Microsoft Word and Sandboxes

This brief post describes two Microsoft Word-related tactics an attacker could use to increase stealth: (1) reading the Office UserName from HKCU\Software\Microsoft\Office\Common\UserInfo for reconnaissance that may not trigger sandbox detection, and (2) renaming malicious documents to .asd/.wbk autosave extensions to evade sandboxes and detection; the write-up highlights these as potential evasion techniques but provides no evidence of active exploitation or a specific campaign.