b6b5101aabc18c346a802474294fd2bee7ffbb
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0002.doc|c3ea1fcfa3745172646319d48cd732e39e2342912fbdabcdb6d89ad78d4698df
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0002.doc|acb88f9d6a9a8bacd642c2f422ec596bd3c348e1063aa96601b983fec521c89d701e462ea5de7430ae010aca508b94def61ed93015734ff2418b3eff28b870e4
distribution: 1
category: Payload installation
type: filename|md5
value: %APPDATA%\Microsoft\Office\Recent\cf92838fa10248a6996228b8898b3206.LNK|de7951177b3f0eac6f355c97d91d40e4
distribution: 1
category: Payload installation
type: filename|sha1
value: %APPDATA%\Microsoft\Office\Recent\cf92838fa10248a6996228b8898b3206.LNK|08c246a1c353aaf00c192d6a5e4a447da59e3a38
distribution: 1
category: Payload installation
type: filename|sha256
value: %APPDATA%\Microsoft\Office\Recent\cf92838fa10248a6996228b8898b3206.LNK|ea964c1bae275bd4824f2fda989fe2b91b3aca7372754cfddcfc22e595e0a83e
distribution: 1
category: Payload installation
type: filename|sha512
value: %APPDATA%\Microsoft\Office\Recent\cf92838fa10248a6996228b8898b3206.LNK|46f67956d872650dd5d298a68e477d27f42d1aca1d8c54525e3d52e6663b9d7f9b1e318db8930e3a6b3afff3e94c665a58abad031c6391252b0b5af45b140a0c
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0001.doc|3bd508b2c1b22fa752d89aaa3a4ae2ab
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0001.doc|6313b91ba37a2433747ca418196e2ea054d503ef
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0001.doc|3430ccec1120bf8c20d8ddcc2fa9cb81528e80e53c27585792f6cdc8770fdfb6
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0001.doc|8025f8bfa013970a42865731751a20dfa71c1cac2e8e661568bb597520062056a077b982b1154a1c667db74e43504ad7f652668f33647dc4ae6ed4d5bfee95e1
distribution: 1
category: Payload installation
type: filename|md5
value: %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0000.doc|3bd508b2c1b22fa752d89aaa3a4ae2ab
distribution: 1
category: Payload installation
type: filename|sha1
value: %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0000.doc|6313b91ba37a2433747ca418196e2ea054d503ef
distribution: 1
category: Payload installation
type: filename|sha256
value: %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0000.doc|3430ccec1120bf8c20d8ddcc2fa9cb81528e80e53c27585792f6cdc8770fdfb6
distribution: 1
category: Payload installation
type: filename|sha512
value: %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0000.doc|8025f8bfa013970a42865731751a20dfa71c1cac2e8e661568bb597520062056a077b982b1154a1c667db74e43504ad7f652668f33647dc4ae6ed4d5bfee95e1
distribution: 1
category: Payload installation
type: filename|md5
value: %APPDATA%\Microsoft\Office\Recent\index.dat|48809e5288e98abb9bcbd5096e003858
distribution: 1
category: Payload installation
type: filename|sha1
value: %APPDATA%\Microsoft\Office\Recent\index.dat|39f4e2f91a463f532af12b11d3eff398d8e9baba
distribution: 1
category: Payload installation
type: filename|sha256
value: %APPDATA%\Microsoft\Office\Recent\index.dat|0a1d8e556b398e4f6abeac1d829c66abdfa6e303d2809cbb0d46cd42e7aa8bee
distribution: 1
category: Payload installation
type: filename|sha512
value: %APPDATA%\Microsoft\Office\Recent\index.dat|35ad1aed1b666ef809719101cc6d6acf5c80208d9fadd9e27b1ab1ed0650a3bfb1efbd595715bd0e01ff32a4aa58031f8124dee4ca4134f578c0ffdd89faf135
distribution: 1
category: Payload installation
type: filename|md5
value: ~WRS_60B86EF2-4757-4A76-B85E-F3D9423A0B15_.tmp|7238b036f5a257cccf6a47743356a439
distribution: 1
category: Payload installation
type: filename|sha1
value: ~WRS_60B86EF2-4757-4A76-B85E-F3D9423A0B15_.tmp|8cdb254d57b9676713ea33c4a78dd9b296a0424e
distribution: 1
category: Payload installation
type: filename|sha256
value: ~WRS_60B86EF2-4757-4A76-B85E-F3D9423A0B15_.tmp|8bd83f5e9fd4cff4a2ede646c73107b35fe8a1a0977a0cd7ac7265222f4b4ba3
distribution: 1
category: Payload installation
type: filename|sha512
value: ~WRS_60B86EF2-4757-4A76-B85E-F3D9423A0B15_.tmp|6c8f56c0836bec7974994dd053111e0914d0e241a2b567875928102fe2fc93be113543a78deae19e1d87450e03a7aaf8d748fdd8574706c8cdcfd0bb3f09ddb3
distribution: 1
category: Payload installation
type: filename|md5
value: %APPDATA%\Microsoft\UProof\ExcludeDictionaryEN0409.lex|f3b25701fe362ec84616a93a45ce9998
distribution: 1
category: Payload installation
type: filename|sha1
value: %APPDATA%\Microsoft\UProof\ExcludeDictionaryEN0409.lex|d62636d8caec13f04e28442a0a6fa1afeb024bbb
distribution: 1
category: Payload installation
type: filename|sha256
value: %APPDATA%\Microsoft\UProof\ExcludeDictionaryEN0409.lex|b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
distribution: 1
category: Payload installation
type: filename|sha512
value: %APPDATA%\Microsoft\UProof\ExcludeDictionaryEN0409.lex|98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
distribution: 1
category: Payload installation
type: filename|md5
value: ~WRS_48776688-E9E1-499A-976A-27A3A311A7B2_.tmp|5d4d94ee7e06bbb0af9584119797b23a
distribution: 1
category: Payload installation
type: filename|sha1
value: ~WRS_48776688-E9E1-499A-976A-27A3A311A7B2_.tmp|dbb111419c704f116efa8e72471dd83e86e49677
distribution: 1
category: Payload installation
type: filename|sha256
value: ~WRS_48776688-E9E1-499A-976A-27A3A311A7B2_.tmp|4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1
distribution: 1
category: Payload installation
type: filename|sha512
value: ~WRS_48776688-E9E1-499A-976A-27A3A311A7B2_.tmp|95f83ae84cafcced5eaf504546725c34d5f9710e5ca2d11761486970f2fbeccb25f9cf50bbfc272bd75e1a66a18b7783f09e1c1454afda519624bc2bb2f28ba4
distribution: 1
category: Payload installation
type: filename|md5
value: ~_Normal.dotm|b60c0bb79b4b53294d99905c973caba3
distribution: 1
category: Payload installation
type: filename|sha1
value: ~_Normal.dotm|a7716d014025ca03b5324c8220e2459eea70b6b1
distribution: 1
category: Payload installation
type: filename|sha256
value: ~_Normal.dotm|a101d3605f8d1ca5cfb10c48dbdb24c45f2627c48f44a2bd2604b88c7b90d5f0
distribution: 1
category: Payload installation
type: filename|sha512
value: ~_Normal.dotm|98a2f8cbef4ac51e845950fa7919ba129f2b0ff0c932ccc3e236f6619af525d2f80ccfab16a9576a3e16c439422665495cd6cb3855d2e80905e0e967b6a5cd44
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\SECURITY\TRUSTED DOCUMENTS\LASTPURGETIME|3EB78E01
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\STARTUPITEMS\4MY|346D7900F8030000010000000000000000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\COMMON\LANGUAGERESOURCES\ENABLEDLANGUAGES\1033|4F00660066000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\COMMON\LANGUAGERESOURCES\ENABLEDLANGUAGES\1033|4F006E000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004119210000000000000000F01FEC\USAGE\WORDFILES|0400274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004119210000000000000000F01FEC\USAGE\PRODUCTFILES|0500274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004119210000000000000000F01FEC\USAGE\PRODUCTFILES|0600274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\MTTT|F80300008AB8ADD30965D50100000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\STARTUPITEMS\8OY|386F7900F80300000400000000000000900000000100000088000000400043003A005C00550073006500720073005C0048004100500055004200570053005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C002E0064006F0074006D00000000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\UNCASINTRANET|00000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT|01000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\STARTUPITEMS\ SY|20737900F803000006000000010000006000000002000000500000000400000063003A005C00630066003900320038003300380066006100310030003200340038006100360039003900360032003200380062003800380039003800620033003200300036002E0064006F006300000000000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004119210000000000000000F01FEC\USAGE\PRODUCTFILES|0700274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004119210000000000000000F01FEC\USAGE\PRODUCTFILES|0800274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109E60090400000000000F01FEC\USAGE\TCWP5FILESINTL_1033|0100274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109E60090400000000000F01FEC\USAGE\TCWP6FILESINTL_1033|0100274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109E60090400000000000F01FEC\USAGE\TCWP5FILESINTL_1033|0200274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109E60090400000000000F01FEC\USAGE\TCWP6FILESINTL_1033|0200274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\TEXT CONVERTERS\IMPORT\RECOVER\NAME|5200650063006F00760065007200200054006500780074002000660072006F006D00200041006E0079002000460069006C0065000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\TEXT CONVERTERS\IMPORT\RECOVER\PATH|43003A005C00500072006F006700720061006D002000460069006C00650073005C0043006F006D006D006F006E002000460069006C00650073005C004D006900630072006F0073006F006600740020005300680061007200650064005C00540065007800740043006F006E0076005C005200450043004F0056005200330032002E0043004E0056000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\TEXT CONVERTERS\IMPORT\RECOVER\EXTENSIONS|2A000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\TEXT CONVERTERS\IMPORT\WRDPRFCTDOS\NAME|57006F00720064005000650072006600650063007400200035002E0078000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\TEXT CONVERTERS\IMPORT\WRDPRFCTDOS\PATH|43003A005C00500072006F006700720061006D002000460069006C00650073005C0043006F006D006D006F006E002000460069006C00650073005C004D006900630072006F0073006F006600740020005300680061007200650064005C00540065007800740043006F006E0076005C0057005000460054003500330032002E0043004E0056000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\TEXT CONVERTERS\IMPORT\WRDPRFCTDOS\EXTENSIONS|64006F0063000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\TEXT CONVERTERS\IMPORT\WORDPERFECT6X\NAME|57006F00720064005000650072006600650063007400200036002E00780020002D00200037002E0030000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\TEXT CONVERTERS\IMPORT\WORDPERFECT6X\PATH|43003A005C00500072006F006700720061006D002000460069006C00650073005C0043006F006D006D006F006E002000460069006C00650073005C004D006900630072006F0073006F006600740020005300680061007200650064005C00540065007800740043006F006E0076005C0057005000460054003600330032002E0043004E0056000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\TEXT CONVERTERS\IMPORT\WORDPERFECT6X\EXTENSIONS|770070006400200064006F0063000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109E60090400000000000F01FEC\USAGE\TCWP5FILESINTL_1033|0300274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109E60090400000000000F01FEC\USAGE\TCWP6FILESINTL_1033|0300274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\COMMON\REVIEWCYCLE\REVIEWTOKEN|7B00450033003400430044003000310039002D0042004100350042002D0034004600300038002D0042004500320042002D003600340041004100310038003100410033003600340035007D000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\PLACE MRU\MAX DISPLAY|19000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\PLACE MRU\ITEM 1|5B004600300030003000300030003000300030005D005B00540030003100440035003600350030004100340044003700380030004600440030005D005B004F00300030003000300030003000300030005D002A0043003A005C000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\FILE MRU\MAX DISPLAY|19000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\FILE MRU\ITEM 1|5B004600300030003000300030003000300030005D005B00540030003100440035003600350030004100340044003700410038003000440030005D005B004F00300030003000300030003000300030005D002A0043003A005C00630066003900320038003300380066006100310030003200340038006100360039003900360032003200380062003800380039003800620033003200300036002E0064006F0063000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\FILE MRU\MAX DISPLAY|19000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\FILE MRU\ITEM 1|5B004600300030003000300030003000300030005D005B00540030003100440035003600350030004100340044003700410038003000440030005D005B004F00300030003000300030003000300030005D002A0043003A005C00630066003900320038003300380066006100310030003200340038006100360039003900360032003200380062003800380039003800620033003200300036002E0064006F0063000000
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\DOCUMENTRECOVERY\523347\523347|04000000F80300002700000043003A005C00630066003900320038003300380066006100310030003200340038006100360039003900360032003200380062003800380039003800620033003200300036002E0064006F0063002000000063006600390032003800330038006600610031003000320034003800610036003900390036003200320038006200380038003900380062003300320030003600000000000100000000000000E6E97ECA0965D501473352004733520000000000DB040000000000000000000000000000000000000000000000000000FFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109F100A0C00000000000F01FEC\USAGE\SPELLINGANDGRAMMARFILES_3082|0500274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109F100A0C00000000000F01FEC\USAGE\SPELLINGANDGRAMMARFILES_3082|0600274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109F100C0400000000000F01FEC\USAGE\SPELLINGANDGRAMMARFILES_1036|0500274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109F100C0400000000000F01FEC\USAGE\SPELLINGANDGRAMMARFILES_1036|0600274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109F10090400000000000F01FEC\USAGE\SPELLINGANDGRAMMARFILES_1033|0500274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109F10090400000000000F01FEC\USAGE\SPELLINGANDGRAMMARFILES_1033|0600274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109F100A0C00000000000F01FEC\USAGE\SPELLINGANDGRAMMARFILES_3082|0700274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109F100A0C00000000000F01FEC\USAGE\SPELLINGANDGRAMMARFILES_3082|0800274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109F100C0400000000000F01FEC\USAGE\SPELLINGANDGRAMMARFILES_1036|0700274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109F100C0400000000000F01FEC\USAGE\SPELLINGANDGRAMMARFILES_1036|0800274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109F10090400000000000F01FEC\USAGE\SPELLINGANDGRAMMARFILES_1033|0700274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109F10090400000000000F01FEC\USAGE\SPELLINGANDGRAMMARFILES_1033|0800274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109F10090400000000000F01FEC\USAGE\SPELLINGANDGRAMMARFILES_1033|0900274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109F10090400000000000F01FEC\USAGE\SPELLINGANDGRAMMARFILES_1033|0A00274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109F10090400000000000F01FEC\USAGE\SPELLINGANDGRAMMARFILES_1033|0B00274F
distribution: 1
category: Persistence mechanism
type: regkey|value
value: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004109F10090400000000000F01FEC\USAGE\SPELLINGANDGRAMMARFILES_1033|0C00274F
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\10MU_ACBPIDS_S-1-5-5-0-62127
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\10MU_ACB10_S-1-5-5-0-62127
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Global\552FFA80-3393-423d-8671-7BA046BB5906
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Global\MTX_MSO_Formal1_S-1-5-21-2092356043-4041700817-663127204-1001
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Global\MTX_MSO_AdHoc1_S-1-5-21-2092356043-4041700817-663127204-1001
distribution: 1
category: Artifacts dropped
type: mutex
value: Global\MTX_MSO_Formal1_S-1-5-21-2092356043-4041700817-663127204-1001
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\10MU_ACB10_S-1-5-5-0-62127
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\ZonesLockedCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: Global\MTX_MSO_AdHoc1_S-1-5-21-2092356043-4041700817-663127204-1001
distribution: 1
category: Artifacts dropped
type: mutex
value: Global\552FFA80-3393-423d-8671-7BA046BB5906
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\10MU_ACBPIDS_S-1-5-5-0-62127
distribution: 1
category: Artifacts dropped
type: mutex
value: Local\ZonesCacheCounterMutex
distribution: 1
category: Artifacts dropped
type: mutex
value: \Sessions\1\BaseNamedObjects\Global\_MSIExecute
distribution: 1