Docs_2f74e1ab0f88c625f6e3fd38f78c80dd_doc_2019-07-17_17_30.txt

1.  
2. * MalFamily: "B06EDF68"
3.  
4. * MalScore: 10.0
5.  
6. * File Name: "Docs_2f74e1ab0f88c625f6e3fd38f78c80dd.doc"
7. * File Size: 189440
8. * File Type: "Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, Code page: 1252, Template: Normal.dotm, Last Saved By: Administrator, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Jul 17 14:27:00 2019, Last Saved Time/Date: Wed Jul 17 14:27:00 2019, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0"
9. * SHA256: "d088e106abfc8fd8e98e0b498b705fbe84abc16a28f4a938d8deb9538a3f7fd7"
10. * MD5: "2f74e1ab0f88c625f6e3fd38f78c80dd"
11. * SHA1: "25abf660276db5ee9caa4276391a3ce27b28ba38"
12. * SHA512: "533d2c989944cd20551633704ce869755e3218a14ed8761a24d1ab180bf1a86a1763344136d847deea59948ddc83cb48cf045249a9b10af528ccf66155b09d2f"
13. * CRC32: "B06EDF68"
14. * SSDEEP: "3072:keWVjjswlZaLdScXjjHXoiqufOJ7De5Zp+2ODjXrqJ7C:keWVjjswvmgejjHHhU"
15.  
16. * Process Execution:
17. "WINWORD.EXE"
18.  
19.  
20. * Executed Commands:
21.  
22. * Signatures Detected:
23.  
24. "Description": "Attempts to connect to a dead IP:Port (9 unique times)",
25. "Details":
26.  
27. "IP": "23.59.214.201:443"
28.  
29.  
30. "IP": "52.109.16.5:443"
31.  
32.  
33. "IP": "52.109.6.40:443"
34.  
35.  
36. "IP": "65.52.98.231:443"
37.  
38.  
39. "IP": "104.18.24.243:80"
40.  
41.  
42. "IP": "72.21.91.29:80"
43.  
44.  
45. "IP": "69.192.108.32:443"
46.  
47.  
48. "IP": "51.15.137.172:443"
49.  
50.  
51. "IP": "23.15.4.32:80"
52.  
53.  
54.  
55.  
56. "Description": "At least one IP Address, Domain, or File Name was found in a crypto call",
57. "Details":
58.  
59. "ioc": "chevronaccent.glox"
60.  
61.  
62. "ioc": "ontent.inf"
63.  
64.  
65. "ioc": "gosttitle.xsl"
66.  
67.  
68. "ioc": "quations.dotx"
69.  
70.  
71. "ioc": "rings.glox"
72.  
73.  
74. "ioc": "architecture.glox"
75.  
76.  
77. "ioc": "harvardanglia2008officeonline.xsl"
78.  
79.  
80. "ioc": "ist.glox"
81.  
82.  
83. "ioc": "sist02.xsl"
84.  
85.  
86. "ioc": "ccent.glox"
87.  
88.  
89. "ioc": "gb.xsl"
90.  
91.  
92. "ioc": "mlaseventheditionofficeonline.xsl"
93.  
94.  
95. "ioc": "chicago.xsl"
96.  
97.  
98. "ioc": "rid.glox"
99.  
100.  
101. "ioc": "..3b"
102.  
103.  
104. "ioc": "gostname.xsl"
105.  
106.  
107. "ioc": "pictureorgchart.glox"
108.  
109.  
110. "ioc": "rame.glox"
111.  
112.  
113. "ioc": "turabian.xsl"
114.  
115.  
116. "ioc": "rocess.glox"
117.  
118.  
119. "ioc": "set.dotx"
120.  
121.  
122. "ioc": "nline.xsl"
123.  
124.  
125. "ioc": "ieee2006officeonline.xsl"
126.  
127.  
128. "ioc": "e.gu"
129.  
130.  
131. "ioc": "adial.glox"
132.  
133.  
134. "ioc": "iso690.xsl"
135.  
136.  
137. "ioc": "asis.thmx"
138.  
139.  
140. "ioc": "content.inf"
141.  
142.  
143. "ioc": "etropolitan.thmx"
144.  
145.  
146. "ioc": "iew.thmx"
147.  
148.  
149. "ioc": "anded.thmx"
150.  
151.  
152. "ioc": "ividend.thmx"
153.  
154.  
155. "ioc": "rame.thmx"
156.  
157.  
158. "ioc": "erlin.thmx"
159.  
160.  
161. "ioc": "uotable.thmx"
162.  
163.  
164. "ioc": "arallax.thmx"
165.  
166.  
167. "ioc": "ype.thmx"
168.  
169.  
170. "ioc": "ircuit.thmx"
171.  
172.  
173. "ioc": "g.n9"
174.  
175.  
176. "ioc": "roplet.thmx"
177.  
178.  
179. "ioc": "avon.thmx"
180.  
181.  
182. "ioc": "amask.thmx"
183.  
184.  
185. "ioc": "late.thmx"
186.  
187.  
188. "ioc": "vent.thmx"
189.  
190.  
191. "ioc": "esh.thmx"
192.  
193.  
194.  
195.  
196. "Description": "Performs some HTTP requests",
197. "Details":
198.  
199. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
200.  
201.  
202. "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
203.  
204.  
205.  
206.  
207. "Description": "A document file initiated network communications indicative of a potential exploit or payload download",
208. "Details":
209.  
210. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\x9a\\x1f\"\\xaf:\\x83\\xcbf\\x8bp\\x98p$\\xda\\x12l\\xba\\x8d\\x01\\x9e\\xbe\\x9c\\xd3\\xb8tm\\x8f\\xe0\\x82\\xdf\\x82\\x0e~h\\x03r\\xfc\\x01\\x99\\x1dm\\x93\\xdb\\xf8\\xf3e\\xb0\\xb9\\xc4o\\xd1\\xb4\\xd1\\x94d\\xb4c\\xd7\\x8f\\xb3\\x91$\\x1dj\\x97 \\xc0w=\\xf5\\x18\\x1cg\\xdb\\xe1\\xd3\\xbb^%\\x9aq\\x8c\\xfddr\\xce\\x13\rv\\xc1\\xc9\\x9b\\x06\\x02\\xeb\\xbat\\x1a7\\xb2^\\xf5\\x85\\xd8\\xc2\\x88\\x9a@\\x14\\xdc\\xacb\ng\\xb76\\xbf\\xff\\x95\\xd7\\x1d\\x98\\xaa\\xb1\\xcc5\\xc4p\\x95\\xa9\\xae\\x1b\\x14\\xa2\\xa8\\xbc^\\x0b\\x9f\\x12\\x06\\x80\\xbd\\x00\\x96:\\x8e\\x7f\\xc2\\xf7h\\xde\\x02\\x90\\x08shxb\\x13\\x1e\\xf5\\xe03\\x01\\xc9\\x96i\\xecs`\\\\xbez\\xf1\\x02\r\\>/\\xd2\\x1f\\x0c\\xa5\\xd3\\xae@;\\xab-\\x9di\\x9b\\xbb,\\x9d\\xf1\\x19lk\\x85\\x00\\x057/ol\\xf6\\xda9\\xb5x\\xc9\\xde\\xbb\\x94\\xec\\x8bf\\xf5\\x8e\\x17\\x93\\x83r\\xc2\\xc5\\xc8\\xfb\\xf2\\x91\\x80\\xac\\xa4o\\x91>%\\xcb$\\x03\\x0b\\x8f@"
211.  
212.  
213. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00~\\x01\\x00\\x00z\\x03\\x01/rr\\'!u\\x02g7\\xdaj)\\xde\\x85+\\xcb1)\\x8e\\xb1-\\xa1\\xd1=\\xde\\x8e\\xad\\xc0x\\xfe\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x009\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00 \\x00\\x1e\\x00\\x00\\x1broaming.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
214.  
215.  
216. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xf9\\xef<x\\xf3\\xeb\\x07\\x99\\xb5\\xff:\\xae\\xc4\\xe1\\x82>\\x93g\\xff\\x0f\\xe8\\x85\\xecg\\xaa\\xcey\\x13\\xae\\x1a\\x98\\xc3\\x08>a\\x8a\\x02\\xca\\xc0\\xf91\\xdd\\x00\\x11cp\\x92k\\xe7x\\x93\\x074\\xde\\xebe\r \\x15\\xc2\\xb9\\xef$\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x0f\\x8b\\xf2\\o\\x17\\xc8\rde\\xcf\\xe5c\\xce\\xca\\xeb\\xc7\\xb9&\\xd2*\\xe5)\\xcc$\\xf8\\x05k8\\x97\\x1a\\xf3\\xecw\\xbf22\\x05\\x9b?\nv\\xeb\\x98\\x15c\\xc1k"
217.  
218.  
219. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00z\\x01\\x00\\x00v\\x03\\x01/rrpzz\\xd9\\x8c@\\xff6\\xa4\\xc5\\xfe;\\xf7ya\\xdb\\xac\\xce\\xc7\\xd8\\x83hd4\\x8f\\xd3\\x85\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x005\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1c\\x00\\x1a\\x00\\x00\\x17odc.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
220.  
221.  
222. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x8fv\\x03\\xb7\t\\x1d\\x87n\\xb9\\x97\\xc6\\x96l\\xe3\\xc1\\xd2\\xb2o\\xf8\\xfe=z\\x1d\\xe0b=-\\xe1\\x8f<\\x97\\xf7i\\x8e0\\xf6\\xc3_\\x9d\\xe4x\\x10b\\x18\\x1c\\xda\\xb8\\xba\\x8e0i5\\x91<\\xba.\\x90^\\xf4\\x07\\xc8-\\xf4\\x12\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000`fi\\xe4\\xbf\\x98\\xa0vn|\\x97\\xf85\\x826\\xba\\x84c\\xde\\xa6\\x8b\\x08\\x1f\\xf2\\x0f\\x8fw\\x7f\\x82m\\xa4c\\x87\\xc7h\\xf6\\xc9\\xfeom\\x88\\xc7\\xc70\\x14\\xabz"
223.  
224.  
225. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\xaa\\xa1\\x82l\\xd3\\x1d7\\xec\\x81\\xd0\\xf7\\xf2a\\xd9\\x80\\xce\\xf5\\xdb<\\xd8\\xc2\\xcf\\xf4\\xf9uz\\xe5\\xbe\\xd8\\x94\\x08\\x93\\x07w\\xad\\xe3o\\x1d\t.\\xcc\\x7f,\\x0b4\\xfap\\xf5t\t6\\xb1x\\xb4 \\x1e\\xbf\\x9d\\x12\\x02r\\x0b\\xda\\xcbi\"\\xd4\\xaf\\x9b\r%t\\x06f\\x19u\\x93\\xa4\\xc4\\xe1i\\xc1\\xe8~\\xf9\\xd4\\x05^w\\x99\\xb8\\x8d\\xf4\\xa6\\xe1\\x97\\xe6 ?\\xd2r\\xd9\\xd9\\xc5\\x96\\xe4k\\xbc:guo\\xf6\\xf9t\\xd9\\xa8\\x18\\xc6\\x80\\x7f\\xcb\\xc8\\xf1\\x9a\\xf6sc`\\xc3\\x8c=g1\\x81we'\\x17\\xf4i*\\xa5\\xaal\\x1f\\xdf\\xc2\\xa4f\\x1de\\xffm'\\x05s\\xa3i\\x13\\xa0?=(\\xdd\\xf2lp\\xf4\\xad\\xce\\xc6,\tm\\xe2gw y\\xf1\\x06\\xff\\xf7\\xaat\\x13\\xf3j\\x10\\xc7\\x83\\x19\\x82\\x1f\\xef\\x14\\x9e\\xa2w\\x0c4d\\x03\\xfa\\x03\\xa7\\x9c\\xd9\\xd6\\xaf\\x1b\\x03\\x98d\\x07\n-\\xbbnd\\xb1\\x13\\x8e\\x0f\\xe9_\\x9c\n\\xeaa\\xe6x\\xab\\xc4\\xf6\\x03\\xfc|\\x93\\x86\\xc6\\xf7\\x1d\\xb3\\xb2\\xbc\\xd5"
226.  
227.  
228. "http_request": "winword.exe_WSASend_get /mfewtzbnmeswstajbgurdgmcgguabbtbl0v27rvz7lbduom%2fnyb45spuewqu5z1zmijhwmys%2bghunoz7oruetfaceai4elabvpzalrznpjlrv1u%3d http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nuser-agent: microsoft-cryptoapi/6.1\r\nhost: ocsp.digicert.com\r\n\r\n"
229.  
230.  
231. "http_request": "winword.exe_WSASend_get /mfqwujbqme4wtdajbgurdgmcgguabbrpc1vzt9qvn7bzy3iidtbhla4mkqquwiif1tycsck3fd7%2fhijo5ox%2f%2bn0ce3saagyvv14%2fmepdgh0aaaaabk8%3d http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: sat, 23 mar 2019 17:46:18 gmt\r\nif-none-match: \"dd54d75d468"
232.  
233.  
234. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p3\\x8d5\\x8a/\\xe3,\\x049\\x10n\"\\x1b\\xf3\\xd8\\xf6\\xe8\\xca\\xc5\\x18q\\xd2\\x07k\\xcd\r\\x86\\xa6\\x90md\\xafy\\xd1\\xae3\\xcau\\x0b\\xeen.\\xb59s\\xb2\\xb4\\x9c=\\xcc\\xb1l\\xe7\\xfdur\\xb3\rsj;.:2\\xbe\\xfdt\\xca\r\\x89\\xb7\\xe0<(\\xd4\\x99\\xe0\\xef\\qbx\\xb3\\x9c\n\\x18\\x8c\t\\x1aur\\xca\\xc0\\x8f\\x97i\\x88\\x8e5\ni\\x13\\x9f\\xc9\\xdb \\xba.\\x1c\\xf9/\\x03\\x14\\xba\\x19\\xbd\\x96--\\xa6\\xd80n\\xb6z\\xf6\\xf4\\xd8e\\x96a\\x8d\\xcf\\xc8w#\\x05\\qfy\\xd3\\x89p\\xf8\\xde\\xa2\\xaa\\x19:k\\xc3\\xacu\\x07\\x07\\xd5\\xf8\\x009\\xe3\\xa1n\\xee*\\xfe\\x91j\\xd6+\\xb6\\x0f\\xcc;\\x84\\x86b\\x0fqa\\x96z\\xc2\\xe72\\x8f,=p\\x9d\\x96\\xa7\\xf4\\xe2\\xb0a\\x858\\xfa\\xc5e&w\\x0et \\xb3\\\\xdei\\xdfh\\x9f\\xda+\\xc6^\\x02p\\x1f\\xe4e\\\\xb4n\\xb2\\x083\\xf7\\x7f`\\xbb%?l\\x806q,\\xf3o.\\x89\\xb1\\xeb\\xday\\xb5\\xdb"
235.  
236.  
237. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x02 b\\x1b\\xbbz\\x073\n\\x97r$\\xd5f\\x91$@i5\tb\\xb1\\xd6\\xb1\\xd3\\x82\\x17\\xa0\\x0cc\\xf2\\xba'o\\xf6:\\xb4\\xecn\\xcc\\xe2\\xb0\\xe0\\xd5\\xa6\\x00\\x83f\\x01\\xbcm\\x91d:\\xb4\\x0b:`\\xfe\\xe9\\xf4,v\\x9e\\x9a\\xb5\\x91k0\\x18\\xb5\\x92r\\x99h\\xa6\\xba\\x86\\xed\\x19.m\\x02\\xcf\\x14\\xda\\x01\\xb7e\\xdd\\xd7\\xee&\\xea/\\xe3m\\xa0\\x01\\x9c\\xf2z\\x7fyqk\\xe34p\\x81+\\xcb\n\\xe8i! g\\x07\\xb5\\xbaq/\\x9b\\xa2\\x82\\xc3\\xb3\\xb6\\x93u\\\\xc5\\xf7\\x83\\xb7\\xa9\\xbao'(\\x01\\x80\\x02z\\xee*+\\xd1\\xf6\\x86\\x8b\\x11b\\xc4j\\xf4;\\xdb\\x81e\\xbcah\\x95m0\\xa5o\\x86\\x82\\xa3kwx\\xf0\\xe9\\xb8\\x83\\xd0f\\xdc\\x92o\\xf7\\x8b\\xe3\\x0e\\xe7\\xc6\\x93\\xb0\\xebl\\x8e\\x13\\xae\\x13\nj\\xc0\\x91k\\x05\\x83\\xdf\\xcet\\xd4)\\xb1\\xb8o\\x7f\\xb7\\xc3\\x16\\xc05\\x92t`\\x13\"\\xa2\\x9dmy\\x1e\\x1d\\xb2f~\\xca\\x02y\\x81f\\xab2+\\x804\\xbc\\x0e$\\xa6\\xa4\\xb2\\xad"
238.  
239.  
240. "http_downloadurl": "winword.exe_URLDownloadToFileW_https://surprizea.net/minsk.exe"
241.  
242.  
243. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x7f\\x01\\x00\\x00\\x03\\x01/rz\\x99\\x87\\xa7\\xaft\\xee\\x89\\xbeq\\x81r\\xa0p\t\\x88\\x95i\\x96\\xc2i\\xa4h\\xf7\\xcc\\xfdd\\x88\\xb8\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00:\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00!\\x00\\x1f\\x00\\x00\\x1cactivation.sls.microsoft.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
244.  
245.  
246. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x01\\x06\\x10\\x00\\x01\\x02\\x01\\x00'\\xa9\\x80\\xd8\\x1f\\xd6\\x9d\\xf3\\x83\\x01\\xc4\\x1c(j\\xbc\\xd9\\xc4r\\xc9a\\x8e\\x90\\xe5\\xafp)\\x0e\\xfb\\xb3\\xe1\\x88\\xaa\\x8f\\xa8^j\\x05l\\xd5=\\xcc\\xfd\\x87\\xb3\\xfcp\\xb9\\xd02\\x08\\xd0#>\\x0br\\xcd\\xd3@,\\x1e\\xcd5a\\x8c\\x86\\xc8\\x17\\x1a\\x05|\\x12d\\x03q'\\xfe\\xdb@?\\xbf\\x99\\xa1yrwi\\x8e\\x18\\x16\\xbb9\r\\x98&7\\xf8\\x10_\\x02nk\\xdd\\x1f\\xa7\\xfe\\xea\\xffb\\xe7\\xcb\\x06\\xc2`p2\\xe8#\\xaa\\x1e/f\\xac\\x083\\xe3\\xb6\\xca(v\\xb3\\xe7\\xe7q\\x9f\\x04\\x90\\x08)\\xb6\\xd3\\xdd\\xf7\\xc4!,\\x9cz\\v\\xe1c\\xe03\\\"\\xf6!\\x7fa\\x8b\\x10jq<\\x10\\xd8\\xb8:\\x11w\\xe7\\xfb\r\\xe2\\xba\\x9b\\x1fff\\x0bi\\xbbw\\x90n\\xb5\\xb8*\\x80/\\x81\\xbed\\xe0\\xcf\t\\x14uw\t;\\x10\\xa3ex\\xd5\\xea|\\xae\\xb9n\\x84\\x19\\xe2\\xf2\\xe7\\x9ed\\xff@\\xaa2r\\x01l\\xc4\\xdf\\xf7\\xcf\\x15!\\xd1s\\\\xf0\\x7f\\xf84\\xff\\xf1"
247.  
248.  
249. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01`\\x13\\x8cg*n\\xfa\\x12+t\\x88/u\\xef)z\\x82w\\xaf\\x9f\\xa8u\\x83\\xeb\\xcb\\xde\\x83n\\xda\\xc70\\xbc\\xd5\\xc2o\\x1c\\x91bu\\xcejh+\\xee\\xd0\\xc6\\xf4\\xfd\\xf285\\x16?\\xb6\tu\\x08\\xe4\\xcd\\x11\\xb4\\xb4\\x0cad\\xf9f?\\xfe1$\\x19\tn\\xc9\\x8fq\\xdd\\x18\\xe4,1\\xf8\\x8bz\tk\\xc5\\x89\\xdfpqec\\x9e\\xddw\\xa0\\x82\\xb2t7\\x83t\\xb9y\\x01\\xf0l\\xc8s\\xd5\\x10y\\x1f\\xf4\\xf1\\x93h\\x94\\xba\\x89fms\\x0c\tz\\x03\\xc8\\xa7'vu+d\\xb1\\x08\\xde\\x8e1\\xab\\xf9\\xc3*`\\x99\\x0b\\\\x99\\xa8\\xee\\xf3\\x94\\xc0*\\xaf\\x91\\xb5\\x94\\xc5\\xd5\\xd0\\x81\\x17d\\xbe\\x90\\xe5cb\\xf3\\x06\\x9f\\xe3j|\\x82w\\xe6\\xc3\\x81r\\x10q\\xfd\\x17\\x12\\x86\\xe87\\x89\\x91\\x15\\x0e\\x8cg\\x8a\\x05o|\\xcc\\x8e\\x0e\\xfe\\xb8jh\\x07\\xd3\t\t\\xa4\\x8e\\xd4p\\x1dy\\xcf\\xa1\\x88\\x90\\xb0\\x89a9\\xb5\\x05h+\\xc1\\xfeg\\x8d\\x9a\\\\x94w\\x84ml\\x1e\\xe5\\xab"
250.  
251.  
252. "http_request": "winword.exe_WSASend_\\x17\\x03\\x019p\\xe2^o\\x10\\x8e\\xf9\\x9b\\x10\\xd9\\x86gcl\\xdb\\xcb|\\xb5\\xc0\\x9a\\x7f\\x92w\\xdc\\xb1\\x90e\\xfc\\xb93\\x87\\x81\\xcb\\xf5\\xb3\\xce\\xfe\\x02\\xb7)\\xf4\\x8f\\xef\\xe8\\x0eh\\xa4\\xab\\xf2\\xa5\"x(\r\\x82xpy\\xf1l|a\\x9b\\xc2\\xaa\\xe65\\x91\\xb0\\xfb\\xa9\\x05\\x0b\\xba\\xce\\x13\\xd2\\xdb\\xce\\xb6\\xae\\xb3:\\xba\\x1f\\xc91v_\\xf9<\\xadup\\xcf\\x0e\\xeb\\xcd\\xb6\\xba\\x92:q\\xa6yd\\x9a\\xfc\\x15\\xe46#\\x91\\xe3ebq\\xad\\x0e\\xa4\t\\x9b\\x84\\xda\\xf8o\\x93\\xcc\\xb2\\xeb:\\xa8\\xd8\\x8e\\x8a7e\\x15\\xc6h\\xa7/\\x01\\x8f.=\\xc3+\\xb7\\xe9\\xc3\\x8c\\x1f\\xc7\\x04\\x14\\xf3\\x84\\x08\\x89\\xf5\\x85\\xd3l\\x100\\x86h\\x89f\\x1f,\\x9ca\\xd5^\\xa6$t\\xdef)\\x06\\x94t\\x80\\x06\\x00\\x15/\\xed\\xa25\\xeez\\xec\\xd9\\xb6\\x18\\x83\\x16\\x95\\xaf\\xd2\\x98g\\x1c\\xbf\\x8c'\\x89\\xf6\\x82o)>\\x0b!\\xc2\\xf1\\k\\x1e65\\xa4\\x07\\x80\\x14z-\\xb2\n\\x88\\xbds\\x0be\\xfeo8\\x13i\\x82<\\xfb6"
253.  
254.  
255. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x01\\x00\\x00y\\x03\\x01/r\\xd7?*\\xc3\\\\xddp@\\xcc\\xd9\\x06\\xf5k\\xbb\\xb8`8\\x87\\xf1b\\xe1\"1p\\x15e\\xc9\\xcd\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x008\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1f\\x00\\x1d\\x00\\x00\\x1atemplateservice.office.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
256.  
257.  
258. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xc5\\x9f\\xd1\\xdd\\xdc\\xeb1\\xfer\\x0c\r\\xb8u\\xe4\\xd3\\x0e\\x9a\\x0c\\xc2\\xcd\\x8fh\\xe1\\x99\\xec\\xc5\\xec\\x82\\xc4\\xd7\\xf2*9\\il\\x86\\x13\\x8f;\\xd0\\xd6\\x18x\\xf0\\xe0\\xa1\\x86i\\x89|\\xd4\\xd0\\x05i\\x86\\x82~n\\xd2+/0\\xf1\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xa0\\xc1\\xa8\\xd7`\\x12:\\xe0j\\x10\\xe0~\\xac\n\\x83\\x98z\\xc3wq\\x8b\\xe8\\xaev\\xa0\\xeav\\x16\\x1b:\\xae\\xf1)qhx\\xe2v\\xf3\\x81x\\x13\\xb8\\xa1t\\xea\\xa7"
259.  
260.  
261. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01pc\\x91oc\\xdesl=\\x9f\\xef\\x91ie\\x95\\xd7\\xb3g\\x91\\xbfs\\x06\\x9cz\\xec\\xc1\\xcb\\x00\\xf5\\xaf\\x8e\\x82z\\xe2\t9\\xec\\xf0~\\x88!-\\xfe-\\x92t\\xd1n\\xe7\\xe4\\xc4n\\x92m>7efr\\xd5\\x0b\\xbe\\xf5\\xf2'\\xac\\x99\\x8c~\\xe60|\\xebsc\\x85\\xeam\\x87so\\x9b\"4\\x95\\x87\\xe4c\\xa1\\xe2\\x1e\\x97\\x04wr\\xbczk$\\xd6\\x8f\\x14x\\xc3\\xad\\xfa\\xd9\\xb2@\\xf6g\\xcd\\xd6\\x9a\\xcd4\\xb0\\xce=\\x9b\\xfc\\x82\\x1c\\x11\\x93\\xb8p\\xd4\\xd3\\xc3\\x13\\xf3\"\\xd9l\\x82\\xe4\\x9a\\x08$\\x03f\\x19\\x04\\x1f?\\xa8y\\xfedv\\xee\\xc5t'\n#p\\xec\\xb5\\xb6\\x82r\\xc7\\x94\\xa7\\xcdk\\x01\\xe7\\xbf\\xb8\\xfe6\r?\\x13\\x06=\\xc6\\xae-\\x9f\\x9f\\xe1\\x12w!\\x88\\xab\\xf6\\x9be\\xd0\\xac\\xdfk\\xec\\x02w\\xca\\xd0r\\x0f@\\xd7t)h$1\\xb7\\xf2d\\xc1\\xf8x\\xb0|\\xda\\xd9|\\x99\\xb3\\x96\\x90j:\\x07\\xa9\\x04z\\xed\\xda\\xaa\\xff\\x96\\xd6\\xe5\\x1c\\x86\\xbe\\xf9\\x88\\x86=\\xa3*\\xee"
262.  
263.  
264. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/ry\\xb0\\xeecu\n\\xea\\xc5\\x19\\xc6m(\\xd9nbq\\x0f\\xa7nb\\x0e\\x90\r\\x8e\\xe6\\xd2f\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
265.  
266.  
267. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xb4\\xe7\\x13\\xcb\\xa7g\\xd5\\x8f\\x1f\\xb5\"\\xedd\\xf1\\xc7,b&\\x1a\\x9aw~\\x1az\\xb5o<\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
268.  
269.  
270. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\x86\\x85lb\\xe3\\xb9\t\\xf7\\x052la\\xcb\\x98\\xa7\\xb1\\xe99\\xcb\\xa6:a\t\\xac\\xa2\\xbe\\xef\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
271.  
272.  
273. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\x7f\\xf2\\xbc\\xbf\\xfdz7|\\xb7\\xfa\\x02\\xd5\\x81`\\xb8\\xd94y\\x17b\nn\\xecn\\xb5\\xb4a9\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
274.  
275.  
276. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xc3h\\xe9\\xe4:fycvn\\xaei\\xc4\\x8aj\\x86\\xaf\\x15_\\x86\\xe5\\xb1\\x17q8\\xd9\\x1d\\xf9\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
277.  
278.  
279. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xa2\\xf1\\xb1#\\xf75he\\x8b\\x8c\\xf8\\xd8\\x9b\\xb3\\xc96z\\xe7p\\x91j\\xc3\\x86\\x03|\\xe5\\x01\\x9a\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
280.  
281.  
282. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xdc\\xd3f\\xe8j o;\\x9b03.\\xbfb\\xa1q\\xee\\x913\\xc4\\xb2\\x85\\xc5\\x8b\\x8d\\x83\\x9f\\xab\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
283.  
284.  
285. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r$\\x1d%8\\x02*v\\x8a\\x8bd\\x8d\\xe8\\x8a\\xdc<\\xfb9h\\x81\\xe5x\\xf9z\\x87\\xdb\\xb0\\xad\\xb2\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
286.  
287.  
288. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r^\\xcc\\x9e.\\xe2\\xbe\\xaaq\\x9b@s\\xb0eib\\xde\\xa6\\x86\\xf5\\xa6\\x15a`\\x990\\xd6\\x85\\xd7\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
289.  
290.  
291. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xb8k\\x1a\\xf8\\xf2bm,\\xae\\x9a/\\x04c\\xc7+n\\xd8k\\x15\\xe2\\xabsd\\xce\\xc7~\\x8fu\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
292.  
293.  
294. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xa8\\xf7\\xd2\\xc8\\xc4\\xfc\\x07\\xfb\\x99\\xb51\\xe0ow\\x8cr\t\\x1a\\x8a\n\\x95\\x13\\x95\\xd3n\\xaa)\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
295.  
296.  
297. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xd7y\\x07x\\xde\\xac\r\\xc7\\xca\\xfc\\xcc\\xa3\\x11\\xd5\\xfd\\x1d;\\xac\\xdd\\xce|\\xebl\\x10n-\\xd8\\xf7\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
298.  
299.  
300. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/rg\\x0c\\x9d\\x9e)lo\\xb4\\x1em*@d\\xb2\\x11\\xfay\\xbcg\\x1d\\xd7z\\xa1\\xeb\\xcb@\\xd1\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
301.  
302.  
303. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r:j\t\\x01\\xcff\\xdch\\x067\\xb4a\\xcf\\xb8\\xd1\\xcbwb\\xc3\\x81\\xfc\\xbc\\xaef\\xcd\\xc1<\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
304.  
305.  
306. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xc6\\xaem\\xe4,3`\\x0c^\\xa8o\\xea\\x93\\xb4)\\x14\\xb0\\xfah\\x96\\x04e\\x8ak\\x86\\xbe\\x9fc\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
307.  
308.  
309. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\x89\\xb0'\\xec\\xeb\\x83\\xa4\\xe7f\\xb4\\xc7vh\\xeb\\xfb\\xc9\\xc8\\xbeb\\x0cz\\xe3ei\\xd6ol\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
310.  
311.  
312. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/rb\\xf02\\xb9s\\x13\\xae.h\\x97\\xf8\\xe1 _3\\x93\\x98\\xe47\\x0c\\xf2\\\\xd9\\x9f\r\\x9c\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
313.  
314.  
315. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xb4\\x8c\\xcf\\xfe\\x81\\xeas\\x02#\\xdc\\xa4\\xc7\\xb3\\xa9\\x99\\x13\\x98#c/\\x00\\xda\\xf2\\xd4;?a\\xd9\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
316.  
317.  
318. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xf4\\x10\\xa0\\xbar~\\x9f$(\\xf7i\\xe3\\x88s4n<;%\\x99\\x07-b>\\xfa\\x85i\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
319.  
320.  
321. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/ru\"\\xda\\x87z\\x8ce\\xc9\\x01\\xfe>7\\x11kr\\xf5\\x16\\xb3\\x15\\x17u\\xe0\\xa5\\x19;\\xba\\xfb\\xb0\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
322.  
323.  
324. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\x0cf\\x11\\x8a7\\x1b;y'\\xa1%o@z\\x04\\x06\\x86\\x86\\x0c\\xd6h\\x18b\\xb9~\\xf6q#\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
325.  
326.  
327. "http_request": "winword.exe_WSASend_\\x16\\x00\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r;\\x06\\xd21\\xe0\\xd2\\x19=\\xdc\\xe5\\x0f\\x98a\\x88>\\x19\\xb3\\xe4\\xe4\\xcc\\x969\"\\x7f\\xba\\x83e\\xfb\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
328.  
329.  
330. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xc2ez\\xee\\xb9\\xab%d\\xb7t\\xa1o\\xc1byhfr\\xa4(\\x82p\\x95el\\xd15\\xe9\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
331.  
332.  
333. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xb0/,i\\xe2g\\xacb*\\x9b\\x1f\\x0e5\\xf6\\x95\\xb4\\xabo\t\\xdc\\x93y\\xb4\\xbb\\xa44\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
334.  
335.  
336. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xda\\xa0\\xe2bdr\\xc4\\xff&\\xa0\\x11xh\\x10\\x19w\\xd9\\xa18\\x960&ps\\xcfhc\\x83\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
337.  
338.  
339. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\x93\\x9d\\xdf\\xb0\\xc3\\x85\\xeb\\x817zy\\xe3hy\\xe0\\xb9\\x0e9;\\xadz\\x0b\\xb3\\x1f\\x8d\\xe0\\xb8\\xfc\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
340.  
341.  
342. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\x07\\x8c\rd\\x87,w+\\x96o\\xae\\xf4\\xec\\xa6\\x12\\x81\\x03c$r-\\x98d\\xf2\\xcb9+\\x88\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
343.  
344.  
345. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xe6\\x9f\\xa1,\\xc5\\x08\\x17\\x81x\\x0c)\\xce\r(q4\\xcf\\xa2j+\tx\\xa9^p\\xc6\\x05\\x8b\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
346.  
347.  
348. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\x0bf\\x89\\xda\\xe27\\xa2\\x1e\\xce:\\xc1\\xb0o\\xf3f\\xde\\xc7\\xcch;\\x99\\xa6\\x047\\xb1\\xe3k\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
349.  
350.  
351. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xa8\\xbf\\x16\\xae?)\\xcb\\x92\\xfc\\xeb\\xf4_(\\x98\\xf4\\xbakph\\xc9\\x175\\xc2o/\\x1f\\xbd\\xf4\\xc4\\xb6\\x0e4\\xc7\\x88o\\xd4\\xafd\\xd4%\\xec\\xb3yf@5j\\xff\\xf6\\xbe\\xed\"\\xaf\\x18\\xa8\\xc2\\xdb\\xaa\"\\xa8\\xd7\\xfd\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000p\\x7faozn\\xf5\\x95\\xf2\\xe9\\x85\\xca\\x07y\\xd1\\x96\\xb3\\xd4\\xf7\\x81st\\xfe\\xd7\\xba\\xcf\\x04p\\xce\\x90\\xde\\xf4s\nc\\xdb\\xf8\n\\xd6\\x03\\xe8\\xec>\\xbb\\xd1\\xe1\\x06"
352.  
353.  
354. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xb0\\xbf\\xd9t\\xa7\\x8di\\x8d,$7\\xa1\\xd0&\\xab3l\\x89\\x8c\\x18 f\\xb7r\\x92\\xbc-\\x90**\\xe5<\\x8f\\x0bj\\x9e\\x92\\xf9\\x9a\\xd3#\\x03g\\x0c\\xf3\\xe0s\\xc0\\xa6p\\xcb\\x1b\\x93b\\x80\\xf5\\x93v\\x10\\xeb\\xab\\x86?\\x8d\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000h\\x9c\\x10w\\xe8\\x12\\xfem\\xa7?\\xf8\\x16\\x87\\x8c\\xa5:t\\xe5x\\xaf\\xba\\x1b\\x93#\\xddo\\x03\\xf3\"vtc\\xbc^k\\xc0\\x0f\\xe01wo(\t\\xb1\\xb5p\\xf7\\x9b"
355.  
356.  
357. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04g\\xb6wf\\xf5&c5!\\x83\\xb0o\\xab\\xfa\r\\x0c\\xb2^\\x8f\\xf9\\x18g\\xff\\x12\\xae\\x02\\xf0\\xe1\\xaa\\x02\\xf5w\\x1e\\x03\\xc74\\x1a\\xdf\\xed-86\\xfb\\x0e!\\xd0\\xc0\\x92\\x8a\\xb7\\xe6\\xe3\\xbdg.\\x13\\xd1\\xa2\\xf4\\xc0\\xb0\\x9b\n<\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x84(\\x9a\\xfd\\xc3\\xba\\x9f4\\xb6r)\\\\x9fy\\x1a\\xc8\\xae\\x87*\\xe9\\xcdc1\\xeb\\x83\\xf4\\xcbk\\xb5\\x97\\xa7q\\xa4\\xd3s\\xe9\\x7f~\\xaa?\\xbf\\xa1^\\xbb\\x11\\xcfc"
358.  
359.  
360. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xdc,\\xd7\\x12t(\\xc0\\x02o&c\\xa7\\xbb\\xaa\\xc9\\xe6\\xae#v\\xeds\\xc6\\xf1\\xd6zk<k\\x8b\\x1a\\xe8\\x91g\\xd9k\\x0f\\xa5\\xc6\\xba@\"\\x0bi\\xa3*k;t\\xf3\\xa6\\xa5\\x91,\\xac\rh1\\xa0\\x88\\x88\r\\xb5=\\x05\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000ez\\xc9>5j\\xa0\t\r\\xfc\\x97\\x13\\xe7\\x1ads\\x04\\x861$\\x07\\xd5\\xb0\\xea\\xc2\\x03j\\xf0\r\\xf5\\x9d\\xf4d\\x8e\\xfa\\xf4\\x8f\\xddw4\\xddjz.7`q"
361.  
362.  
363. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xa2q\\xde\\x01\\xfci\\xd9\\x86\\xa8\\xb3\\x9ft\\xe6\\x8a*r\\x03\\xf1t5\\x9cw\\xa9\\x88\\x84\\xce\\xdf=\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
364.  
365.  
366. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\x08\\xb5?u\\xa6@s\\xbe\\x10\\xb6\\xefb\\xa6ksi^ j\\x84u\\x9d'\\x88&\\xce\\xa3d\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
367.  
368.  
369. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r.|i\\x8cp^h\\xb9\\xe1\\x88\\x15\\xa6\\x16\\xc3\\x84e\\xd6cc\\x17\\x13\\xeb3\\x8c\\x11\\xe1$r\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
370.  
371.  
372. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/rk\\x1b\\x1a\\x9d\\xa9cy\\xfd\\xf1\\xa1_iys\\xcd\\x17\\x93d\\x9a\\x95\\xd3no\\xf9\\xec\\x14\\xd1\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
373.  
374.  
375. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\x92\\x81\\xb9>u\\xeb\\xf5t\\xb8\\xc9k9r\\xa0\\x87\\xcfw\\x19\\x86\\x99qe\\x07n3\\xee\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
376.  
377.  
378. "http_request": "winword.exe_WSASend_\\x16\\x00\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r.8\nn\\xacp\\xfa\\xce\\;\\x05\\x8d\\xba\\x06\\x10)\\x89\\xc0\\x13\\x80\\x9b\\xa4\\xc0o\\$\\xfd\\x87\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
379.  
380.  
381. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\x1dy\\x95\\x8e\\x8c\\x99+\\x9b\\x03\\xf1@g\\x18\\x15\\xef\\xca\\x03\n4\\x06\\x9c?\\xf4%\\x9f\\x80'd\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
382.  
383.  
384. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r0j\\xcc\\xba\\x8e\\x98-p>\\x8c\\xaa\\x8b#f-\\x15bz\\x17\\xd4\\x8b\\xbe\\xb5m\\x99rz\\xce\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
385.  
386.  
387. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r7\\x95\\xf7\\xe5tn\\xb9\\x87\r\\xd1\\xc3.)\\xfb\\xcfw\\xf4\\x08\\xa4\"\\xa1\\xc8\\x1a\\xdcml\\x90\\xf1\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
388.  
389.  
390. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x0b(s\\xc7\\xdc\\xbb\\xf9|\\xbcs\\x8d\\x8f\\x88\\xd7a\\x86k\\\\xdc\\xff>e*=b\\x19\\xff4\\xbe\\xecc+y\\x12\\x85\\xb9-\\xf6\\xd8/\\xc0z\\xc8\\xc3v\\xb2\\xc2\\xd1\\xa2\\xf4\\x92\\xc0\\x82\\x84h'd\\x0e\\xf0\\xdd\\x13\\xb1+\\x1a\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xbb\\xb4\\xc2vr2\\x8bxa~\\x88\\x17\\x97h\\xd3&x\\xbf)\\x10\\xa4/\\x0e\\xd4um\\x9b\\xa1\\xbf\\x82bz\\xcd9\\xa2,\\xe1\\x04=\\xc31\\x9b\\xd2\\x0f\\xd1&q\\xac"
391.  
392.  
393. "http_request": "winword.exe_WSASend_\\x16\\x00\\x01\\x00f\\x10\\x00\\x00ba\\x04uo\\xde\\xcd\\x9b\\x0b\\x01\\xb7\\xe2\\x07\\xba\\xd1\\xf1\\xd9yc\\x99\\xd9!\\x85\\x0e\\xa1\\x81#\\x13\\xb4\\xa5\\x17\\x1emy\\xbe\\xd4\\xd8\\xc2\\x9d\\x85\"j\\x85\\xd3\\xe2f\\x0c\\xcf\\xb9\\xc7a&d\\x8a\\xaca\\xce\\xbeiw!@\\xa5\\x9c\\xf5\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x0002\\xa8/\\xebs2c\\xe4\\xa1\\xc8\\x8c\\x055v\\xbc$l\\xdd-5cm\\x89\\xb9\\xee\\xfab\\xeb#c\\x1b\\xf9\\xa4\\xee\\xc8\\xd3\\x1ch\\x95f\\xa3\\x11\\xdd\\xea\\x94\\x04_\\xc0"
394.  
395.  
396. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04h\\x02l.\\xb6afj\\x89i\\xcc\\xf6yk\\x83\\x956>\\xe6z\\xec\\xac\\xa0\\x12\\xc6h\\x96\\x95'\\xd6\\xcd\\xee\\x8a\\xfd\\x04\\x00\\xf9^@\\xe9\\xd0\\xda\\xb3 \\xf8\\xfe\\xca\\xc0\\xdd\\x92\\xce3\\xfa|rl\\x81\\xb31s)g\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xaccmf\\xe3\\x90\\x92\\x8e-\\xec\\xcde0\\x98;~\\x9f\\x9d\\xc1\\xbe\\xfbn\\x8d\\x1e()\\x1cfv\\x82\\xf7yko\\xdc\\xa5css\\x88\n\\x8f\\xd5\\xcf\\\\xd8\\x1db"
397.  
398.  
399. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xbd0\\xe2=3\\xe2\\xc74\\xe6\\x8aw\\xb9\\xce\\xa6\\x9f\\x99\\x12\\x16\\xe3\\x0f\\x96\\xb0\\xd5\\xf2\\x9fr\\x9cz\\xc3%\\x02n\\xe0&k\\xa2\\x9ca8\\x1a\\xcc6\\xe0!\\x00c/\\x93_a-\\xc0\\xce&\\x99$`\\xb8l\\xf6\\xf9\\x9c\\xfb\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x1cl\\x0fshwr\\xc7\\xf9\\xfa4g\\xb6\\xee\\x0ewf\\x9c7-\\x1d\\x06\\x9f\\x8e\\x80\\xfbm\\x8b\\x13\\xbe\\x124f\\x84\\xe9\\xb1\\x1f\\xc8\\x1bg\\x93\\x16\\x0f0u\\xe6\\x13"
400.  
401.  
402. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04`\\x93i\\xf7~\\x0fi5n\\xc02\\xa2\\xc2\\xf8\\xda\\x16y\\xddti$\\xd9\\xea\\xaa\\xb5\\xf7j\\xc8\\xf6\\xcfs\\xd1\\xd7\\xa0\\xb3ne\\x13\\x0f\\xd0.\\x02\\xf5\\xc2\\xcc\\x9f\\x94x\\xc8fi<\\xf1\\x9a4\\xa2\\xfdm\\xd5\\xfex\\xf1u\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000%(\r+lq\\x80_@+\\x0ed\\xf1z\\x96m\\x11\\xfc\\xff\\xd72\\x92\\x90\\x00:qtj;\\xe3fu\\xcd#;\\xacl\\xa2\\x08\\xb0\\xcd\\xc0\\xb4\\xdb\\x845 1"
403.  
404.  
405. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x035\\x19t\\xc8\\x9c\\xdc\\xddp\\x92v\\xb0\\x88y\\xcc\\xd5)\\xa4\\xe7\\x81\\x01\\xa4\\x0c\\xfeq\\x1d\\x82k\\xca~\\x9c\\x19\\xc4\\xd0p'\\xf5s=zwy\\xe6\\x0fzo\\xfd\\x92\\xbc\\xd0\\xdc\\x01\\x1d\\xa39\\x1f\\x86\\x85\\x15\\xaa\\xfd\\x9a)z\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x98\\x94jo\\xc9\\xa3u\\xfe\\xd9`4\\xf39\\xf9\\xb9\\xb1\\xbc\\x98\\xf1\\xb3\\x88*\\xce\\x94\\x98\\x9ec~\\xe1\\xc4.\\x92\\x93\\xe6@\\xbf\\xf7\\xde~\\xcb\\x8f\\xcex\\x0bh_"
406.  
407.  
408. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xca\\x92\\xa7\\xb2yhov\\x98\\xca\\x81\\x03\\x85e|\\xb7\\x05h\\x9e\\xa7\\xe0'\\x13\\x06\\x85\\x95\\xe8\\xbd\\xda\\x16\\x03\\xf4f\\x04\\xb7\\xbb\\x8f\\x818\\x17\\xbfn\\xfb&\\xf3\\xb1o\\x0c_\\x0f\\x0f\\xb3s\\x1bs\\x0f\\xf3\\xe3*\\x19\\xa6t\\x80\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x84l\"\\x8b\\xbd\\xeffc\\xe8;\\xdd7m,xn<\\xa0n\\x88('\\xb0\\x85\"\\xf6\\xfa\\xf5\\xc1\\x88\\xe4\\xa1s\\xcf\\xff\\xa1\\x05\\x8f\\xbd\t\\xa8\\xd0\\xf8|f*g\\xb4"
409.  
410.  
411. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x9cj\\xc2\\x81if:>\\xf1\\x93\t\\xe7\\x10\\x9e\\x99_\\x02\\xdevg\\xd1\\x97\\xc2$\\xc8h\\xfd\\xb5\\xc0a\\x8d\\x0bn\\xa0\\x05\\xf0\\xb1(\\x91s\\xa6\\x842\\xcd7f0\\xba8\\x13\\x93\\xf6\\x10\\xb8ul\\xa7\\xf7\\xbao\\xb6\"\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xc4r\\xd9c\\xf8\\x88\\xd3n z-\\x1c\\x1b(kk\\x18\\xe1\\xdc\\x84\\x97=\\x00\\x96\\xc5o*\\x8cit\\x92jd\\xd1\\xff\\xac\\x08\\xae\\xf9`\\xb1\\x85\\xc3\\x0c\\xf6\\xc1"
412.  
413.  
414. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x08\\j\\xd8\\xe9\\xa9\\x9c\\xaf0\\xc6\\xfb\\xfck\\x8ed\\x1bo\\x0b^j\\xf6\\xfdo\\xc8\\x971w\\x85e\\x07\\xe6\\xc0\\xc8\\x8b\\xf4\\x16\\xbfh\\xd1y\\x0be!r\\x14\\x84(\\x97\\x97\\xc0\\xf9\\x87\\x1e\\xe0e&\\x01\\xde!p\\xf2\\xa7+\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xeauh\\xcc\\xe0\t\\x91\\x81\\xd3\\x9b\\xcb \\xb4\\xd4\\xcf\\xbc\t`\\x9a\\xe5dk\\xa2\\xf3\\xb9f\\xd5\\xed\\xd9\\xe9q\\xb0z,j9r.\\x18\\xdbu\\x12\\x84@\\xbf\\x05\\x80"
415.  
416.  
417. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x83vg&\\xe2\\xfeh\\x94\\x90\\xc1\\xde\\xcao\\xbd\\xa0\\xbe9\\xf4ll\\x19s\\xbfp.\\xff\\xfb\\xf6v\\x93\\x89\\x8b\\x1e\\xd7r\\xa5\\x05\\x137\\x91\\x00n!+\\xfbv\\xe2\\x90b\\xbb#\\xd4^\\xa7\\xc4v\\x84&\\xa2\\xe7n\\xd6\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xe6*\\xde\\x94d\\x90\\xf0\\xf0k\\xa1\\xbe\\xa9\\xdb^\\xb6\\xabo\\xbd\\x96ri\\xa8\\x1a\\x04\\xe8\\x8d6\\xdd\\x90\\x81f\\xb7\\xf5\\xd9\\\\x9e\\xd8\\xe3:\\x15p\\x13\\xb6\\x01\\xa1l\\x85\\xf3"
418.  
419.  
420. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xb2\\x07\\xcb\\xe0`\\xe7\\xe8\\x8f\\x06;db\\xd3/i\\xa2g\\xe2\\x19&\\xdb!x\\xd7\\xf8\\x82\\x08\\x00f\\xbe\\x97\\xcb6#zi\\xf6\\x93`:\\xf4\\xd5\\xb3\\xc7\\xb6\\x80\\xb8\\x86'\\xc4h\\xcf\\xee~h\\x86\\xb9\\x01\\xcf\\xe2\\x8b\\x1bx\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xea\\xa8\\xef\\x12bn\\x17u\\x9d\\x80y\\xa2\\xc9\\xefe\\xf4\\x927\\x92(\\xd9pt\\xa7\\xf2td\\xda\\x1c\"\\xc4\\xc1z-lv2\\xba\\x00\\x94\\xc7\\x04\\xc2\\x89\\xe4(\\x10\\xff"
421.  
422.  
423. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xce\\xcc\\xc3\\xadhx`\\xed\\xda\\xdfz\\xb1d\\x938\\x8ci\\x99q\\xfe\\xfa\"\\x9b\\x7f\\xba\\xf6\\xd3\\xcdm\\x9c\\xe8\\x970\\xc9\\xd5f\\xb0g\\x9bjb\\xaa\\xb1\\x8b|\\xda\\xce\\xbf\\xe78\\xd8\\xb6\\xe6\\x89\\x85ssk\\xd5\\xf3k\\x1b\n\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x89\\xd9\\x92t^l\\x8fc\\x99\\xcc\\xd2\\xd1\\xca7\\xcd\\x19\\xfe\\x84f\\xa2e\\xda\\xe9\\xb9\\x06\\x9fh\\xbd\\x19\\x95\\x02\\x8bnj\\x02\\x15`\\xdc\\x8fx9~\\xach\\x03\\x8b\\xb8"
424.  
425.  
426. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x93\\xd0\\xfc!\\x00_*&4n~\\x04\\xdd\\xab\\xabm-\\x05ry\\xac\\xcd`a\\xa0\\x86\\x17\\xd1\\x14\\xcc\\x01\\x8c\\x00k*\\xae\\xb3\\xa4\\x9a\\xaa\\xea\\xc5?\\xec\\x8c|\\x1d*\\xfe\\xc6\\x97q~(\\xcc\\x93qj\\xa6\\x85\\xabjz\\xfe\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xc9\\x16\\x0e\\xf7\\xa9\\xa0\\xac\\xed\\xd5mxb\\xfa\\x8b\\xdb\\xbb^\\xa6\\xed\\x8c\\xc6\\x97c\\xd5\\x0b\\xc3\\xf6\\x90\\x12l\\x7f1\\x9f\\xc2\\xcd\\xf0\\x87\\x92=y\\xab\\xbe\\xe7\\xf4\\x85m\\x9f"
427.  
428.  
429. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04x&q\\xc5\\x8ey>yn\\xb6\\xeck\\xb3a\\x00?:\\x10\\xbdkyfm\\xf1c\\xd5\\x88$ \\x12d\\xdc\\x0b\\xe3\\x7f\\xf1\\x84\\xba\\x1cq\\x95\\x08\\x0c\\xe5\\x04i\\xe6\\xf41\\x96\\xed\\x03\\x06\\xc5c\\x01\\xe4\\x7f)\\x88t\\xf2\\xb5\\\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x9b9\\xe7\\x8f=c\\xe1\\xe4\\x9d``\\xd1\\xcc\\xe2\\x95zg\\xcd\\xe8v\\x81\\x85\\x9e6\\xc8$\\xd1\\xb4\\x89\\xfe\\x14\\x9f\\\\xfb\\x16v>\\xc3\\xfbeh\\x14q\\x0eg\\xc4"
430.  
431.  
432. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04`\\x8e$\\x97\\x1b\\xab\\x151t\\x1e.\\xd9\\x94j\\xc2\\xd7b\\xb5(\\xab\\xf9s\\x1a\\xc5\\xf8\\x97\\xe9\\x12\\xd0\\xfdv\\x1f|;\\xcc6o\\xfd\\x92\\x03/\\xb9\\xbcj\\xfa\\x9dj\\xe9\\x04x\\xc5\\x06\\xc2\\x85\\xe4qu\\x7f\\xfc\\xdc\\xcb\\xdc\\x9b\\xf2\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000oi!\\xd4\\x06/\\xce +\\xfa\\xe8\\xc8\\x7f\\xbe\\x1e\\x8b\\x1c(\"m\\xc3/\"\\xccs\\xeaarx\\xa8\\xe6\\xe5_\tq\\x84\\xa2\\xaa\\xeb\\x1c\\xe7\\xb3\\x84l\\x02\\xa3|\\x16"
433.  
434.  
435. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x044b\\x90\\xa6fk\"\\xd1p\\xe4\\xb3rs\\xf0\\x8c\\xf0\\x04`\\xbe@th\\xc8\\x89\\xfc\\xee\\xbf!\\x96\\x1c\\xd7\"\\x82\\xdb\\x8b\\xec\\x11\\x10\\xa0\\x98\\xa1a\\xdcn\\x92\\xfb;\\x10\\xba\\xf2\\xd4\\xfdh\\xda5u\\xec'\\x0b\\xf6\\x18\\xf3\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xa7\\xfd\\xc9\\x89\\x0bcj\\xa77\\x1bg3gr\\x80\\xfet\\x15\\xa7\\xca\\x1d\\x0f\\xe3m\\x7f8\\x1e\\xe0\\xde\\xa58\\xb1\\xefy\\xdao?_\\xb3\\xf9\\x13\\xd1\\xa5\\x89$"
436.  
437.  
438. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\x13\\x9b\\xd9\\x91\\x04\\xb2\\xc0\\x0ez\\xb5\\x99\\xfa|\\xdf\\x19\\xd6=\\x11\\x85\\xa5\\xf4<\r\t\\xcc\\xb4\\x94h\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
439.  
440.  
441. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xce\\x83&.i\\xd3e\\x17\\xbf\\x13\\xf9tks\\xb7\\xefj\\\\xdbi\\x01\\xcc-\rx<\\x9c\\x89\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
442.  
443.  
444. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04&_\\xa5an\\xbb9\\xc0>\\xfa%\\x9c;\\xc5\\x8e\\xefxc\\xb7\\x94@\\xb2\\x08\\x0b\\xd5#\\xf4\\xe9\\x84\\xbf\\x89\\xda\\x83r\\x10pl\\xb0\\xddh\\xa5\\xb7\\x08\\xbb\\x91h\\xa77kr+6w\\xb8d8\\x8a9~\\x05z\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x7f\\xc9\\xcc\\xe9\\xf9\\xeeuy\\xa5\\xf4\\xb3\\x03j\\xa0\\x8cs\\xe4q\\xb9\\xb8\\x03\\xaa\\xd8\\x02'\\xc5m\\xe4<\\xaf\\xc8\\xc7m!\\xaf\\xdb\\xfbk\\x08\\x12\ny$o\\xee\\x93"
445.  
446.  
447. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/ru\\xcbxr7\\x806w\\x8dj8\\x9d\\xc6$\\x04a\\x99\\x9a\\xe9\\xc9!\\x18\\xe16\\\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
448.  
449.  
450. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\x83z\\x86\\x01\\xef\\xf1\\xdbtlp\\xaf\\xa4\\xf1\\xefy\\x1a\\x8e-\\xba*\\xced\\x08\\x0cj\\xf6gv\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
451.  
452.  
453. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/rg\r\\xaat\ru0i6%r\\xc6\\x03\\x9e/\\xf5\\x99=\\xa2^f\\xc4u\\xf7\\xff'\\xec\\x04\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
454.  
455.  
456. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xf7\\c\\x81ivq\\x1d\\xdb\\xa2a\\x9f\\xe5h\r\"l\\xae&\\xfc.\\xb8zx\\xba\\x06\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
457.  
458.  
459. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xb5\\x12k\\xf4s?\\xa6\\x94\\xfa\\x91\\xcf\\xa3\\xaan\\x81\\xb3\\x969\\xe93\\x00\\x8e\\xd9\\xe1(t\\x1db\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
460.  
461.  
462. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xb3\\xc9r\\x91\\xad^\\xcc\\x90\\xc7&z\\xc3\\xd1\\xf8\\x1be4n\\x91\\x11\\xe5q\\xbcfb\\x19\\x94\\xd9\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
463.  
464.  
465. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xe04t\\xd8\\x13\\xd2\\xc4\\xc3\\xf2*\\x84d\\x9e\\x96`xf\\xd5e\\x8c\\x0b\\xcc@\\x19\\x1c>\\xa6\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
466.  
467.  
468. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\x12\\x82gy5\\xc4\\x82\\x00\\x7f\\xb5e\\xe4\\xce\\xbc\\xb1\\x1f\\xd1\\xc8\\x93\\x03\\xbb\t\r%\\x008\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
469.  
470.  
471. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/rrq\\xc2z\\xf4s\\xea*\\xbd\\x17\\x91\\x1bx\\xcf\\xd5\\x91\\x91\\x089\\xea\\xf3\\xaf\\xe3\\x9e\\x04h\\x07s\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
472.  
473.  
474. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\n\\xcf\\xc3\\x8a5\\xc1\\xd2\\xae\\xd84t\\xc7j<\\xc7\\x918v8\\xa9\\xb4gt\\x8f\\x14\\xd7\\xe9\\xd9\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
475.  
476.  
477. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04.4\\xdc,ryn\\xe10&\\x80t$k\\xf2v\\xb1(w\\\\x94p\\x9a\r\\xff\\x06>/!\\xd3hge3\"2\\xe5ynk\\x81\\x9a\\xd4\\xfc\\x95t\\xce\\x80r\\x85r\\x87\\x0f\\x89\\x0bqz\\xbaf\\xc4\\xde\\xcf\"\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x80\\x89\\xdf\\x88\\x1b2\\xb6\\xf9\\xd5\\xa2\\x1d'\\x93c\\xbd\\xab\\xa1\\\\xc0-ee\\x18mt/mtv\\xf3 6\\x0cc\\xb7\\x81\\xc5s\\xf1\\x109eak/\\xe5nu"
478.  
479.  
480. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xf3\\xf9\\x95\\xf2\\x10\\xc9\\x1e\\xedk\\x97\\xed\\xc7*@,\\xa9\\xc0\\x1e\\x8d\\xa7\\x0f\\xa8\\x8a\\x1a`.\\xdb\\xd2\\xbd\\x86\\xd7\\x01*e\\xf3q\\xd2\\xf8\\xaf\\x1b\\xcdx\\x94\\x00\\xea6\\x9cxc\\xa0t2\\x94\\xb3\\xd3y5d\n\\xe1\n\\xeb\\xd22\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xf4\\xa7|\\xf01\\xc5\\x0f\\x16+\"\\x81\\xb5\\x88\\x0e\\xaei\\x98\\xcc\\x90\\xf5';\\xd8\\xebl\\xcf\\xd1-\\xbc\\x08d\\x16\\xeb\\x0er\\x08\\xcb\\x9e\\xe8\\xf6\\xbe\\xd2\\*\\xafoc\\x94"
481.  
482.  
483. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04u\\xd8\\xf7gn\\x7f\\xdd\\xcd2\\x9f\\xb3\\xed\\x06\\x02\\xe0?\\xbd\\x03\\xc4#\\xc1k\\xdf\\x07v>p\\x16\\xdcw<\\xe3\\xa3d+k\\xb9\\xddw\\x0b1\\x1d\\x8bs\\xfe\\xc3@\n\\xd0\\xcbm\\xeb\\xed\\x0f\tff\\x03\\x82^b\\x0c\\xf21\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000~\\xf1\\x86kn\\x8e\\x9ayx\\x10\\xad\\x8b\\x84\\xfda\\x88vs\\x15t\\xb6o\\xa6\\xd2\\x0f\\xe9\\xba|\\xad\\x89\\xb2h\\xff\\x12>\\x19j\\xbf\\xe9\\xb8v\\xe8v\n\\xaa\\x9af0"
484.  
485.  
486. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xc7m\\x1e\\xef\\x8b\\x9a\\xb1\\x95\\x9b\\x1a\\x84\\x02.ad\\xd4\\xc0\\xefc\\xdc\\xa1\\x17\\xb1\\x17c\\xcd\\xbd\\xa0o\\xb2\\xb4\\xed2\\xf6\\xf4\\xa6 \\xebi\\xe1w(v\\xc0\\x10\\x18\\xf8^\\x1b\\xba\\xf9\\xd3(\\x1b|\\xb8\\xbe\\xa6\\x8b\\xc1v\\x86\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000)\\x93\\xd4\\\t\\xc1:\"$w 4\\xectdvrw\\xefi\\xf1)\\x9dk\\x98\\x01\\xbc\\xab\\xdam)\\xbd'\\xed \\xb8\\xbe\\xb1\\xc9on\\xdc\\xfdd\\xa5t\\xdc"
487.  
488.  
489. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04z\\x18\\xd0b\\xd2\\xef`\\xf4x\\xa4\\xf3\\xd9\\xa2\\xfa`\\xd7aq\\xf0\\xbf\\x9f\\xd8\\xd7\\xa1n\\x12\\xe4\\xa7\\x83\\xd9k@_0.\\x1cm\\xb4\\x0e\\x03\\xffa\\x14#|h\\x1a\\xfdy\\xd4\\xd59\\xe3\\xd3#b\\x1d\\x8e_>\\x7f5*\\xd9\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xc5\\xcc\\xce\\xd6\\xc3\\x93\\xedj\\xa2\\xee\\x8f\\xc2\\xb0\\xa7\\x85\\xe8\\x88p\\x1e\\x10\\x9ep\\x9d\\xcf\\xa9cq\\xeb\\xd3b\r\\xb2\\xc5\\x8e\\xc5p?\\x9e\\x06\\xae@g\\xbe\\x15\\x1e~\\x83"
490.  
491.  
492. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xe0k@c'o\\x1e\\xb2\\xdb((\\xc2*\\xe9\\xbb\\xa92m\\x9e\\xfc\\x15\\x06\\xd5k\\x07+\\xb8\\x87\\xa3=\\x98\\xb7\\x7fr\\x1b\\x8f\\xf7m\\xce\\xc6\\xbc\\x8f\\xab\\xa3\\xb7\\xfa\\xbd\\xb9d\\x1e\\xbd\\xe1\\xc1v\\xae\\xd4=\\x10%\\x97\\xf3vqj\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x8e\\x14\\xc9\\xc8=\\xd39\\x8cd\\xc5#tr\\x00\\x02\\xcd\\x18\\xbdu\\xc1)a7\\x18:\\x8f\\x03\\xf2\\xef\\xa1\\xfd\\xb0@9\\x8f\\xe9\\xbayv\\xf0\\xab\\xa7\\xebb\\xbe\\x8a\\xea"
493.  
494.  
495. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\\\x0b\\xcf\\x0e\\x1cd\n\\x99\\xc6\\x88\\xf7gp\\xb6\\xc3\\xa8\\xd0$\\xa9\t4\\xa9\\xf0`\\x99\\x86\\xfe*-c\\x10z\\x06`\\x9e!\\xe4qni\\xd3\\x196\\xcf\\x91cft\\xbb@\\x00\\xd5\\x0f/\\xb4\\xea\\xe0\\xa8n\\xc7;\\xe2h\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xdc\\x9cg\\xb5\\xde#\\xeb&\\x99\\xd7\\x95\\x89c\\xde\\xb8\\x8e\\x19&\\xde\\xac3\\x88\\xc4\\xef0\\xae\\xeb\\xd7i\\xf5z-\\xe7\\x1b\\x85,\\x8e@\\xe4\\x0e'\\xf6e\\xbf\\x01\\xc0\\xf3<"
496.  
497.  
498. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x1bd\\x87\\xfd!\\xee\\xb7h\\xafy\\xd7\\xf9\\x80n\\x8f^\\xaa.\\xe4\\xd6\\x1di\\xa8\\xedm\\xc2\\x93\\xc4\\xe4i\\x03\\x0b\\xdc\\x8e\\xa8\\xb2\\xec\\xab\\xa6\\x95/\\x1c\\x02\\x18\\x851?\\x8ass\\xa1\\xfb\\xce\\xect\"\\xa3<.|gd\\xcf\\x91\\xf7j\\xe2\\x81\\x8b\\x85k\\xe82\\x19\\x82uq!\\x19\\x9ckwc\\x0c\\xf8\\xa6\\xc27\\x87\\x95\\xe1!\\xf5c\\xa7\\x8d\\x84\\xe2\\xae!\\x95a\\x93\\x13\\x8e\\xc3\\x18\\x12\\x94\\xffq\\x94\\x06r\\xb38\\x12b\\xd3\\xd1\\xd7\\xd6s\\x98\\xfc\\xe5\\xc3\\x0fr\\xe8\\xf4\\x03\\x9e(\\xe1\\xadf9\\xc9\\xbf)\\xc3\r\\x10\\xef\\xf6?q\\x96o\\x97\\xd3u\\xd2\\x7fo\\xa5y\\xd0\\\\x8f\\xb8>\\x06\\xa8\\xae\\x17\\xa7\\x1c\\x1e\\x0f_\\xe2%n\\xa2\\x96\\x13\\xaai\\x14\\xb8*\t=v\\xb0k\\x95\\xca6\\x18k\\xa33\\x0c\\x95\\xf7\\x17k\\xe6\\x04j\\xde?h\n\\xe7\\xde\\xa7\\xe4\\x82b\"\\x1b05\\xacdp\\xf2\\x81wa%bmo\\x18\\xea\\xedo\\xd9v\\xaf\\x14\\xbf\\x13\\x1d\\xfb\\xb6\\xbd\\x07\\x02\\x9a\\xeag\\xf5"
499.  
500.  
501. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010b\\x1a\\xd0+\\xd4l\\x82\\x08?rq\nxq\\xb0\\x11\\x07_)>/\\x96`\\xf7\\xbag\\xa6b\\xacd\\\\x9a\\xb1\\x8f\\xfe\\x8c\\xddj\\x0b\\x1f\\xd1s\\x16*\\x0c\\xfah\\x08o\\xc9\\x839\\x1c\\xca\\x8d\\x00\\xffb\\x8e\\x9f@\\xa6\\x1d\\x95k0l\\x8c\\xd1\\xfe\ty\\xd7a\"\\xd6/*/n\\xce\\x1f\\xb1\\x1ds\\xeag),\\xa2\\xa5\\x0c.|\\xcf\\x0b\\xa1\\xab\\xa0\\xa0`\\xdb\\x1d\\x86e!\\x9cm\\x91\\xb3z\\x13m\\xff\\xe27\\xdd\\x02\\x8a\r\\x05\\xfbh\\x0b\\x86\\x02\\xeal\\x11\\x8d\\xaf\\xe9\\xcd\\x0cs\\xb5m\\x93\\x94\\xadh\\x1a\\xe4r\\xad`\\x84.\\x17\\xdfa\\xaa\\x9a\\x83~\\x98\\x15p\\x1d\\x8a\\x9a2\\x91k\\xd9\\xd9\\xe81p\\x026!u=s\\xc51w\\xebj%d\\xd1\\xe0\\xf9ml\\xff\\xf4j \\x18\\x00\\xcc\\x8a\\xe7\\x9e(\\x11@_\\xe3\\x11\\xa1\\xec\\xb0\\xc4q\\x998 i\\x82\\x9f\\xb6m\\xe0\\xecys^ke\\xdb\\xb5\\xca\\xe4u\\x17\\xecwu\\x1e\\xb9\\xfd\\x12\\xc7*\\x80`\\x06o\\xcao\\xb6s\\xb8"
502.  
503.  
504. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010v\\xbc4\\xce\\x9f\\xf8\\x8b\\x87\\x81\\x08\r\\xf6\\xf1\\x136\nua>\\x11\\xe6r\\x8a\\xc8\\x0e\\xd7\\xae\\x85\\xf5\\xb4\\xd6p=mk\\x86|\\x16_o\\x14'w\\xfet\\xc6\rd\\x07\\x1b\\x17/\\x9e\\xa6&\\xf1_\\xd1\\x9f\\xc8\\xe9\\x1b\\xe6\\xb2l\\xdb\\x80et\\xb22\\xe5\\x1e^x\\xcf\\x84\\x15_o\\x06poo\\x14\\xeeo\\xbe\\x7f\\xac\\xae\\xfa\\xab\r\\xac\\xc7x\\xb7\\xdd7>\\x03\\x80\\x81!\\x98j1%\\xabmg\\xec\\x98\\xd2n~\\xde\\x16\\xf0\\x85\\xdb\\xc9\\x9e\\x0b\\xfe\\x18\\xcc\\xdd_\\xc2\\xab.ce1\\xb2\\x82\\x14\\x93\\x95\n\\x80\\xb5\\xf5c\\xca\\xd1\\x9e=\\x05\\xc4\\xac\\xcd\\xcd\\x06\\xce\\xc6\\x90\\x87\\x1a\\xe6\\x01+.\\xb3,\\xb26|?\\x98\\x16\\x85\\xe1\\x90\\xfe\n0\\xe2\\xea5z\\x90p\\x8fzlkl%\\x9b\\xae:d`\\xac\\xd4\\x7fv\\x8a>\\xde\\xce\\\\xb4|t\\x80\\x1a\\x86<7\\x98\\xe9\\xcdq\\x14a\\x0f\\x93k\\xba\\xa6s\\xe5\\x16zwp\\x99\\xb3\\x12\\xdc\\x90?j\\x1a\\x92 \\xb8,1\\xc7"
505.  
506.  
507. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010>d%\\xe1jm\\x85\rp\\x0c)\\x87\\xab\\xfe,\\x1fo\\x16\\xba\\xec\\x18\\x91\\xba\\x14\\xef\\x10\\x88j~\\xbcyg \\x02\\xad\\xd7 (xm@\\xc1\\x88\\xf0\\xd9e\\xe1\\x957\\x05\\x95\tg\\x85y\\xa7\\xe8\\x08(\\xf1\\xa3\\x1d\\x13z\\xa4\\xf7z\\xed\\x8c~\\xb4j\\x9fiw\\x8b\\xa1\\xd8\\xa3\\x95l\\xdd\\xe6\\x9e\\xd02\\xb3\\xf88u\\xf8`\\xbc\\x11a|\\xf7\\xdem\\x88mp*\\x12\\xbd\\xd7\\xe7\\xab\\xf9,\\xf27dl\\x83bd\\x8f\\x88\\xbc\\x99\\x9e+\\xcd\\xcbq\\x7f\\xcay\\x98g\\x15j\\xfb\\xb7\\x89\\xae\\xa7\"\\xe83\\xd4\\\\xf7\\x11)\\xcapb@'bx\\x0f\\x1c=\\xd0\\x82z-\\xa9\\x94tv\r5\\xf6\\xbe\\x85nk\\x03m\\xcbsz3\\xe5\\xb7*\\xab\\x9b\\x93@zp\\x1b\\xcbawi\\xa4\\xfb\\x8e\\xf3\\x88\\x93\\x10j\\xe7(\\x90\\xa2\\x92\\x9c\\~pi\\xd7\\xda\\xeb\\xa04\\xe2-\\xf0g\\xaf\\x0f\\xd8`\\xc7\\x1b\\x13\\xb0\\xe2\\xa3r\\x11\\xab\\xd0\\x03\\xab\\x1fp\\xf1\\x07=tw4\\xfd"
508.  
509.  
510. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xfc\\xa2s\\x84\\h\\x05\\xd9w\\x0f\\x0cm\\xf1\\xddo\\xf0+k\\x1e\\xa3\\x0f\\xd0\\xff\\xa8l\\xacq\\xee\\xab\\xe7\\xb4\\xed\\x1b\\x05 \\x9fb\\x998\\x10\\xceq\\x91\\x9e\\xb8\\xc6\\xcb\\xe8\\x8b\\x86\\xe1\\x95\\xa9q\\xbf\\xb9\\xca\\x8atj4\\x9f\\xe2\\x95\\xad\\xf8\\x91\\xa0\\x97re\\x9d\\xe5\\xa8:\\x1a\\xfe\\xc7\\xb7\\x17e\\xa5\"\\xe9i\\x02ch\\xc9w\\xd3q\\x99f\\x9a2\\x877\\xbc\\$o\\xfb\\x92z\\xb4\\x9d\\xb2\\xb1\\x80\\xed\\xa8m=\\xd8\\xf3\\xef\\x96\\xd5\\x1e\\x8cqk:\\xfd&\\x8d\\xa9\\x98b\\xb1f\\xd1\\x11\\xba6\\x07`\\xa6\\xc4x\\xb5k\\x11\\x1eq\\xfe\\xe7h\\xe8\\xb1\\x14\\xc0\\xde\\xde!\\x85\\xfee\\xad\\xeb\\x83\\xf2\\xde\\x14d\\xe2\\x1esk\\xce\\xb9\\xd3d\\x04a\r\\xa1z\\x8c\\xa8s\\x8f\\x95\\x14@`\\xd9vk\\x03\\x1a\\x8a\\xc5\\x11\"\\xce\\xe0@\\xc0\\x93\\xac<\\xebc\\x1d\\xcc|\\xf74\\xf5\\xc1z\\xf8e76w\\xea\\x16a\\xb7\\x7f$\\xd7\\xe8f\\x96\\x80\\xd4\\x87\\x1c\\xc5\\x8b\\xa0\\xb17\\x0e\\xd2\\x81\\\\xd5\\xb0\\xa3\\xbce\\xfc\\x93\\xa5"
511.  
512.  
513. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x9d\\xcc\\xa7hg.\\x93\\xab\\xeb\\xab\\x12\\xf3\\xd0\\xa4\\x81-q\\xee\\xf9\\m\\xfd\\xaf\t\\xf8\\xe7\\xf1\\x87u!x>+\\xe3\\xb6\\xb5\\x03\\x1e\\xa3\\x0bn,!\\x86\\xc0\\xcdu\\xdd\\xfb\\x0f\\xc6\\xd4h=&\\xb8\\xdde\"\\xe4\\xcdg5\\xfe\\xca~\\xe4\\xa0.\\x0f\\xdc\\\\xa9\\xd3\\x835b@\\xf98\\x0c\\xae\\xbdx\\xfd\\xd9b\\x08\\xa7o\\xd9+\\xc58t<`\\xb3\\xab\\xd5\\x90\\x88)\\xcdo0\\xadz\\x9d\\x83<\\x13\\x07\\xa7\\xb7&\\xcd\\x8a\\x06\\xda\\xfc\\x8d\\xe2\\xf6\\xc8\\x07`\\xbf\\xeb\\xd2d\\xa4s\\x84\\x86q\\x84\\x98\\x1f7\\xea\\xf2c\\x14\\x00\\xcd'\\xfc\\x8aw\\xf3\\x83\\x85\\x9e\\x8f#o\\x0e\\xef\\xc2\\x9c\\xb1p\\xe5\\x11\\xed\\xc5\\x11e \\xdf\\xc2\\x98\\x95\\xb0\\xf1\\xa4\\x1b\\x9d_\\xebi\\xb0\\xcdv\\xd8\\xdcb\\xbc\\x00\\xb9xr_z\\xd5\\xcb\\xaeu\\xf5g\\x96\\xa1\t\\x97\\x91\\xc4\\x866\\x03i\\xd4\\x9a-\\x08\\x8a\"\\xec\\xcf\\x86\\xe5b-m\\xfa7\\xb0y\\xec\\x0b\\xb5\\x13\\xba\\xce\\xb3k\\xb9\\xcbw`\\xed\\x9fe\\x85\\xe5/\\xa5\\xa6"
514.  
515.  
516. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb1\\xb5g:\\xb9\\xff\\xcf\\xbf\\xb4\\xea\\xd4\\x89z\\xfc\\xee\\xfe\\x05\\x80\\xd9\\x16\\xc8\\xc1\\x96\\x04\\xe2\\xb6$o\\x83j\\xb7%fz\\x0bh_\\x88-\\xc5\\x9ch\\x19\\xa9\\xf5p~\\xb53x\\x9f\\xe8\\x08\\x16\\x87\\x90\\xc4^\\xb5\\xb2\\xfa\\xb9w\\xa1\\x1c\\xa7\\x8c\\xbf\\xe9\\xe8\\xe9\\xb42\\xab\\x03\\xef\\xf4k\\xb5x\\xc0\\xa5o\\xdf\\xb4\\x12\r\\x1e\\xbb\\xf3!\\xe3c\\xc5i=\\xddj1u1\\xdd\\xafnr\\xdc\\xc0\\xf1\\xe7\\xfc*\";\\x0c\\x80\\xa0\\x0ff\\xf9\\x1a\\xf2\\xa9n!\\xc5\\xe3d\\xd0\\xear\\x02327\\xd3\\xb8\"\\x8a\\xa4\\xd4\\x16\\x88\\x94\\x95\\xda\\x1da\\x130|;k\\xb6\\\\x85\\xab\\x1f^vr\\xc5\\x92\\xaade\\xa3+\\x19\\xd9#\\xc7y\\xe7o\\x1f\"\\xe0\tf<b\\xee\\x8cpn\\xb6g\\xe2r\\xbb>n\\xeb\\xf4\\x18\\xab\\x8d\t\\xc0;\n\\x12\\xc0\\xdf\\x93\\xebi\\x12\\xe1zc\\xaf\\x8fr\\x94\\xf6\\xfa\\xe4\\xcc^\\x8e\r</\\xee\\xea\\xa5\\xd6_\\xaa\\xbcgj\\x95\\xf8' \\xfeu\\x10\\xfd\\xd9\\xbb\\x1b:\\xee\\x86\\x81h\\x01"
517.  
518.  
519. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xbcb1\\xd28\\xcd\\xe0\\x9e\\x1c\\xc6\\x7f\\xd7\\x0c\\xea\\x1c\\xeb\\x97e\\x16`\\x17^\\xc1\\x0be4uw\\x0fl`\\xb4\\xc0\\x8b\\xc2vo\\xdd\\x83\\x87\\xb7:\\xdf\\xa5'y\\x91\\xdc4\\xd2\\xddr\\xb9\\xdf\\x1b\\x14tv31\\xddh~\\x00\\xcc\\xd0i)\\xa4\\xcfs>\\xd5w\tf\\x070\\xd5\\xc9\\xdak\\x96\\xb3\\x865,0d;4aip\\xc8\\xdf\\x82\\x0b( \\x88\\xb9\\xc6\\*\\xff\\x18\\x9d&\\x83$\\xc5fv\\xe8\\xf6pb\\xaba\\x1f\\x16\\xb8\\xa0ux\\xb0\\xf0*\\x02.\\xd8\\xe2\\x13-\\xded$\\x9d\\x13b\\xcck\\xf3\\xc9\\xf95?qm\\x02\\xdcfi\\xda\\xf97\\xdb\\xa2\\xd2\\xd6\\xde\\x18\\xabeu\\x82rgzc|im\\xfd\\xf4y\\x9e\\xf3\\x1b|\\x90\\xc2\\x14\\x8e\\xa0\\x05r-\\x83bn\\x8f\\x84|\\xf2qv\\xea\\x8fi\\xe1ae\\xac\\xfc\\xb1v\\xb1\\xa3\\x7f\\xe4\\xb2\\x11\\x83\\xf6\\x8c\\x13\\x05\\x1eg\\xd10\\x15\\xd1\\x06?\\x91\\x8a\\xe8\\xf3\tzw2\\x00\\x1d#\\xb7lr:p\\x9e"
520.  
521.  
522. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xfbzb\\xd4z\\xcblu\\xb9\\xa4\\xfc=\\xf4~\\xc4\\x1e\\xd9\\xda\\xe5\\x06j\\xdfo\\xe5\\xee\\xbb'\\x9be*\\x97\\x97\\xe7?zj9\\x96\\xca\\xca\\x7f\\x04\\xa8\\xe4\\xe5\\xa9\\x95gp\\xdc`\\x80\\xfd\\xf9\\x95\\x9b|qsdmq\\xb5\\x8b\\xff\\xd6\\x97xm\\xb0(\\xa8d1\\x033\r\\x8e\\x05\\x0fk\\xbe\\x90\\xa3>\\xb661\\x85\\xeei3\\xbe\\xd6<\\x07\\xff\\xf8@\\xa2\\x0b\\xe0o\\x10\\xd6\\xe84\\xf1u\\x85\\xf1\\x8b\\x0c\\x97\\xca!\\x14\\x19o\\x16q\\xdf\\x146\\xa5mcs\\x1f\\xaa\\xe9(qd\\x0eo:q\\x91d\\xbb\\x84%\\xa0#\\x1c\\xae\\xfe/\\x13\\xb3\\xf1\\xac\\xf5\\xd5\\x8b2\\xd4\\x8ae\\xbf\\x19\\x84\\x15\\x98bovr\\x08\\xbb\\xe2\\xc5\\xab\\x12,=\\xa0\\xdd\\x047\n\\xbb\\xe5.k\\xe9*\\xda\\xdc\\xd0:\\xd5\nf\\x1ba\\x9d\\x91\\x977\\x9e\\xc6\\xed\\xa5&\\xf8r\\x9a2\\xe9\\xb7\\x1a\\x7f:xi\\x19q)k3\\xb3\\x1a\\xb7\\x9b\\xec\\x06$\\x8b\\xb1\\xe6\\xf3\\x9fr\\x9d#\\xa7\\x0fcc\\x98\\xdb\\x08j*"
523.  
524.  
525. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04z6\\xaf\\x9f\\x9bv\\xdauv)\\xd2\\xc6y\\x9f\\xa9\\xbap\\xd5\\x87h\\x0c/\\xcf\\xb7\\xb53\\xaa\\xfe\\xd9k\\x96\\xcdy\\x13w\\x96'\\x9c\\xef\\xf9:^l\\xde\\xfd\\xfb\\x98z\\xd7x\\xd2yr\\x9eo\\xecscb\\x0c\\xb1\\xb8e%\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000;\"\\xeb\\xe7\\x17\\xb1\\xc1\\x8e\\x91\\xcd\\xa7\\x07s\\xefq\\xa6pjr\\xb5\\xb4\\x8b\\x06\\xfa\\xf6\\xc8\\xe3\\x80\\xf9\\xbb.\\x80\\x02y!\\xb2\\x07\\x0c\\x99\\xf2\\xd3\\xee\\xee\\xa5\\xe5\\xdb\\xb5\\x11"
526.  
527.  
528. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x9f\\x11\\xfeyvi\\x11\\x1f0\\x105bu pop\\xd1v\\x16\\xcfq\\xc3l\\xd9t\\xa9\\x84w\\xaf\\xac\\xc2\\xe0\\x1d\\xd0\\x03\\xb00\\x95\\xfaq\\x17\\x8a\\xa7g\\xe7\\xead!\\x86d\\xd6\\x8dwt\\xda\\xff\\xff\\xcb\\x8c^\\x8f\\x07\\xce\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xbfq\\xa2r|t.\\xb3!\\xa4\\xd1\\xb0n=\\xc9\\xa2\\x8c\\xb2\\x8e\\x80\\xab\\x0c_\\x920z\\xbb$\\xb2\\xfby\td\\x9d@\\xc2@\\x1f@\\x01\\x1f\\x85\\x14\\x95m\\x99\\xf4\\xbd"
529.  
530.  
531. "http_request": "winword.exe_WSASend_*\\x00\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xb3\\xd0\\xd3\\xbc>\\xb9\\x19\\xc5\\xe7j\\xd6!p\\xf0h\\x1eu\\x01l\\x1d\\xe1\\xc1\\xefr\\x93\\x83~\\xea\\\\x0fe\\x8a`\\x82j\\xf3a\\x8d\\xce\\x9b\\xee\\xb4t\\xca\\xd1\\xca$v\\xae\\xb6\\x1e+\\x97o(\\xfby\\x8c\\xca\\x93\\xc3`\\xc0\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x97\\xad\\x7f\\x9d\\xeb\\xa6z\\xaa\\xcc^~p\\xa73\\xae\\xe1\\xc7\\xc3\\x846d2a\\xac*\\xac\\xb7ww\\xd7\\xa3\\x19w\\xb4\\x9c\\x10\\x01\\x0f\\xd8\\x92\\x81j\\xc0j\\x88f\\x9cj"
532.  
533.  
534. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x00\\x7ft\\xe5x\\xa1\\x1f\\x8bj\\xfc\\xcf\\x0cf\\x94k\\xf6\\xed\\x88\\xf6\\xeem\\x98l\\x88?\\x17i\\xd3z\\xe3w/0\\x88dx\\x11 k\\xd0\\xfd\\xf6npy\\xb6\\xa7\\xe1w\\xaa\\x9f\t\n\\xa0p\\x86\\xb1\\x88\\x01\\xf5\\xda\\xa4\\xa4\\xfc\\xcc\\xe0\\xd0\\x86\r\\xe6d\\x00\\xcdaz\\xc7\\x08\\xc0\\x10\\x88\\xa9l\\xa0\\xacy\\xe0\\xd1!\\x12o\\x1b\\xe5?lc\\x8fq0\\x12\\xad\\x1a\\xfd4%x\\x10!b\\x0c\\x12\\x8cb?vv\\x1e\\xd5y\\xd1\\x05)\\xde\\xd2\\xfe\\x12\\x7f\\xcc\\xe3\\x06\\xcb\\xf7\\x147\\xc6\\xf5\\x04\\xb8\\xf3\\x97|\\x10\\xb2?\\xd3kx_\\xb5\\xf2\\xbc\\xcc\\x82\\x1c\\xfb\\x8c2\\x8bgas\\xd7\\xf9 z\\xe8g\\xfa\\xa3f08\\x84x\\x98\\x80\\xbe\\x13t\\xc4\\x8d\\x9a\\xf0#\r\\x0c\\xfaz\\xdc\\x8b_\\xf9\\xf7f\\x07y\\xba\\xf4)qf~%c\\xee_\\xcd\\xcb\\xfb\\xd5m\\xa7\\xd1\\x13;s\\xc3j\\xd6\\xd4\\xaa/\\xe1w#\\xc0\\xa8\\xc8 \\x94m\\x06\\x9c\\x02\\x8d\\xa2\\xe690\\xc4\\xdbv\\x84\\xf5\\x12\\xa6n\\xdf\\xbc"
535.  
536.  
537. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010c\r\\x1c\\x12>>e\\x85\\xe4\\x9e\\xa0\\xd7\\\\x9dy\\xe8`\\xaay\\xb6\\xa5\\x84\\xddwb\\xb1\\xc2)e~n+\\x12\\xdc\\xd1a\\x93\\x8c\\xee\\x8e\\xff\\x8b\\xc6\\x0f\\x88ea\\x1ep\\x89\\x8er\\x86\\xd4d\\x87\\x9a\\xc9\\x8am\\xfb\\xee\\xff\\xa5\\xc6o\\x96\\xad\\xee\\xf6a\\x1c\\xfd\\x16o\\x86\\x85\\x10\\xd0\\xdbs\\xf4i\\xec\\x9c^\\xa83-`d8y\\xea\\xe0\\x1c\\x1d\\xbcl\\x16\\x90y\\n\\xb5\\x91\n\\x97>\\x1e\\x96\\xb8\\xfc\\xf3\\x1d\\xcem\\x81\\xfcn`\\xc9\\xd6\\x91\\x04\\xefe\\xbd\\x10\\x96\\xc3\\xd2\\xaait\\x053\\xc4r\\xf8\\xbe\\xe1x\\xcc\\x9e\\xb4\\x0cy+\\xba\\xaf\\xc7\\xe9ok\\xeeau_\\xcc=\\xf8d\\xbb\\xf74\\xe1\\xee\\xca|`z\\xc8\\x9b\\x11\\xec\\x91\\x17\\x13\\xcbb^>p\\xb0\\xb4\\xec\\x15\\xdc\\xd4\\xae\\x18\\x82\\xd2\\x9f\\x8f\\x14\\x8f\\xb6\\x8e\\xd3qm\\x19\\x987\\x13<\\x7f\\xe2\\x96\\xa7y\\xff\\x9e\\x7f\\xc4i:\\xa9:\\x0c\\x16\\xfb\\x01\\x00\\x1f\\x01t\\xe6\\xd2\\xd6\\xe6x\\x8f\\xe8(\\xd1\\x0b\\x0e\\x98\\xec&f\\xee\\xaf\\x84\\xf6"
538.  
539.  
540. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x9e\\xa2o\\xb8t\\xce\\xab\\x19\\x88\\x982\\xe2\\x15f\\x0f$\\x9f\\xba\\xfa\\xf6\\xact\\x04z8\\xfd\\x7f\\l\\x813n\\x8f\\xa0zwqr\\xde\\xb5'k\\x1b's\\xfba\\x8b\\x96pzc\\xce\\xc4\\x03\\xa1\\x8f>\\xa4\\xc0n\\x91+\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x0005\\xf3)\\xe0l\\x01\\x03-el\\x13\\xc4\\xe7\\xb7\\xe0\\xd8!\\xe8\\xbb\\x13z\\xc7s\\xa0\\x18\\xfda>\\xdf\\x03\\x1f\\xf2\\x1de\\xe0\\xac\\xc1\\xf6\\x13*4\\x81\\xe9\\x94\\x1e0>"
541.  
542.  
543. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xedb6\\x1c\\xde\\x01\\xb6\\xce\\xdao\\x13\\xda8kmr<c\\xb4\\x7f\\xd1p\\xe7\\xfe\\xd1ue\\x1d\r\\xc1\\xca\\xec\\xe2\\xc9o\\xe9\\xd9\\xfe\\x13\\xd9\\xf08\\xef\\xad\\x96\\x998w\\xd6o>\\xd0\\xb1\\xd2\\x8d\\xf2\\xb6\\x08z:\\xe3\\x9em\\xeb\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xeb?\\xfda\\xf3\\xc8t,\\xf6#\\xcb(g\\xf3\n\\x81\\xa0\\x132\\xf26\\x9d\\x10\\xda\\xdc\\xe5f\\xa5\\xc3d\\x84\\x08u\\xad\\x07\\xef\\xdd\\x8a\\x0c\\x93\\xfa\\x13\\x1f1\\xc7\\xbd\\xf9"
544.  
545.  
546. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xa9n\\xaf\\xb7\\xfe\\xe3;l+\\xe1+\\x86\\x19j\\xb4u\\xd6\\xa7gv\\x1d6j\\x02q\\xe6\\x8a\\x1a\\xc8\\x9a\\xc6\\xac;\\xf8\\x85\\xaa\\xa0u\\xe8\\xb4s\\xf5\\x07\\xe0\\xb1@\\xf3\\x16:\\xc7\\x17\\xa3p\\xf4`5\\x03\\xdc\\x17\\xae\\x98\\xf3\\xbd\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xc83\\xba:\\xe0\\x85\\x96(\\xf3\"\\xc3\\xd2\"\\x93\\x06@\\x9ap\\xb6\\xfem>\\xaa\\x1c\\x0f\\x96d+\\xe4y\\x0cca\\xd4\\x92lz\\xf3\\xe5\\x02\\xb3h\\xa0\\xff\\x99zgc"
547.  
548.  
549. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xe44e\\x1f\\xe7.\\xbb;\\xab\\xf2\\xfe0\\xba|\\\\xfc\\x86\\xa7sni\\xf6\\xf6\\xef\\x8a9\\xc1z%\\xea\\xaeq\\x91\\xa9u_r\\x0e\\x0f\\xde\\xda\\xb3e\\xce\\xbep\\xcb\\x99\\x9e)sf\\xb2\\x02\\xb4@\\xec\\x1e\\x95u\\x12\\x85\\x9d\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x16\\xf2\\x07\\x1d\\x00\\x19\\x8e\\x93\\xa5\\xc2\\xfb\\x91\\xfa\\xe0'5),ms\\xa9\\xc3\\xd5\\xbb\\x11\\xfbf\\x19_\\xb6\\x159bj\\xca\\xc5~\\xb6\\xac\\xe7\\x02\\x8a4\\xb3\\x96\\xe6"
550.  
551.  
552. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x13\\x17\\x88\\xf7\\x89\\xbf\\xa5w\\x88j^\\xf2\"\\x03v\\x00i\\xeb.go\\xc2\\x867\\xa6\\xa1\\x8f\n\\xf3a\\x1a\\x8f\\x97_\\xd5\\x0e\\x974\\xb3\\xb2\\x02\\xd4\\xb0\\xef\\xe1\\x7fc6\\x90\\xf3\\x10\\xb1\\xd4m.\\x80\\x17\\xa9\\xc4g\\xbb\\xe9\\x11\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xbb\\xe8t\"\\xbf\\x7fq\\xae\\x19\\x89w2\\xa2\\xc6\\x7fw\\x1c\\x9e\\xb1o\\xbf~\\xe6\\xed\\x1d\\x13\\x18\\xbb`\\xca\\xcf\\xbc\\xa6\\x197\\xd8\\xca=cf\\xba\\xd2\\xde\\xfe\t\\x92\\xaa3"
553.  
554.  
555. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xe1\\x16k\\xaf\\xf9\\xcc\\xbe\\xc1\\x81w\\xda\\x9ah\\x80\\x0f\\x7f\\xb8d\\xbe\\xd0.\\xce\\xc5v\\xbe\\x05\\x0c'\\xed\\x81<\\x0e>\\x88l\\xec\\x96ry\\xa3\\x1b\\xf4\\xe3\\xb9%\\xf7\\xf01fi\\xa8\\xd8\\x08f\\xc7.\\xf3o\\xbe\\xc1\\xa2\\xdft!\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x91\\xe6\\x8en\\xe2\\xb8\\xff\\x0e\\xed\\x1b\\xd3\\xb2\\xadwgb\\x05\\x04qeb\\xe0\\xd1t\\x0f\\x19o\\xbfw\\xb1\\x8d\\xa9\\xf0\\xe2h\\xdb!|w%\\x1d\\xec\\xafa\\xa9b\\x10"
556.  
557.  
558. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01040q$t;\\xea\\x03\\xc3\\xb5\\xf3\\x85\\xac\\xfbs\\x08\\xe1o\\xc5d6\\xf52cj\\xb4\\xe3\\x0c\\x90\\xa9\\xc0\\xfb'\\x89\\xf6c\\x83\\xfb\\x0b\"\\xd4\\xcd\\x03\\xee\\xc27-%\\x8af|d\\xb73\\x15m\\xaf\\xe9\\xdd\\xca#&\n\\xe4\\xab9k5\\x1c\\xcd\\xec\\xe5=\\xbc\\x8a\\xe6\\x03v\\xc5\\xc1v\"\\xf5n\\xdc\\xd8<i\\xbd\\xe1\\x00j*t\\xc8\\xbd\\x0b\\xdep\\xdc\\xfc\\xf1_\\x12\\x08\\xc5\\xf7\\xc2\\xfcu\\xcb\\xcci\\x7f\\x91f\\xe6\\xael\\xd1\\xf7\\x93h\\xe3\\x8c\\x84\\x84uy\\x1a\\xec\\xf6\\xc6~\\xca\\xa9s\\xd7y\\xca\\x9f\\x7f\\xd5\\x00\\xa9z\\xdf\\x10-\\x13\\x0e\\x96\\x80\\xe4\\\\x01\\xa1\\x95\\xf3c=\\xafr\\xcc\\xb2\\xec\\x89\\xac\\xffg\\xd9\\x98kr=\\x93t\\xf5\\xa18\\xa62p\\xfdrg(\\xd5\\xd4\\x91\\x0e\\xf70\\xb9\\xc5\\\\x90\\xf3\\xf4\\x1fc*p\\xf2w\\x05&\\xb05\\x1d\\xcf\\xd6\\xbc\\xbb|\\xf8\\xad\\x02\\x9ew\\xfa\\x9e\\xd0\\x0b~#\\x99\\xa9\\xab\\x8ab\\x14\\x99m\\xf1\\x03\\xf1u\\xa1\\x98\\x84q\\x8e\\x00_\\x83\\x9b_\\xcc\\x95\\x96"
559.  
560.  
561. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\x93m\\x81\\x8e`&\\xe3h\\x8ai\\xf3\\x86\\xa8\\xd5\\xf6<o\\xb5\\xbd\\xa8o\\x016t\\x93\\xecb\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
562.  
563.  
564. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/ri_\n't\\xc3\\x07t\\xb0\\xadry\\x18\\xbd\\x92\\x96t\\xe4\\x87\\xaa\\xca\\xb0\\x19i\\x84\\x9a\\xa7\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
565.  
566.  
567. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\x82\\xddu\\x9a\\xf3\\xb8t\\x8b\\xd3\\xb9\\xa7\\x9ck\\xfd\\xdc\\xf1\\xd2\\x18\\x89\\xf6\\xb1*9i\\x84\rf\\xd5\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
568.  
569.  
570. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\xb0\t\\xebq\\xf3\\xa8\\xb3\\xce.\\x1e\\xa0\\x899\\x05\\xde\\xcbq\\xd6$t|\\xdc\\x82(\\x04\\xfc\\xc2t\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
571.  
572.  
573. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x01\\xa87\\xd7\\xe1\\xf6\\xd5jb\\xcdi\\x8e\\xfa\\xdf\\x19\\xda\\xc0\\xcft.\\xe5t\\x87\\x0e@\\xf9\\xe9-\\x83\\xa2\\xf1>6\\xa4j\\xf1\\xe6-\\xc6\\x07w\\xa9\\xe2\\xfel\\xc4w3d\\xb9\\xdel\\xf0\\x02\\xa2\\xa1\\x13\\x0e\\xaf\\xbe\\xb71\\x19=\\xbb\\x95\\xa4\\x96o\\xfd\\x1a:zi8\\xd3b\\x9e\\xb8\\x14\\xdc\\xe0xm?\\x95j\\xd2\\x80\\xf8\\xf2\t\\x82t\\x1a\\x9e7oj\\x0bsq\\xcc\\xe0\\xc8\t\\x9a\\xca\\xd8\\xd1@%*\\xdf.\\x82\\x03p\\xd5\\xe0\\xba\\xea\\xf9\\x05\\xc2\\xc6\\x07\\x00\\xdcy\\x9f\\xff\\xf2\\xad\\xa41l=r\\x88\\xc5\\x94\\x8as\tce\\x18\\xde\\xb5\\xa9\\xb0\\xd4\\xc8\\xcf\\x91\\xf1\\x10y\\x8008\\xe5lsb\\xc8\\x90\\x02\\xe5m\\xd5\\xea\\x8d\\xa3\\x1d\\x94w\\x93\\xcap\\xc4x\\x8ar\\xfbj9\\xd8\nj7\\xfa\\xd9>\\xc2rx\\xce9\\xfd\\x1bs=u\\xbd\":6t\\x83i\\xcf\\xeb\\xe8h\\xdf\\x89\\x0f\\xe1\\x1b\\xf8\\xba\\xc91\t\\x05\\xf3\\x14\\x188\\x9c\\xb8's\\xf0\\xce\\xfd\\x8b\\xea\\x13\\x1d\\x13#\\x9f\\xc0\\xd6"
574.  
575.  
576. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r\\x0f\\xb0\\xcf\\xd1\\x04\\xc4\\x90\\xba\\xf0\\xf0q\\xed\\x8c\\x91\\x90g/\\xb6?\\xc2\\xbd#\\x07^7\\xb9\\xc8\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
577.  
578.  
579. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x17\\xf0\\xfc\\xa9\\xaf\\xf6\\xe0\\x8e\\xb8\\xef\\xde\\xc2\\x99\\xd9`\\x9a\\x1e\\xc7\\xad\\xf0\\x85~\\x9d~\\xa1g\\xe41\\xe7\\xc0\\xa9>=\\xb7\\x02\\xf3\\x016b'\\xba\\x1ep\\x04i\\xcd#6\\x98\\x80\\xc8c\\x84b\\xc2\\x96\\xcb;\\xed\\xe6\\xf4\\x0f7\\xa3\\xe7\\xb3\\xf5\\xfa 6\\x07\\xcd\\xd1\\x12g\\x84\\xa44\\xee\\xbd\\xda\\x1d\\x15\\x13i,\\x17\\xe2\"\\x1c\\x14\\xd8>\\x90\\x02\\xd6k\\x16\\x81\\xdd4\\xb4\\x0f\\xd9\\xf9\\xc7\\x85\\xab\\xf24a\\xf2\\xab;\\x07\\xf3\\x96\\xbe-\\xde\\xc2\\xd5'b\\xc1)\\xe8$\\x11\\x8c\\xdb\\x90q\\xa9g\\xb3x\\xf46\\x02o\\x05\\xcf2\\xa5\\xe5\\x04\\xad\\xe7:\\xb5\\xd4\\xbbko\\xf4\\xab\\x12\\x07l+\\xe5\\x1ev?\\x15\\x00n\\xa0\\xc9\\xeb)\\xc8mfj\\xd3\\x80a\\x00\\xd3(\\xe7\\xb6\\xeb\\xdab~\\xb0\\x97\\xac\\xbcs2\\x8b\\x1e>\\xb8\"l\\xae\\xcb\\xed\\xdd\\x1a3cp\\xfc\\xf8\\xf6\\xe1\\xa7\"q\\xc0\\x13\\xb1'\\xcd\\x83\\xe2\\xd4&\\x15\r\\xcd\\x1c`\\xbb\\x11\\x1c\\xa5q\\x98)\\x15\\x0e\\x16\\xf3x_\\xfb\\xd1\\x1au"
580.  
581.  
582. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x9e\\xbb\\xf3:\\xff\\x00\\xb55\\x199d\\xac2\\xbfmt\\x84~\\xa4y\\xd8\\xf8\\xdft\\x90\\x8b\\x84\\xaf\\xc4%\\xc5\\xff\\xdd\\xb5-p\\xed\\xd45\\xd30\\x1c\\xa6,\\x0e\\x98\\xc1\\xb6\\xe3\\x80\\xe6\\xca\toe\\xb9\\x9d!8\\xd0c\\xd0m\\x9aj\\x08\\xa9\\x8d\\x8cm\\xaf\\x15\\x9a\\xf3o\\xf3s\\xafuc&\\x1bt\\x99\\x16\\x95\\xa3\\xees`dn\\x8b\\xdf\\x07n\\xbe\\x8f\\xae2yc\\x0bez\\xa7\\x04\\x1c\\x1d0\\xabp\\xdc\\xce\\xf4-\\x02\\xa6\\xf9\\xae\\x16\\x98\\xcd\\xe6\\xbb\r\\xab\\x8d\\x84\\xcb1\\x93q\\xeazpr\\xd0\\xa67zh!7\n\\xfd1\\xd2kw\\x90\\xc1\\xe7\\xce\\x9a\\x07\\xa7\\xda\\xeb\\x98\\x8b\\xaayx\\xac\\x7fo\\x88e@\\xcd\\xeb\\xf7+\\xecn\\x1c\\xa0\\xfap\\x1b\\xc0!\\xe0\\x0f\\xc0\\xcdv\\x7ffl5o\\xd7\\xb9\\xf1w\\x1b%4\\xfb\\xda\\x8c;\\xb3\\xaa\\x86a\\x82\\xca:2\\x8fu\\xbf^\\xc4\\x1b+\\xb5\\xad\\x82\\xef\\x96\\xc9<\\xc4\\x93\\xd0e\\xeb\\x89\\xa2^.n\\xfdiu<\\xb4\\xea(,\\xcdv\\x0e\\x9e"
583.  
584.  
585. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x7f\\x95 \\x19\\xe4\\xee\\xbd\\xad\\x8b\\xedo\\xda\\xc9$\\xba\\xab|\\x85d\\xf1c\\x16\\xd3v\\x06u\\xe5\\xa9\\x15\\xfdd0\\xc4\\xb2\\xb5\\xed\\xa9\\xad\\xce+q\\xa9\\xe6(\\x01\\xaf\\xc1s0\\x8c\\x11(sf\\xb1c\\x1e@k\\x10\\xf3c\\x0c\\xf4g\nn0\\xb9\\x8b\\xf5\\xd2\\x96\\x05t\\xf8\\x85\\xa8\\xcf\\x7f`\\x10w\\xfe\\x94\\x81\\xa4\\xe8,:?\\xd3=\\x12/bx\\x8d\\x1fq\\xe2#d\\xf9\\xaal\\x91\\x8d\\xed\\xae\\xe4\\xbf\\x1fcoi$\\xdad\\xa2\\xd5\\x11r\\xc9h\\xabjh\rp\\x974\\x0f:n<~i\\x19\\xfa\\xd2\\xe4\\xf8\\x7f\\xab\\xf7\\xe6x\\xd7\\xc7\\xf0\\xfc\\xc3\\xd6\\xb8\\x0b\\x13\t\\xf7\\xf2\\xfawx\\xd8y\\xf1cp\\x8e\\x92\\xd9\\x9d\\xad\\x90\\x81v%b\\xca\\xcf`\"\\x8c\\xc0\\x1fd\\x9a<j|)\\xa1%\\x91a\\x18\\x1b\\xdc\\xdc\\xe2j\\xc7\\xcadi(\\x16g\\x98fh\\xe0\\xab_?\\x99\\xefso\n\t\\xd7\\x16$8\\x19\\xf92r\\xca\\x14l\\x9e\\x95\\xa5\\xe3d\\x9a\\xd3\\xb5\\xda\\xd7\\x86\\x08"
586.  
587.  
588. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010j\\xe6ub$\\xcb\\xaa/\\x9a\\x01\\xc9\\x06o\\x8b\\x89&\\xedra\\x1a\\x14\\xe9s\\xe8\\xf8\\xce\\x133\\x8cr\\xba%\\x00\\xfa\\x1d\\xa0\\xbf\\x11\\xc1\\x83\\x8d\\xcd~\\xc4\\x87\\x87c\\xa4 \\x8a\\x9c\\xcb\\xea\\xcam\\xb80\\x12t\\xd4\\x86\\xdf\\xa5\\xbd\\xe7v\\x98\\xda\\x06\\xa8r\\xc0\\x8e\\xf3\\x18#\\xb1\\x8e\\xe7\\xec\\xee\\xca\\x81\\xd4\\x8dit\\x86kq\\x8f_\\xa9\\xfd\\xf2\\x16\\x9c\\xe0t\\xc2qo\\x80g\\x8f\\x03s\\xbd\\x9c\\x83\twct\\x1f\\xb3\\x90\\x93i!v)\\xfd+\\x98\\xed\\xe5\\xecb\\x7f\\xe0*m\\xdc\\x95@\\xef\\xadx\\xe1\\x99\\x0bg\\x1d^p\\x80\\xb0\\x05\\xe0\\x08i\\x92\\xd9\\xdd#t\\x15\\xe1h\\xf9\\xf0\\x94)\\xf5\\&\\xd3k\\xb7\\xd1(\\x1c\\x1f\\xe0yw\\xa8?\\xdc\\xc0\\xb1\\x98\\xd8\\xe6\\xe7\\x8a\\xba\\xc6\\x80\\x1f\\xa8\\x84\\x864\\xb7g\\x1a\\xcc*\\xd0\\x1cl\\x07\\xe0\\xa0\\xca\"6\\x9dt\\xd5\\xa0)\\xb9c\\xd1\\xbbb\\x19\\xe5a\\xc2\\x9c\\xac\\x14g<h)j\\x99\\xb8\\x037\\xe7+\\xd2.\\xad\\xa3\t1\\xa95\\x10t("
589.  
590.  
591. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x14\\x80\\xc7\\x8c\\x92wj\\xdf\\xc4\\x9ah\\x88\\xc9+z\\xac#ndz\\x81sa\\xb1/r\\xb5\\xa2\\x8f^\\x1c\\x9b$\\x9b\\xa7\\xf6\\x15\\xe7\\xfe\\xc1\\xd6a\\xefp\\x04\\x91\\xa3\\x9b(h\\xee5m\\xf4\\xc5\\x83\\xb5\\x01\\x06\\xf4\\xa4\\xa8ei\\x0c\\x99\\x13x(\\xb3v\\x05\\xa8\\x88\\xbb\\xa3\\xd5\\x10\\x1c\\x80\\xaa\\xc5\\x96\\x81\\xc6r_\\xf3\\xc6\\xb4x\\x0e\\xf6\\xa3l\\xc6o,?\\xe8@$\\x05)x\\x0b\\xed\\xf2u\\xe2u\\xbc\\xb36\\x99\\xb3\\xeei\\xf64j\\x01c\\xa1\\xb3\\xa7\\x87ky\\x16\\xfb.\\xd0\\xa4\\xf2\\xf0\"we\\xb0\\xc2\\xd0\\xba'\\xd9\\xaf\\xd7\\xc3\\xf6\\xe5g\\x17\\x83\\xc9\\xf5\\x19\\xc51nc\\xd0\\xa6\\xd6\\xab5\\x15x\\xf3\\xeev8;\\xaa\\xa2dwk\\x15\\x99\\x1c\\x1duv\\xa4\\xa6c\\xb3u\\xf32\\x0eb\\x1bf@\\xc9\\xba\\xfdw\\x8b$k\\xa2\\xabi\\xb0|p'\\xec7\\xe4p\\xee\\xd2\\xdc\\xf5\\xa1eas\\xca\\xcd\\x85s%\\xe7\\x11^e\\xb1\\x9cxa\\x91\\xaa\\x14\\x88\\xe7\\x9e\\xf8kb\\xd1\\xcb\\xca\\x10"
592.  
593.  
594. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xc2'\\xe1\\xb0r\\xb6\\xcf\\xe5\\x7f\\xb7\\xe9gyw\\xb6p\\xd7\\x1a\\xf2\\xceh\\x912\\x19l\\xde\\x87f\\xd9\\xfc\\xb2b\\x81\\xd9\\x9ec9\\xf4\\xb4\\x98\\xb3\\x16k\\xe1\\xe8w\\xf7h\\x85\\xfb\\xa4?h1\\xaaq\\x19\\x93\\x0c~\\x8c\\xfdp\\x8b'\\xaa\\x7f\\xe1l\\xde\\xf1\\x91h\\xdb\\xd5jt\"ki\\xd7\\x0e7w|\\xfc\\x05\\xd3\\xe3\\xc4\\xa5\\xa1j(k\\x9ca\\xa9\\xeb\\x7f\\x82u\\x9f\\xd2\\xfb\\xc46\\xf1\\x91\\xb3\\xe6\\x05@\\x87\\xe9)\\xe6\\xa1 j\\xd6>\\xc7_\\xcbhuc)\\xef\n\\x9e\\x979p\\xa1\\xb5\\xef\\x12\\xa9d\\xfd\\xc8\\xe4\\x08\\xcd ?x\\x17_\\xef\n\\xe6\\xf3\\xd1\\xb2\\xa7x\\xf4\\xed\\xe9\\x02\\xe9\\xc1o\\x9d\\xf2lg\\xec\\x0c\\x7f8\\xd2x\\xf1:\\xf4\\xfdubj\\xf8x\\xb3\\x1a\\xdea\\xaac\\x92mw$\\x0e$o\\xa1\\xc9\\xfc\\xa8\\xd1\\xfc\\x1d\\xddf\\x99\\xa90.zi\\x8bg\\xe4\\xc7\\xa07\\xed\\x8al\\xa1\\x198\\xddy\\xc2*\\xf9\\x91\\xf44\\xad \\xb6\\x7f\\x1a\\xf2\\x92\\xa5\\xd0\\x80\\xdffdh\\xfe\\x8f\\xe9\\xdc"
595.  
596.  
597. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010llu3\\xd6\\x8a:\\x00\\xe5\"\\xad\\x10\\x04%\\xcb\\xb3\\x98\\xe3\\xda\\xf2\\x10\\x87?ew$h\\xa7\\x82?q\\xc0\\x1d\\xdbdl\\xbd\\xdee\\xdbh\\\\x16\\xfe\\xf2\\xad\tk\\xff\\xc6u\\x90q\\xc9\\xfa\\xa0\\xc0\\x90\\xf3\\x0cy\\xf7\\xfe\\x9b\\x88\\x95\\xb9\\xf2\\x1f\\xcd\\xee\\xd9\\x8e\\xb5\\x1e5\\xf0\\x8b\\xcf\\xc2\\xb2\\xf1)f\\xa4\\x86\\xe3|\\xd7\\x17\\xc3a\\x16\\xf2\\xbb\\xecc\\xb9\\x8f\\x0ess\"u\\xb5\\x8a\\xf0r.\\xbc\\x90o\\x1a\\xf2\\x18 ow\\xd4e\\x0f\\xab\\xf3\\xec\\xa4z\\xbfe\\x86v\\x98\\xdb)\\x84z\\x87\\xb5i\\x17\\xcf\\xf6\\x18\\x13f\\xee\\xf3\\xff,\\xb3\\x9e~$^\\x17\\xc6\\x11\\x08\\xa4\\xc2\\xf1^\\xa2k\\x04\\xa1\\xc6n\\xc0\\xc9b&\\x87g\\x10\\xa5c\\x0e2#\\xac\\x8c\\xd4\\xcc\\x1ff\\x0b\\xde\\xa0\\x88p\\x95\\xe2uq\\x84w#\\xdc\\xd13f\\x17\\xd4\\x1a\\xcb>k\\x83\\xc8f\\x8d\\xafi\\xf4\\xf0\\x00\\xa5\\xd0q!t\\x93kn+?\\xab\\xc8u\\xabr\\xfew\\xaf.\\xedi\\xa6+e\\x97|\\xef\\xa3\\xf99\\xfc"
598.  
599.  
600. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x16\\x8a\\xb2\\x96\\xea\\xfb\\xdd\\xdc\\xa9\\x91\\x91\\x93\\xbf?\\xfes\\xe7\\x85\\x8a\n\\xaa\\x1d\\xdc\\xf4.a\\xf1jh\\xbad\\xb3h\\xd7\\x16\\xef-tt`\\xe1\\xff\\xc3\\x95+^\\xe5\\xe5\\x17@\\x1e\\x11%s\\xb2>\\x7f.\\x14\\xf9\\x14\\xe5ib^9\t>t\\xc6\\xe6l*\\xac\\xca\\xfa\\x89\\xa2\\xf5\\xce\\x829<\\xaf\\xe0j2!\\x0c\\xc1\\xdb\\xaaljb\\xb0\\x03\\xe5f\\x86\\xa9\\x96\\x17\\x80!\\xab\\x9d\\x10\\xffx6\\xfb\\x9b \\xf0l\\x1d\\xe4\\x1a\\x19\\xc2ml\\xa9\\xb6\n\\x90w|\\xb4\\x9ag$g\\xa6\\xd4g\\xac\\^yxom\\x15\\x13\\xbc\r\\xd4k,\\\\xc2u\\x88+\\xa9dq\\xa2\\xaa`b\\x14f\\xdb\\xd6v\\x1dt\\x02\\xd0\\u\\xe1o\\xa9\\xd7\\x94\\x9b\\x03\\x0f\\xc0chc?\\x81h\\xcc\\x85t\\x1d\\xea9\\xcf\\x85v\\xdb\\xf4\\xc1h\\x0f:`\\xbfd\\xc8k\\xf92f\\xd0\\xd8/a\\xa7\\x01\ng\\x7f\\xda\\x02\\xf5!\\xba\\x11*)f\r\\x95=\\xbc\\xea\\xf7\\x11\\xe6\\xa5\t,"
601.  
602.  
603. "http_request": "winword.exe_WSASend_\\xc4\\x00\\x8a\\x00`\\x83\\xa8\\x11^\\xa6\\xe5\\xf8ej\\xa63\\xe4zv\\x8ck\\x98m\\xdeb$j\\xd0\\x8d\\xb1\\xcfy\\xd5\\xb2\\xecke\\xf8\\xae\\x84on9\\xd0\\xf6\\xc1\\xddh\\x8bj\\x17\\xf2s%q\\xf4\\x8c,z\\xb3\\x99\\xd0\\xf5\r%y\\x01\\xc6\\x80\\x90\\x1c\\xb5\\x80\\xd8\\xe9\\x1e\\x97\\xd0\\xadbzs\\x08*\\xa31\\xef?\\xee\\xc2j\r\\xec\\xabcqmu\\x9e8h`\\x9e\\x9e\\xf7)\\xabo&)\\xbf\\x95\\xd2c_\\xc3\\xbb:\\x88\\xd4\\xd6%\\x05\\xc3\\xd8\\xc2\\x0c\\x8a\\xd0u^\\x9f\\x8d\\xd7*\\x00\\xedf_^\\xddtdj\\xbcx\\xc3\\x94?)\\x1d8/^\\xc19\\xa49\\x1c\\xc8\\x82\\xa1\\xd9_\\xa1k\\x04p\\xe2c2\\xbb\\xe5.\\x04\\xe5\\xb5\\x87\\xd9\\xd5jg\\x8e\\x96d\n\\x8c\\x1f\\x13\\x11\\xde\\xfdh\\xca\\xa5\\x07\\xe83\\x1b#\\xc9\\xf4\\xa6n\\xdd\\xf4\\xed\\x905\\xec\\xd1u\\xba\\x8c3\\xefu\\xfa?vs\\xcb\\xa5\\x04\\x07\\x18\\xb4\\xeb\\x1f\\xddw\\x96\\xa3\\x94\\x82w\\xa5\\xecd\\xf8\\xff\\xaf\\xbax\\xdd\\xc09\\xbc\\x92\\xe2\"\\xd5\\x12\\xd3"
604.  
605.  
606. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xa7\\x02\\xf5\\x00&\\x11/\\x1e\\x99zzi)\\xa3l\\xd0\\xa4\\x9f\\x9a\\xc4\\x93$\\xaa\\x9a\\xe9\\x97\\xfbi;\\xe1-\\xfad\\xb19\\xa4(z\\xc5_\\x93~v\\xf1\\xee\\xe6\\xe4\\xa08\\xadv\\xf9\\xbe\\xeb\\xf1\\x9f\\x87v\\xcb\\x14*9\\xe5\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000?7\\x9d\\xec\\x88\\x1d\\xec!\\x12\\xaa7\\xdb\\xe33)n\"i\"\\xc6)f\\x9c\\x81\\xd8\\x18\\xe1\\xee\\xb5\\xae\\xa4\\x1a+\\xe8\\xa4\\xde\\x00i\\xaf\\xbd1\\xb6\\x80\\xdd\\xfb\\x05i"
607.  
608.  
609. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xf5y\\xf6\\xd10\\xebe>t%\\xacxvrv\\xe1\\x9a|\\xc0<\\x07\\x85z\\x822\\x83\\x9f\\xdb=\\x89\\xb3:\\xa12\\x1e\\x1fks\\xb3\\xf0\\xa6\\xcb\\x04\\x80\\x87\\xc7\\x16\";8qj\\xbfw_\\xb4e\\xa2aw\\xa2\\x19\\x04\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xdda\\x86\\xe90\\xba\\x9d\\x9fz\\x1e\\xaez\\x81g/\\xa7j\\x89\\xc6\\x9e\\xf2\\x15\\xda\\x0e\\x96\\x807\\xa8\\x8a\\x1a9c@\\xf2\\xd3t\\xc1\\xe3\\xbb\\x15\\x0b\\x14i\\xb0\\xefq\\x92\\x91"
610.  
611.  
612. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04ma\\x89w\\xd7\\xe6\\xe3\\x02\n\\x8b\\xd1\\xed\\xa0\\xe43\\x8b\\x8b4\\xe1\\xd2\\x83l\\xdam\\x90qk\\xc6\\x17\\x1a\\x9fy\\x810\\xca\\xcc\\xe2\\x99\\xdc\\xc7<\\x08\\xb5\\x14\\xe0 \\xc7\\xec\\x8divv1*\\xdek\\xd4\\xcd\\xb7e\\xad-b\\x90\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x00>\\xf9\\xb6\\x04\\xaah\\xa4\\x16\\x9ai\\x0f2\\xbfx2\\xb0\\xdcj\\xa1\\xd0\\x0e-t\\xca\\xae7\\xff8\\x0b\\x89\\xa5\\x7fq\\\\xa2\\x1bf\\xfb\n\\x1e\\xa7\\xde\\x8a\\x8c\\^\\x93"
613.  
614.  
615. "http_request": "winword.exe_WSASend_\\x16\\x00\\x01\\x00f\\x10\\x00\\x00ba\\x04j\\xd0(\\xe8hlb\\x88\\xdd\\xd6\\x14\\x07\\x9c8s\\xack)&\\xcc\\x82\\xb5\\xe4\\xee\\xf5k\\xda2\\xc2\\xe2eb\\xd9\\xadi#\\x9dw\\xc2k\\xbd\\xbc\\x9e\\x93\\xaf\\xf5y\\xe9i\\x8a2\\x8e,y+\\xabb\\x0c8\\xce\\xdb\n\\xa7\\xd9\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x11\\x83\\xb4\\xd4\\xd4\\xb3\\x8d!\\x88\\xeeq,,\"n\\xd8v\\x88s\\x9d\\xd6\\xbb\\x91\\x02\\xcd\\xc9!disj\\x08\\xdc\\xe4rj\\xe2q\\xf4k9\\xa8\\xd4\\xc7\\xda\\xb5\\x1c"
616.  
617.  
618. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04ge\\xe8\\x176\\xd7\\xf8\\xb8o!l\\xaar'\\xd0\\xa9r'\\x17\\x8f\\xbc\\x0f\\xe2\\x03\\x08l$\\xf1\\x93sw\\xdf\\x84\\x96n<\\xf5\\xed\\xb1\\x9c\"|\\xb1\\xd3\\xd8d\\xd3\\xf0w\n\\xdds\\xdd\\xd1\\xbe\\xb8\\xec\\x10^x\\xa8\\xcc\\xd3\\xf2\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xb5\\x9d\\x07\\xef\\xab\\xbe<_\\x8dd\\x7f\\xf4\\xe5\\xa7\\x015\\xcb3x\\x94a\\x85\\xbe\\xef\\x18@u\\xa1\\x1d6\\xf3\\xef\\xb2\\x91-(:\\xe5\\xe1\\xd2\\xe76\\x81\\x9c\\x9cf\\x95x"
619.  
620.  
621. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xd9\\x17\\x1c\\xd4\\\\x85\\x9f\\xbe\\x81\\xed\\xa0h\\xcb\\xa5\\x84\\xa2\\x94$\\x7f\\xf3*\\xeeici3\\x8d\\xf6\\xc2\\xe1\\xaez\\xc3\\x91\\x1d\\xca91oc\\xe2\\xa6 \\xda\\x89\\x8d\"\\x08\\xa3\\xbc!\\xfae\\xae\\x99\\x04\t?\\xabd7\\x05w\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000n\\xad<\\xe3\\xaa\\xfa\\x0f\\xe2\\x12\\xa8\\xb5\\xa6.\\x0c\n\\xdb^\\xf5\\x17\\xd5\\x9b\\x0b\\xd7\\xfd\\xb6f\\x8a\\xf7au\\x8c\\x92g\\xebw\\xc5\\xc7\\x11\\x14h\\x132d00!\\xcd"
622.  
623.  
624. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xaf\\xb3h\\xbf?\\xa6m\\xce\\x7f\\x01\\xd0\\x98\\xb8\\x88n\\x14s\\xf5\\x1f\\xad\\x04\\xa4\\xe5\\xcd\\x9b\\x05\\xc6\\x9e\\xc1\\xcd\\x90\\xbfq\\xb8\\xf4\\x11?\\xe1\\x81\\xf8\\x9f\\xe0\\xf9\\xc5xz\\x06\\x93nla\\xb8n\\x11\\xe2\\x18\\xfb2\\x94fg\\xf9\\xd1\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xf5\\xe0\\xad\\xb7\\xed\\xb9\\xa9\\xf2\\xcc\\x1b\\x91\\xc6v\\x16hm@\\x16c\\x0e\\xfd\\xde\\xd6\\xa7\\x07\\x87<\\xe4\\xb9f/\\xe6\\x8d\\xdbc\\xb1\\x1f<\\xee\\x0c\\x84\\x81i;+\\xe5\\x95\\xfc"
625.  
626.  
627. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x1d\\xb6\\xad\\x8d1q4\\x9b\\x8f\\x02\\xe2b\\xd3\\x034\\xab\\xa0t\\xd6\\xc7\\xddxk\\xf7\\x13\\xa4\\x9f\\xe5\\x93\\x9c\\x00\\xe5\\x0e\\xc5\\xe4\\xff\\xb1\t\\xcd\\xf1\\xb9\\x99ph\\xed\\xab\\xa5\\xc1#\\x97\\xe2\\xef\\x15*\\xa5\\xef\tuu\\xc6=\\x821\\xe7\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x07u\\xef\\xfe\\x82/\\xff1\\x19b\\xe1\\xbd\\xe1t\\xa4\\x91<\\xe0\\xe0l \\x1b\\xab,)\\xd5\\x91!\\x8e\\xdb\"\\xff9\\xf0f\\xf2\\x82\\x02\\xaf\\x88f\\xb1\\xd6\\x94\\xe9"
628.  
629.  
630. "http_request": "winword.exe_WSASend_\\x16\\x00\\x01\\x00f\\x10\\x00\\x00ba\\x04%n\\xcb0\\x1d\\x07\\x964pf\\xcdc\\x8d\\x1f\\x955r\\m>mb\\xa9\\xc3\\x98\\x8de\n\\xf7\\xf4d\\xce\\x0e\\xb7\\x9d\\xe5\\xca\\x18\\xb9\\x18/\\xe6\\xab\\x8b2\\xdf\\xde\\x83\\x9b\\xba\\xa4e\\xb6\\x819\\xeaz\\xe6\\xeb~\\x07\\xc5\\xae\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xb6\\x1a\\xe0)\\xa4j\\x8c\\xdc\\x8ex:^^\\xd0\\xf0\\xe7x(\\x19\\xf7bo\\xd2\\x07\\x00fx#\\xad\\xc5o\\xd1?g\\xba\\x87h\\xd5i\\xd8jhf\\xd5\\xec\\x1f\\x16\\xc9"
631.  
632.  
633. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xae\\x9di\\xe4\\xc9\\xdc\\xe5l\\xd7\\x8ag\\x04\t\\xbah%j\\xc4\\xeay)\\x05&n\\xd7\\xcd\\xec\\xfa\\xe7\\xac\\xeb\\x12\\x9dv/\\xc4h\\x7f\\xa1xa\"x\\xa3o\\x06\\xb7\\xd4\\x0c\\xb6\\xf1\\xe1\\xce\\xe6\\x83\\xbc%\\x99\\xe1g\\xa8c\\xcd\\x86\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x8buw \\xd5\\xf8w\\xdb\\xea\\x05bg!\\x93\\x84\\x0ewg\\xa5<\\xbd\\xfa\\xbf)x\\x97\\x997\\xb2\\xa3+\\x1ee8)y\\xca\\xa4\\x96a\\xdb\\xb8\\xd9\\x13i"
634.  
635.  
636. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x043\\xca\\x8f\\xf8\\xb1\\xc4\\xed\\x10\\xe7nz\\x1e\\xde\\x15\\xf26l-\\x8f\\xa4\\xb5\\xf4*\\x91\\xd0\\xf9\\x8c\\xfe\\x06s^\\x9e\\xacz\\x08\\x0br\\xe4|\\xe4\\xd8\\xb1\\xa4n\\x90\\xb0\\x12,j6$\\x1a\\x91*\\xf0\\xcc\\xac5\\x18\\xd8\\x9d\\xc39\\x0e\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x1e\\x99gz\\x0fd\\xda\\xce!\\x0e\n\\xfdr\\xd0^:\\xe9`\\x91j79c\\x91\\g\\x06\\x1e\\xbb\\xf8v\\xc9\\x00\\xd2\\xc0:\\xe0\\xbaq\\xcd\n\\x8a\\xdd\\xe2f\\x00q~"
637.  
638.  
639. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010@_\\xc7\\xc7\\x99;\\xdf\\xa4p\\x93\rh\\xc1\\xa3#\t#\\xd2\\xc7\\xb1\\x14\\x8e\\xf4\\xc5?.8\\xb1z\\xf2\\xa7s\\xb6=k'\\x90m\\x1f\\x8b\\x9b\\xb9\\xa8epgv\\xa8a>\\xdas\\x15\\x84s\\xe3\\x15\\xdfp\\x8f\\x1f\\xa5u\\xa4muv\\xd3b\\x14ic\\x13\\x12~\\xf0\\xc5\\xf6\\xc8^\\x0e\\xcc\\xf7\\xef\\xd0i\\x99\\xa2\\x01\\x8cc8\\x82\\xe8\\x02\\xa2\rzl\\xab\\xcfx;\\x16\\xf9g\\xc27\\xd2\\xf6\\xc7\\x86\\xf4\n\\x88\\xaa\\x14dc\\xbc\\x94^\\x8f\\xcf\\xde>\\xdc\\xcf\\x7f\\x18\\xce\\xa4\\xd78\\xf7a\\xd4\\xa0\\xdc9v\\xdf\\xddvv,n*\\x9a*\\x9b\\x0c\\xb4\\xaa\\xf0\\x18y\\xf3\\xffg/w\\x9f\\xa4\\xbf\\x8a\\xe5rlk\\xf9\\x01w\\xfa.3\\xc5\\xb8\\x889\\xe7$\\xef\\xcb\\x0b\\xf1\\xc0\\xa9e\\xc4\n\\x9c\\xe5\\xbef>\\x1cj(4\\xd4\\xe5h%\\x1cv\\x1a\\x85\\xeayz\\xb6\\xf0m\\xf6\\x07\\x08\\xf1)\\xfc\\x7f\\x95\\xb6\\xdcg`d\\xee&qco\\xa0\\xca\\x85\\xb5\\xc8\\xcb\\x88\\xa8o\t\\xc0\\xd81m="
640.  
641.  
642. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010s\\xb8d\\x98t\\xcd\\xf5\\xe4o\\xe4\\x04u\\x9a\\xfb\\x1f,\\x11y\\x94\\xf7\n\\x02\\x03\"\\xa3f$\\x07&5\\x0e\\xc8\\xa6\\xc3\r\\xc3\\xe7\\xa1\\x81\\xd1c(!\\xe2y\\xd8%\\xa8\\x13\\x87\\xa7\\xa2\\x12n\\xc8n\\x1f\\xf4\\xf0\\x06\\x7f\\xf3\\xc7\\x1b\\x87<o\\xaf\\x1c\\x8c\\xed\\xe0\\x88\\x11c.\\xfc\nc\\xc5\\xe2 =f\\x91k\\x1d\\xadm\\xaa\\xeb+d\\x08r\\xe0h\\x9c\\xde\\xfdu\\x9d\\xe2~l\\xd0z\\x90\\x16j\\xaehl\\x10\\xd7.\\x0c\\xd7=oh\\x81tr\\x93\\x9a\\x88\\xeb\\xe1\\x00\\xe8\\x04\\xaa\\xd1\\xd8\\x87\\x1b\\x93\\xaa'\\x8dm\\xb8\\xf4\\xe0\\xc275wr\\x89%\\x86\\x00\\x9b\\x1ao\\xb4v'\\xf7\\x1ekq^\\xe3_\\xba0\\xc1\\xe5\\xce\\xd26\\xf6\\xcf\\xce\\xa4\\xff\nt\\x053~\\x0b\\x89\\xea\\x93r\\xc4\\x11'\\xbc\\xbel\\xa2\\xab\\xaf\r\\x04u\\xc2\\xcd\\x87\\xf1x \\x0b\\xc0\\x86:.-(\\xa1\\xf2\\xa4\\xa1\\x1byw4\\xd3\\xd6\\xd8\\x90\\xd7 |\\xf3\\x14\\xf8\\xe4\\x90\\xa4\t\\xa5\\x90\\x00\n\\xc2\\xdbb<\\xa0x"
643.  
644.  
645. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x1b\\xf6\\x82\\x07\\xf3b\\x05\\xda\\xe7\\xfe\n\\x0f\\xebl\\xe0\\x1c\\xa3\\x8b\\xf6\\xe0\\x19\\xce>\t$b\\xf1\\x8a\\x84k\\xbe\\x7f\\xa3\\xb0vi\\x80\\x92&\\x00k\\xba,s\\x13\\x87\\xb1`w\\xd8\\xb6,\\xb3\\xfa\\x7f\\x02\\xc4\\x08\\xd6.\\x99\\xbd\\x94i&f9\\xfc\\x1c\\xc3\\xb99w\\xae\\xc1i\\\\xa46&\\xd6\\xdb\\xc91\r\\xa8\\xedh\\x9dn(,\\xdf\\xce\\xcc\\xc0\\xa6\\x9e\\x9f\\xd3\\xe4$\\xc6\\x1f\\xb4\\xc8\\x98\\xf9#\\x7f-4\\xa3\\xb2\\x17\\x90?\\xdcbeu\\xeer\\xbf\\x1a\\xe8\\x19\\xf6\\xbd\\xf7\\xea\\xb9v\\x97\\xb3\\xce\\x8a\\x81\\xd9\\xa9,\\x96wn\\xc7o\\xc4\\xf65\\x8e\\x9b>\\xfbs\\xe7.~\\xa8n\\x82\\x85x\\xe75(\\xbf\\x1b|h\\xb2\\xcd\\xf4d=\\xf2#\\q\\xe5\\xfa)\\x0c\\x07\\xe6\\xd1yy\\xd8h\\xfb\\x07\\x04\\x03\\x1c\\xb5\\x8b\\xc8;\\xde\\x02\\x1b\\xb36\\xfd\\xe0\\x82\\xc8e\\x8e\\xd0b\\x03\\x94\\xd7\\x9d\\xe9\\xdf\\xe23m#\\xfb@\\x9b\\xe8\\xedl\\xc8\\x08\\xcag<\\xbb z~\\xb6\\x8d\\x15\\xfb\\x90\\xcb\\x9b: \\xd7"
646.  
647.  
648. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x8d$\\x8b\\x97g\\xaa\\xfe\\x99\\x95\\x9c|\\\\xbc\\x1a\\xf9m\\x9a\\x06.\\x15x\\x94%\\xcf\\xeb\\x01\\xfen_m\\x0c\\xe12\\x17v\\xbe\\xe8\\x14\\xa0\\x05qy\\xf8\\xe1jcq@ze\\xeej\\x00\\xcd\\x89\\xab&\\x1f\\x9c\\xa2\\x9d\\xf5\\x8c\\x82\\xb6\\xcc_\\x19w\\xa5\\xfb\\x14\\x9cx(\\xbf\\x03\\xc8\\xb6\\xd2f\\x1e\\x80\\x07\\x14n8$\\xf4_'\\x16\\xc8\\xaf&\\xd4u\\xd5ca\\xaf9\\x8b7\\x1b\\x1dte\\x88\\xee=/\\x84c\\x04\\xf0/\\xf4\\xd4\\x16\\xf8t\\xa1\\x1a\\xf8\\xa0\\xae\\x0c\\xe1\\xd8\\xff\\xf9\\xec\\x8a\\x81gm\\xacyx\\xfa\\xab\\xdd$3\\x03\\xa8\\x8e\\xdf\\xac\ra\\x97\\xca\\xf9`\\x9f\\xff\\x1f\\x84\\x00m1\\xc2y''\\xa3\\xce-\\x05\\xbd+\\x11\\xac\\xd1\\x9e_\\x01\\x99>\\x95\\xa5\\x8e?\roo\\xc9\\x14\\xd6z\\xc9\\xfb\\xc5!\\xda9\\x985\nq\\x08u\\xcc\\xe1l\\xffz\\x1f~\\xcf\\x14\\x88\\xd4\\xb85\\x10\\xac\\x8c\\xc5e\\x08\\xbf\\x98n\\x01\\xc4\\xbe\\xbc\\x98|\\xf1'\\xe91\\xc0\\x9bo\\x9c\\x08r\\xc8x\\xd8*\\xa6\\xc4"
649.  
650.  
651. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010h\\xfbn\\x97y\\xd6\\x0e|\\x02/c\\x9a\\xf3\\x1a\\x84z$\\x1d\\x9f\\x8a\\x01t\\xad\\x9fe\\xef\\xfe\\x94\\xe1\\xfc\ni\\x94\\xd3\\xcf\\xac\\x18e\\xc1\\xaa4 \\x1d\\xb4\\xfc\\x18\\x94\\x14\\x08%\\xd9\\x0c&\\xc0e.\\x94\\xad\\xf4\\x91\\xffv%\\xfbtg\\xabhi2\\x98r%\\xb4a'_\\x84f\\x8c\\x1a$\\xf7q\\xdd\\xfb-~\\x03-\\x07\\x1awc\\xa4\\x00\\x9e\\x88\\xd3\\xe6\\x1fd\\x91\\xb2y\\xfe\\xfc\\x8f\\xbf\\xf0\\x85^b\\xd1\\x1a\\xa2\\xb0\\xc5\\xac\\xd4\\x93\\x9a`\\xb8\\x86 \\xe2\\x15\\xdc~\\xe0\\xf2\\x84\\x92\\xad0\\x9b1m\\x825\\xf6\\xe4\\x9f2\\xcd\\xcf?\\x1d\\xe9\\x8b\\x9aw\\xb9\\xee\\xec\\xc4\\x1axp\\xa7\t\\xcd/6\\xdc\\xc0\\x00\\xef\\xcb1\\xd7\\xdb\\xe5b\\xfe\\xe1\\xbc\\x86ky\\x1e\\xae\\xad\\xa5\\x91\\x89\\xef\\xcd\\xd3\\x15\\x92\\xdd\\xe7\\x17\\x98\\x95u\\xbc\\x1bl\\x8a\\xc7\\xa5\\xf7s\\x08\\x8cv\\xdd\\xa5\\xc1\\x0bh\\xaa\\xe9\\xde\\x8d\\x8d\\xc7\\xd9\\xf0(\\x8ex\\x80\\xb3d\\x07\\x9e?o>\\x9diw\\xcb\\xec\\xfb\\x87\\xeas\\xd5\\x80\\xc3\\xd1\\x80\\xf0"
652.  
653.  
654. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x14\\x12\\xc3\\xbb\"\\x10d\\xc4w\\xfc\\xddr\"^\\xbck\\xf3\\xff\\xa7l\\xba\\xef\\xd5\\xe5\\x1c\\x88x\\x1a\\xcc\\xf9\\xe9\\x05\\xb8\\xb6\\xa3?\\x86s\\xb0d\r\\xd4v\\xfd\\x87\\xcck\\x1e\\x17\\x14\\xff\\xcal\\x02\\xd6q\\x01m\\x85\\xe0\\x96r\\xad\\xe0\\xb1\\xc4f\\xf0t\\x81\\xf2\\xb3r&\\xe3\\xf9\\xbfmmk\\xf7\\xac\\xc1\\xbf\\x8a\\xb4j~e\\x18\\xf4,\\xf6\\xc4\\x94\\x1d\\xf9\\x06\\xe9\\xef\\xd6g\\xc1\\x93\\x8c\\xf5\\x94\\xa4\\x95\\xff\\xbf\\x86\\x9ft\\x89\\xa6\\x079y\\xa4\\xcaw\\xf92\\xe7\\xb8\\x9f7\\xa4u\\xce\\x91\\xcfv\\x0c.\\xbe\\x90|\\xe9\\x1b\\x1ccx\\x081\\x9b:\\x0b=)\\x08\\xfdmb\\xe5\\xe4\\xe0my\\x11o\\xa5\\xf5\\xfa\\xe5\\xe7\\xfe\\x1f\\xa4\\xf5\\xf2\\x8e\\xa4\\xed\\x84\\xde\\x8cl \\xd0!.\\xbc\\x93\\xab\\x87\\xa2\\x1f\\xd0\\xe9\\x7f\\x84!\\xfa\\xe9\\x9b\\xb2l_\\x8d\\xb2\\x1ed\\x15\\xed\\xf7\\x01p\\xab\\xf71\\xdb\\xe1\\xa8\\xf9c\tw\\x1f\\xc1\\x08x'\\xd8@\\xd1d\\xc7\\xab\\xdc\\x8f\\xda\\xa1\\x9b\\xb2\\x0c\\x06\\x0e\\x91\\x13\\xdap\\xc2\\x95\\xcf(\\xac\\x9e"
655.  
656.  
657. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xee\\x8f\\xab\\xa2\\x94\\x88\\xe4\\x18\\x06v\\x9c\\xda'\t\\xda@\\xc8\\x83c\\x99\\xdd9\\xc64s\\x05*u\\x00\\x86\\x91u.\\xa4\\xacjg\\x16\\xb3\\xc6\\x84:\\xb8=\\xe6\\x03\\xd9\\x80'z\\xaap\\x19\\xfe\\x88\\x05\\xcbd1\\xc6;\\x99\\x14^\\xe8^\\x84q\\xc3$<\\x81%\\x9c\\xe4#\\xa13vo\\x15b\\xd7l\\xd8-\\x16y\\x19\\xbc\\x8erd7\\xa7;\\x0e\\x17t\\x8fqp\\x04a\\x03\\xfd\\xb7\\xde\\xeb\\xf5\\x87o\\xbf#a>\\x8f\\xbc.\\xa5\\xef\\xb9\\xb3(\\xe61hl\\xb7au4\\xf1(\\xad\\xcb\\x99n^ lh\\xcfq\\x93\\xaf\\x85\\x1c\\xfa\\xa5\\xf6\\xaa\t\\xa2_^c,\\xb1\\x12qm\\xa8\\x99s\\xd5\\x1d\\xf0\t\\xf1\\x80\\x8bwi\\x9c\\xe2\\xd9\\x0b5/p\\xb6\\xe9\\xe1c\\x15m\\xea\\x0b\\xe2\\xc6\"\\xca\\xa9\\x95\\xb6\\xa1)\\xacrb\\xf4\\x18\\xe3\\x8exr\\x87'a\\x85\\xc56\\xd3\\x97\\xe7s\\xc1\\x973\\xee\\xb6\\xc2\\xb1\\xc9\\xb1-)\\x935a \\xae\\xd0\\xd1c\\x07\\xae\\xe5\\xbbd\\xe10\\x94\\x15\\x0c\t\\x15j"
658.  
659.  
660. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x043|4_\\xf0q\\xe4\\x7fqd\\xb9\\xa7e\\xb4t\\xe0\\xd8\\x17\\xbd\\x1b\\xaf(n\\xd3\\xc6\\x06\\xa2\\x81/\\xd9\\x9c\\x92='kpj\\xf7\\x07\\xc9\\x85k\\xf3\\x1d\\xa2\\x83eym\\xed`\\x9f\\x17\\xc25\\xd8\\x12\\x93\\xe4\\x87,eq\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xa5\\xa94\\x8eyf\\xdf\\x93\\xfa\\x81wq~\\xbb\\xa6xag\\xcf\\x8aw\\x02n\\xd5i1\\xd0\\xe6;i\\xde\\x0e\\xa6*'|\\x18i\\x87\\xa2pm6j5\\x94"
661.  
662.  
663. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xefw\\xa4|\\xef'\\xb8\\x1cb\\xe2\\xf8\\xd2y\\x18\\x99\\x99\\xd4\\x87p\\xb8oc\\xeb\\x01\\x8c\\xdc\\xa87\\xc4\\xb7s\\xfd\\xb2\\x05\\xaa+9\\xc3ni'\\x0f\\xba\\xad\\xf7?=j\\xe7b\\xc5\\x9f;=\\xb7\\xec\\xd3\\xf5\\x90\\x82\\xed6\\xf3kk\\x16\\x15\\xe3\\xaf\\xa2cd\\xd68\\x9ar\\x8d\\x06=6\\xa1v\\x02\\x16\\x81 \\x11\\x0f\\xffo\\xba_\\xa2edq\\xb8\\xa6\\xd3\\xc9g\\xea\\xfdl\\xfd\t\\xfee\\xfb\\x8c\\xaa\\x9d2\\xf3\\xb8\\xd9\\xe6i\\x8e\\x15\\x06o\\xads\\xefl\\x00@\\x89!z\\xf4\\xca/_\\x13z\\xf30\\xd9\\xe1\\x99&iwl\\xcb\\xb4\\x7f\\xb4y\\xbd\\xbf\\xe1>\\x03\\x05\\x06\\xf9\\xb1\\xa4\\xfb7\\xbel\\xd9\\xce\\xf2l\\xf4+=\\xca\\x96r\\xdf1o\\xc7\\x14d\\xa1\\x8c\\xd2^\\xa3\\xfd\\xa4\\x14\\xff(\\xda-\\x84\\xfesc\\xb9\\xfe\\x04\\xda\\xdf\r\\x0f\\xe6a\\xe7\\xf2%d\\xa1r\\xd2cid.\\x9c\t=\\xe0m\\x84&r\\xf4\\x18\\xf8\\xc0\\xd2\\x15\\xc0\\x02k)\\x1a\\x89\\xb4\\x87\\x0bq\\xb5\\xfdp\\x02\\xef\\x16\\x08~^"
664.  
665.  
666. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xdc\rk\\x1b\\x12\\xa0\\x9f\\xbf\\x96\\xc5+gn\\xcf\\x15\\x1b\\x078\\x83k\\xfa\\x92\\xac'\\xd0+\\xd9\\x8d\\x027\\xfe\\x12p\\x96\\x84\\x05\\x8b\\x0c\\x11x\\xecy)z\\xcd<\\xd5\\x1d\\x8c\\xb5\\xa6\\xc9\\xf9`\\x89\\xa6\\xf8og\\xa8\\xe4\\xeaph\\x06\\xe8\\xd8o\\xa2\\xc7m\\x05/#\\x1d\\x05\\xf1c\\x93g\"%\\xdf\\x8d\\xf8\\xf4\\xd0y\\xb73\\xaa\\x8d\\xac\\x8d\\xcbho\\xb1\\x9c\\x02\\x92ha\\xbd\\xf5jj\\x84\\xdd\\x89\\xeb\\xbc^\\x0b\\xe14\\x0e\\xdd\\xd7n|b\\xc1\\xd4\\xf8\\xbc\\x18\\xd3\\xdc\\xff \\xafb%f\\xe1\\xb1m\\xefcdy\\xb1c\\x07\\xe9\\x84_\\x8ex\\x056\\xa9=\\x88\\xae\\xd1\\xe8kn\\xc1\\xd6hg\\x16#\\xbe4j`\\xf1\nb\\x0f\\xf2\\xab\\x8du\\x02%\\xacq\\xe3k\\xcag\\x194\\xf5s7v_\\xbf\\x8b,t\\x9e%\\xed\\xdb\\xe6\\xec(\\x17\"\\x80\\xb7(\\xcci6f\\x9b\\x14\\xde\\xf6\\xea\\xb97\\xc1eb\\xf6\\xd4\\xed\\xdd\\xec-\\x91\\x89|\\xd3z&\\xf5\\xb8\\xa4\\x9ep\\x0f=k8\\x95\\xc1\\x08\\xd0\\x03"
667.  
668.  
669. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010t\\x01\\xe7\\x16\\xd8\\x89\\xe2\\x0b;\"\\xd4(\\xb0a\\xd5g\\x92\\x0e\\xa0\\xa1\\x90l\\xe6\\x92,\\xbd\\xf5\\xd8\\xadfq\\xce@\\xa6\\xcelx\\xe23\\xa6\\xd9ep\\x0f;r\\xe7t\\x92\\xab\\xac\\xd9\\xcc\\xe5m\\xb9\\xc0\\xce\r\\xac\\xb7\\xb5|1;b%\\x864\\xfb\\xd7\\x9c\\x16\\x7f\\xe2z'\n\\xeb\\xbfme\\xee\\xf2\\xd5\\x0c\\x91\\x9d\\xdes+\\x9a\\xcf7\\xe8\r\\xf8\\x96\\x0e6p3g=a\\xfa\\xb1f\\x16\\xa5j\\xf0p\\x88\\x85e\\xe5\\xe9\\xb8\\xa3\\x07b)\\xe7\\x13\\xffm\\xa3\\xe9\\xb0\\x95=\\xc1\\x19x\\x93\\x11x\\x082\\xcd+\\x17\\x07\\xaa(\\x02\\xb9#\\xb2\\x12\\x8b\\xa4\\x0c\\x1e\\x17\\xc3\\xa9\"\\x8e\\xe7`?\\x1b<\\x85<\\xb8#'i|d\\x10ad&\\xbf\\x99k\\xeau\\xbc4\\x1e\\x93\\x1b\\xa9szl\\xe4e\\xc1\\x91s\\x04?\\xb8\\xd5\\xa2\\x01\\x82e\\x14\\x05\\xd9f\\xbc\\x00c\\x84\\x9f\\xfd\\x82\\xeeq&\\x87\\xeb\\xe7\\x92\\x80\\x04\\x87w\\x9e\\xb8\\xbc\\xf7\\x15%\\x1c\\x87\\xe6\\xfdk\\xd6sf1u\\x81\\x02\\xect\\x86?q\\xc6"
670.  
671.  
672. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010c\\x18\\xaf\\xea\\xefm\\xbd\\xbf\\xd7\\x1aa\\xea7k\\xdb\\xa1\\xfd/\\xb4\\xe9\\xcb\\xdcj+\\xaax\\xd1m\\xafh\\x07\\x1b\\xcfa'\\xd4\\xb6\\xc81\\xe0*\\xad3\\xda\\xba\\x9a\\xba\\x8d\\xff\\xc6\\xcf\\xedu\\x1epo\\x05=\\xe9\\xd5\\x1d\\xe5\\xcdz_\\xd8\\xe1\\x90\\xe8\\x88\\xe1<h\\x80'g\\x84\\xe2\\x00\\xb7x\\x04h\\xe3g\\x9a\\x91\\xe9\\xf8\\xf3\\xd3\\x9c!4\\xf9(#\\xf2;\\xf9i\\x1e\\x0f\\x17\\xa0\\xe8\\xba\\x87;kg\\x08\\xb2z\\xca\\x91zx$t\\xfer,4\\x82;\\x96\\x92\\\\xed\\x80\\xee80\\xb0\\x07\\xc5\\x18\\xea\\xe9e\\x13y\\x85\\x1f\\xec\\xdbt\\xa6\\xcd\\xa3q\\xd5\\x12\\xc4\\xc7\\q?\\xa9o$'\\xbe\\xce\\xc6\\xa9\\xc1t\\x9c\\x8457\\x11z\\xcf\\x81\\xc1\\xd09\\xfb\\xf8;ng\\x87\\x16\\xb7:n\\xdd\\x13v \\x02\\x1b\\xaa\\x08\\x07\\xcau\\x04(\\x8b \\xcb\\xee\\xbef\\x9a\\xf8\\xcb\\x1a\t\\x92)\"\\xc6\\xf7g\\xc7hj\\x17\\x89\\x95\\xe5\\xfb\\xa2\\x7f^\n\\x00p\\xa7\\xdd\\xd2\\x9f7~n\\x1e\\xc1\\x15>\\xbc\\x96*\\xce"
673.  
674.  
675. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe0\\xf6\\xd9\\x06\\xdaf1\\x9fy\\x7f#w\\xefh\\x07\\xf8\\x0c\\xb3s\\xec\\xb8\\x8dsiw\\xcd\\xee\\xd1\\xb8gc>1b\"\\xb7\\xd4\\xc4\\x96\\x810\\x8f\\x7fg,?\\x18up!\\xbdi\\x8f\\xc1z\\x14\\x00\\xe6\\x01\\xbf\\xe5\\x17\\x86\\\\xaa9\\xa1\\xb5\\xedc\\xb3\\x96\\xa3\\xd5\\xd4\\x87\\xd3\\\\xa4an\\x19\\x9e\\xa2\\xcd\\x9c\n\\xdd\\xcd\\xee$\\x98\\xeb\\xbd\\xb8\\xcb\\xfa\\xe4a\\xb4\\xd9\\x08\\x17\\x18\\x18\\xb9x\\xff\\x1bf<piox\\xac\\xff\\xb9^p\\xdb\\xec\\x19\\xec\\x15\\x93\\xeddo=\\xfd\\xa3\\xa1\\xf0t\\xe1\\x84.l~\\x94\\x02\\x06\\xc0\\x86`\\xaa\\x1d\\xe1v\\xf5^\\xa1c\\xb7\\xf5u\\xac\\xbb\\x14\\xcf\\xecl9\\x1b\\xf3nit\\x93|\\xd0c@\\xe8\\xb5\\x93*\\xeb\\xbb\\x1egr\\xe3\\xb7_|\\xaa\\xd3gm\\xa4ua\\xcd\\x15\\x1f\\x12l\\xa0\\xeb\\xb7\\x9e\\xfdon\\xa1zx\\x9d\\x13\\xf6f\\xc4\\x84\\xcc#\\x95\\x95\\xf2\\xb3\\x06\\x8c%\\xc8\\xdf\\xc3\\xbd\\x1d\\x1f\\xaf\\xfc\\xbc\\x1b\\x82r\\xb1\r\\xd3x2\\xa8l#n\\x95\\x10#\\x9d"
676.  
677.  
678. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xa7\\xf2\\x17\\x11\\x8e\\xdd\\xdd\\xbd)s\\x87o\\x04\t\\xf1\\x87|x\r\\x9berf8w\\xd9\\xdch\\xea\\xe0n\\xc7\\xa0&\\x1b6\\x95\\x1b mf\\xd1c\\xb9\\xed\\xbe\\x952x\\xde\\xc0\\xb9ndw'\\xb0w\\x07\\xe9\\x1c\\xd3+\\x85\\xeei)q\\x95fk\\x1df\\x98\\x93\\x10\\xf4y\\xe8\\xdc|->-3\\x7f\\xb5\\xb0jl\\xc4\\x05ynv*\\xcc|\\xc3b\\x94s\\x93\\xc2\\xab\\xba4%hra\\xcd\\x1b\\xaa\\xc7\\xffa@l\\xc5\\xc6.\\xdf\\xdfc\\xe0\\x14\\x10\\x9c\\xe0\\xa5\\x8bv\\xca\\xc1\\xbe\\x15\\xc6\\x01:\\xf2\\xa7\\x82\\xafmnh@\\x84l'\\xc4,j\\xf3\\xe7\\x11x'8\\x80\\xc2<w\\xa8\\xd0\\x11w<\\xf6\\xac\\xe6u\\x9bx$&\\x03\\xe5\\xd68\\xadl\\xa1\\xc9\\x00;\\x8eq\\x1f\\x0b\\x98\\xbc\\xd8\\xff\\xb6df\\xfe\\x94\\xfd\\xf54\\xb91\\xe3\\xf8`\\xb7\\x83\\xbes\\xc6t\\x89\\xcbb\\x1b\\x93\\x08\\xd7\\xcc\"\\x11\\x89\\xa3`>km\\xcb\\x81\\xb7\\xf5\\xd0\\xe3l\\xe5\\xc9tp\\xf0'\\x1f\\xc0\\xf4\\x98\\xed`<c"
679.  
680.  
681. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010%\\x18.\\xa3\\x88u/\\x8ahxu\\xcfg\\xc6\\x8a\\xd1\\x95\\x0f\\xf9\\x13d\\xfb\\x1ek\\xd6f\\xc1e\\xe1\\x85\\xa2\\xa7!p\\xb8@8\\x92%\\x85\\xa2b\\xb7'f\\xaerx\\x16\\xf8*\\x9ca&\\xcaq\\9\\xa6\\x0e\\x8b|q\\x074ax\\x967\\xb8\\xbco\\xa5\\x04\\xc6\\xeb\\x94j\\x85\\xaem\\xba!\\x18\\x91\\x1a=\\xca\\x82\\x07v\\xd8\\x8fx(\\xa4\\x90j\\xb8\\x9a\\xfb(^\\xe2$\\x00\\xc7'1\\xa4%@\\x03\\\\xa1\\xf4\\xe9n\\x18nl0\\xb3\\xcf\\xac,k\\xeb\\xcd\\xfd\\x91\\x81:\\x00\\x7f\\x04\\xbc\\xd5\\x98\\xb1\\x15\\x8b^l\\x9d\\xc6\\x9b\\x8f\\xa9\\x0c\\xf5\\xe3w\\xd4`jm-\\xf5\\xb6\\xfe\\x18\\xb3\\xd782uq\"9z\\x83yq\\xe1u\\xfa\\x1b\\x80!\\xea,o\\x8e\\x1e\"\\xc6\\xe1\\xc50\\x14d9^\\xf9.z\\xaci\\xd6uk\\x12l\\xc8\\x15a\\x8f\\x88\\xcd\\xa2v\\x81\\xd5\\x9e|\\xeb\\x07a\\xef\\x83\\xc3\\xb8v\\x13\\x05\\xae\\x17jg\\x84a\nc\\xaa\\xb2\\x0e\\xb3\\x94,\\xb0q\\x81\\xd6o\\x90"
682.  
683.  
684. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x0c*'\\xe7(#\\xa2*\\x8e\\x99m\\xc2\n\\xd3q\\xef\\xad\\xd2tp\\xf7p\\xaab|,:\\x08\\xe1\\x96\\x16\\x06\\xc9\\xf6k\\xd8h@\\x07\\xaaai\\xbel\\xb4c\\xa7\\xebg\\xa9(\\xfel\\xd9qu;bw'w\\x00p\\xe9>\\xda~\\x95\\xd6\\xa5\\x9er\\x00w!\\xe9\\xc5\tg\\x9a\\xd3\\xc5p\\xbb~\\xf2\\xb1>\\x1doa%\\x0ez\\x12\\xca%r\\xbb\\x9f-\\xaa\\x13\\xcb\\x06k,\\xdd$\\xb1\\xa6\\xb8n\\xaf|\\x18\\xb2$u\\x0fqi\\xa9\\x9c;\\xf0\\xc3\\x93\\x02\\xb6\\xfb\\x83q(\\x1fa$\\xe5@\\x960@ho$\\xaf\\xf2\\xf2v\\x95\\xe5\\x99z\\x8ab\\xa1\\xa5\\x1do\\xb6\\x85\\xaa\\xd2\\xf5\\xdb\\x9ct\\xbb\\8l^\t\\xe9\\x91t\\xd0,z\\x03$\\x8c\\x8c\\x90\\x93m=?o\\xde\\x8a\\xa2\\x9bb^?^1\\x91\\xd0\\x8b\\xd0\\xc0)o\\x83t\\x9a\\xf5\\xf8\\x80\\x94`\\x81\\x1bd\r\\xe5z\\xaa\\xd1a\\x17\\xc1\\xee\\xe3\\x82;\\xe37\\xcel\\x1e\\xcf\\xc5\\xdf\\xee\\xce\\xbd\\xbd\\xf1\\x91\\xe4\\x85\\xd4&"
685.  
686.  
687. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010q\\x1dn`\\xad\\xce.\\xfe4v\\xcd\\xb2\\xf4k;%\\xc1\\xc0(\\x97\\xc5\\x8d\\xa1\r\\xe8\\xeeuw\\xfc\\x18\\x04k\\x15\\x90\\xd1\\xc7\\xca\\xfb\\xc2\\xdf\\x10\\x0f1%hm((\\xaci\\x9ft_\\xf3\\x8e\\xd8bj\\xb0\\xbd9\\x11\\xd6\\xdfw\\x9c\\x86/\\xc87\\xc7\\x04\\x03\\x8cb(\\xfd\\xd6|m\\xb4\\xaf\\x85@'\\xbb\\x1d\\xc4\\x8f\\xcd\\x02\\xda\\x88z$\\xfe\\xe6\\x15\\xcc\\xc4\\x97\\xbd\\x9d\\xfczb\\x83\\xaa\\xa8\\xeb\\x02\\xf6s;r\\xca\\xbb \\x15\\xf2\\x902q\\xd5\\xaa\\xe0jd\\xaae`4\\x052\\xbf/\\x1f\\xae\\x8a\\x87\\x92#\\x99\\x15\\xcb\\xe9\\xc9\\xc2\\x17\\xc4)\\x87\\x83*k\\x80\\xc9luk\\xc0\\xcf\\x9c\\x89\\x1f0\\x96,\\x80*\\x12\\xa0>\tr\\xfc\\xe8\\x93\\xa3\\xa9\\xe3/\\x877b\\x0f\\xd6\\x0f\\xa5\\x97r\\x94\\x17g\\xc4/\\xaa\\x87\\x889\\xb876^\\xc3\\xa8^\\x02(\\x95,=\\xea\\xf7s\\x16\\x15\\x01\\xfb4\\xc9\\x8ah\\xe8l\\x7f9w'\\x1d\\xf5\\x00b\\xbf\\x81l\\x99upsza\\xb5\\xc7\\x99m\\xae"
688.  
689.  
690. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010z\\x18 \\xc7\\x03\\x95\\xfc\na6\\x171i\\xd8-)u\\xa2y\\x18\\x94\\xd4\\x1be^\\xcc\\xf4\\x01t#\\xc4\\xb0\\xb6\\x93\\xaa\\xa54\\xdd\\xa3\n\\x8c\\xde\\x98c\\xe3\\x8f`\\xc5j\\xc6\\x0c\\xadx\\xd3\\xfa\\xddkb.\\x1b\\xc4bg j*\\xdal\\xc7>\\xe4\\x89u\\xcb3\\x8e\\xcey\\xfd\\xc0\\xcdv\\x82\\xb2\nv\\x88k\\xc3\\xe2~u\\xfff\n\\x1a\\xe2\\x8f\\xa8\\xb4f\\x9e\\xf85\\x1b\\xd7f\\x98a<\\x84\\x07\\xee\\x9f\\xeb\\x96\\xd83sx \\x16\\x1c\\x93\\xb3\\xc5b\\x91x:;\\x8e\\xe5\\xb5u\\xdf\\xb0\\x90\\xf4\\x0c\\xbc\\xf4\\xb0!\\xe0\\xcea\\x0b\\xeb\\xfb`\\xca\\xe6vl\\x05-\\xfa\\xbc\\x13\\x03@iq\\xff'\\xe8\\xc1\\xb3\\xd2\\xc6\\x1a;$\\x0c\\x96\\xa7s\\xd9\\x9f\\xf3\\xc05\\x00\\xe4\\xfd%\\x9b'\\xa8r\\x87\\xb7k\\x86\\x9c\\xbf\\x17\\x87c\\x9d\\xd5\\xf1\\x17\\x90t\\x8a\\xf7\\xac\\xa4\\xb5\\x15\\x8c-\\xbca\\xcb\\x82o\\x89\\x8c*\\x93\\xfe\\xafm\\xa5\\x06?\\x8c\\xc2q\\xc8\\x17\\xd9a\\xfb\\xe2\\x9b\\x9d\\x99\\xc95\\xb8r\\x9d\\x12u"
691.  
692.  
693. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010ux*st\\x9do\\xb6\\x15\\xbb\\xa6f\"\\x98\\x0b\\xad\\xb1\\x7fu\\x82\\xc3\\xe2\\xb6\\x18\\xf7\\xadi#<)#\\xe3\\x12se\\xf5\\x07&\"\\xed\\xab\\xda\\x84\\xc9\\xb7\\xa7-\\xf6 >;\\xc23f4\\x02\\xb1>\\xdb\\xc3e?\\x0csd\\xb1:\\x1a\\xfe\nxw\\xd5\\x80rg\\xf5h\\x9bp\\x10\\xc5\\xf2l#\\x91x\\x8f\\x03\\xbb\\xee\\xae\\xab\\x18\\xbf\\xfc\\x9f\\x00l\\xa7\\x08|\\x8ef\\xee\\xcf\\xd4\\x1c?\\xd2\\\\xf8\\x18\\xf5\\x1c\\x89`c^\\x88\\x0e\\xdb\\x18\\x8c\\xfe\\xea0\\x15\\xc5\\x1f\\x16l\\x01\\xb1\\xfal\\x17;\\x8a\\xcc@\\xec\\xfb\\x17\\x81\\x18\\xb0n &w*\\xc44\\xe6>\\x99\\xde\\x0bqo\\x94\\xaf\\x1a\\xf2n6\\x14.!|r\\x02\\xec\\x16\n\\xect\\x1e\\xee\\x85\\x01\\x9c2\\x7f?\\x0f\\x7f\\xe5\\xbekxz\\xcd\\x0c\\x9b\\x81\\xb3\\xb89\\xc5\\x16\\x8e\\x9aw7\\xb73\\xe7\\xeb\\x82\\xbf\\xf6\\xa0\\xa8\\xa6\\xf1\\xc1\\xaa9\\xc6z7y\\xed\\x87\\xb5\\xdc\\xeb\\xc0\\x1f\n5=\\xb14\\xb6gg\\xc8mm\\xb2\\x11m"
694.  
695.  
696. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x1d\\xfcu\\xbf\\xcb\\xe1\\x7f\\xad\\xa4\\xce\\xa9\\x89n0\\xc8\\x8b\tza\\xb1'f\\xae\\xb5\\x1d\\xcb\\x0e\\xd5d\\x8e\\xb7\\x93b\\xff\\xbe(\\x9a\\xbedo\\xa6t\\xf4\\xe7)\\x16h\\x18\\xaf\\x13:\\xb1\\xbe\\xce\\xa6\\xce0d\\xa6e\\xf8v\\x11lg\\xf8h(v\\x9c\\xa5\\x9b\\x0b\\xa9\\x95\\xbd)\\xb90a\\xc9(j\\xc7v\\x8d\\x8f\\xe6pq\\x94o\\xc9\\xe4r2\\x83\\xef\\xf0\\x18o\\xc8c\\x05\\xe8`\\xc5\\x0fn\\xb4k\\x8e\\xe4'7n5m \\xad\\xc1\\x9c\\x05\\xfa\\xe5f\\x8b\\x95\\x03\\xb0\\xe4\\xa7\\xc5\\xb7m\\xa0|\\xd3\\xb1\\x9fvp\\xc0.\\x06\\xc1\\xc7smg%~\\xac\\3\\x1e\\x8dvwq@/\\xee\\x01m'e\\xb7\\xdd\\x05\\xdb\\x0er?\\x05\\xb5\\x87s\\xf7=\\xaejd\\xb3\\x07<5\\xcb,/\\x0f\\xaa\\x16z\\xb8s\\x01\\x13\\x1b1\\xbc%q\\x89~z\\x01\\xb1i\\x99\\xac\\x92\\xdfdk\\x13\\x02\\x94\\\\xa2;\\x89fr\\x9a\\xbc\\xd9g\\xe8\\xa5\\xc3e\\x02^\\xca\\x93$\\xb1\\x88b\\xf8v\\xee\\xd24\\xc4\\xddp!"
697.  
698.  
699. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010|\\xceg\\x90tj_ \\xaf\\x91\\x18ipv\\x10\\xa2&v\\x1bv\\xe5\\xacc\\xe6x/\\xb7\\xce\\xaa\\xcf\\xb9\\xecs\\xb4\\xf4\\xf5\\x8b:\\x9e6\\x85\\x1bzh\\x13k>\\x93e\\xf3\\xad#s\\x84\\x95x\\xd2v\\x97:\\xb4\\xa3\\x80\\xc1\\x1d\\xcfzt\\x8d\\xe1\\xb8\\xaafj\\xa3\\x04ap\\xbex^\\xa1\\xb6dq\\x9ey\\xcc\\xc0\\xa2\\x7f\\xe6bo\\x1f\\xda\\xe0=y!sv\\x82\\xcd\\xa7\\x99\\xdd\\xe0\\xf49\\x10h;j\\y\\xa6r<\\x92\\xe5\\x82*\\xa3\\x8e\\x9e\\x83z\\xd5\\x8cn\\xf4\\xe0\\xb0\\x03\\xf9\n o\\xdb'dqzt\\x9a\\xac\\x04\\x0fm5\\x89gah\\xfa\\xb1\\xc3u\\xd3\\xe7\\x8d\\xbab\\xb1r\\x05\\xe5\\xb1\\x85aq\\x93\\xfe\t\\xc7\\x13\\x9aw\\x033\\x9e`\\xcb\\xa6\\x93\\x1d\\xd7\\x8d\\xb6\\xeb\\xa3\\xa0/\\x8d\\x87c\\xa0\\xa5\\xed\\x88<\\x8d\\xdb_\\x1d\\x81\\xe5\\xc9m\\xe4\\x03\\x9f\\x17\\xfeo\\x1b\\x1a\\xaf8\\x98\\xd5\\xa6\\x89\\xbc\\x1dx\\xbe|\\x9e\\x18\\x06\\xf9\\xbf\\x1e\\xa9\\xab\\xcf\\xd1\\xecxhgl\\xda"
700.  
701.  
702. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\"\\x10\\xfe\\x91oq\\x81b\\xd0\\xbb\\xf0\\xd5\\x19\\xa3\\xc2\\xd9ti)\\xaa\\xdc\\x03\\xad\\xdd\\xfc)\\xf0:\nu\\xa4\\xc2\\x0e\\xe6s\\x9fy2\\xe9\\x02\\x08\\x9d\\x15\\x97\\x8d\\xae\\x80\\xe7\\xacz\\xb4\\xe8\\xcez\\xdcd\\xd6.\\xd2\\xa6v\\x9a\\xd1\\xdf2s\\xf9\\xf8\\xef\\xf9\\x12p:*\\xcck\\x94yt\\x0e\\x0c\\xfbd\\x92ri3)\\xc3?\\xc71\\xd8\\xe7l\\xe1\\x95\\x07\\x1d\\x86\\xf2\\xc1@\\xb9\\xee\\x82h\\xfea\\xfc\\x95\\xceq\\xd9r\\xce/\\xdc~s\\x82\\xf4\\x91\\xde\\xe3\\xb5\\x7f\\xf8\\x92o\\xec\\xea\\xef\\xc9\\xfe\\xc8\\x91\\xb3\\xb2\r\\x83\\x1f\\x9f\\x05\\x1a\\xea!\\x02c\\xfb\\xb2~\\xb43\\xbde\\x1a$\\x12\\x05\\xbe\\x8c\\xf1ai\\xb6\\xf5 \\x96\\x01\\xf6e\\\\xc2\\x9ev\\x86\\xfb\\xdd\\xe2\\xc7/h5\\x0c\\x04\\x19\\xa4#\\x10ft\\xf8k\\x1e\\xe4\\x97p\\x92\\x08\\xa3\\xe1\\xe7\\xbc\\xc7b\\x08\\xea\\xaf\\xd4t\\x8a\\xe1\\x7fl1\\xa0\\xcb\\xb0\\xc2\\xc6\\xa9\\xbfqf\\xcczu\\x86\\x045&\\xb9\\xcc\\xc1\\xcakg\\xe4\\xecbu\\x80\\xc9ysz\\xac"
703.  
704.  
705. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010ge\\xfe\\xd3;\\xaa%\"\\x8b\\x1e\\x9e\\x1d\\x15\\xfa(\\x14?\\xb7+\\xdc|\\xb7\\x14\\x17\\x01\\x96,pd\\x1e\\xd4\\xc1l&\\xca\\x7f\\xc8\\x97\\xb7\\xf6\\xa1\\xec\\x06 \\x13-\\xe2\\x93\\x10wf&\\xc3js\\x04\\xe4\\xb6r\\xa7\\x0e0\\xdf\\x87p\ty\\xdc\\x11\\xa1#\\x95\\xf2@zz\\xc3\\x90\\x9d\\xb9\\x15\\xa6;\\x97#\\xb0d!q\\xb0\\x05e5\\x1b\\xa5\\xd9w\\x95\\xa8\\xbc\\xc2\\x89\\x1a\\x1b\\xb2w\\xd0j\\xa9\\xe8\\xc2h\\xd9o\\x86\\x87\\xa2\\xe4\\\\xba\\xac6*g\\x80\\x8b\\xd2\\x8b\\x1bmh\\x87\\xbbs\\xae\\xd2\\xf7\\xc7\\x88\\x85\\xa3p+\\xc7\\xe2\\x89r\\xf3\\xbe\\x92\"\"9\\xa7j\\xa6\\x9c\\x98j\\xef\\x84\\xb6wp\\xa3\\x9c\\x15_\\xac\\xdc&\\xa4\\xd5p\\xd13\\xfce\n\\x0b\\xe55\\xf3\\x8d\\x97i#\\xbf\\xc2\\xa5\\xee\\xfd\\x96\\x86\\xddq\\x98*\\xad~\\x1f\\xf2l\\xaf\\xd9\\x93\\x1c\\x08\\x80\\x89a\\xe1q\\xc2\\x13\\xba\\x10\\xeb\\xa3\\xaf\\xa5>\\xa2\\xc1\r\\xf5au<\\x96\\xd8\\xef\\xa5\t(\\xd8\\x06\\x04\\xa8\\xd1v\\x9a\\xf5f\\xdf\\x81j\\x9e"
706.  
707.  
708. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010ck\\xaa:^\\xed$\\xfb\\x99\\xbd\\x89m\\x88\\xd2\\x00\\xeaw\\x8funp\\xcb_\\xc8\\xc6wr6=3\\x90\\x0b\\x15\\xb3\\xb2<l\\xf4\\x0cmn^g\\x07\\xac*\\x9a\\xa3\\xe0\\x9f6\\xe2\\xea\\x84\\xa9\\x9b\\x92\\x05:\\x10\\xa2x\\x15\\x86\\x18\\x932\\xbf`m\\x89\\x801\\xf1\\xf4\\x9a\\xcd\\xa9\\xf4\\xe8\\xc1\\xdam\\xb2by\\xb7\\x85\\x99ec\\xa8p\\x12~\\x1ai\\x0e\\xde\\xa8;\\\\xc3\\x93\\xcfhi\\x05\\xe6jm\\xab\\xa5\\x1d\\xd3\\x86\\xd8\\x05k\\x1e\\x0b\\x82\\x9bkex\\x03\\x8f~\\xe7\\x04t\\xcb\\xf5\\x14\\x85\\x15)1~\\x18=%oc\\x86\\xfb\\x82d)\\x02\\x91\\x99\\xc8\\x15\\x07\\x03\\x05\\xf1iac\\xbd9\\x8d1\\x94\\xb3\\xf4\\xcddn8\\xd5\\xe8\\x159\\xf6\\x1b\\x8c\\x9a?j\\xcc\\x1e\\x81(\\x1d\\x99\\xce\\xe3\\x96\\x0ee\\x198\\xfa^\\x9b\\xa9\\xc7\\xc5\\xe7\\xc4\\xfb\\xe2y\\x89\\xae\\xa3u\\xcd'\\xeb>\\x80\\xbe\\xaf\\xfb\\x11)\\x1a\\x11\\xa1\\xa3\\xd2h\\x8cg\\x84\\xdd\"!:\\x906\\xf1\\xd016e\\xf5rnjdk\\xa6h"
709.  
710.  
711. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xc8\\xb8\\xbfb~yu\\x04\\\r\\xd7\\xb1\\x93p0\\x91\\x00\n\\xe5\\xb2\\xcd\\x9c>\\x94:b\\xc0\\xa33f\\xca\\xb5\\x08g\\x80n\\xbbeq\\xa59\\xb6\\x94\\x84\\xd3\\xc0\\xdf\\xb6zx:'+m\n\\xee \\xa6\\x86p\\xe9\\xebn\\x1a\\xd9c\\xf3dh\\xd0z:\\xe2\\xdc\\xc7\\x0b^\\xd5_0cg\\x1c\\xc40?q\\x1e\\x9f\\xd5t\\xe7\\x8al)\\xf8\\xe1\\x82\\x83\\xa5\\x1fx\\xff\\xe0\\xbebx\\xd1\\xf0@\\x81\\xb2a\\xabm\\x99\\xfc\\xc8\\xa3\\xbb#u\\xb77\\xd6\\xa0\\xa0s\\xf8\\xda7c=\\x853\\x86\\xa5\\xadkm+k\\xbe\\x8bc\\x93\\xce\\xaac\\xe2g\\x88\\x99w\\xd3r\\xcd\\x8b\\x87nw\\xf2\\xcf;\\x16w\\xc6\\x9c\\xb6\rtfimo\\xe1q\\xda r\\xe4\\x9c\\xbe\\x10\\x8a,\\xeas\\xea-\\x11\\xdd\\xdb\\x9f\\xf5^u\\xa2\\xe9\\x03+\\xdbb\\x82\\x9c\\xc8\\x84f\\xdb\\xc8\\xf8o\\xd6\\xd4\\x0bi\\xe1\\xccn\\x95\\xbdr\\x15h\\xba\\xdbx\\\\xda\\x05ytl\\xb9\\xd9bs\\xba\\x99\\xd7\\xdd\\x99\\x1e\\x7f\\xb3\\xa3\\xd7"
712.  
713.  
714. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010b\\xe0\\xa0#\\xb1\\xa0\"\\xc1k\\x18\\xb10;~'\\xbd;\\xb0\\x9d\\xf10%_*`\\x01\\xbf \\xf0\\x0c\\xcbsb?\\xde\\xf7\\xd9l\\xc4\\xf4;t\\x8bhg|\\xde\\xef\\x13\\x8e\\xe4\\x06\\xb7\\x8eb\\x17nl\\x01\\x88dh\\x93tu\\xce\\xa0eu\\xde\\x19\\xbdx\\xb1x\\x87x\\xc5\\xdb\\x10w,nw\\xf4\\xe6\\x88\r&)\\xde\\xfe\\x18\\xb7\\xff\\xa7k\\x87\\xdb\\xa3\\xe4p\\x88\\x9d\\xa2#\\xdbf\\x19p\\xd6&\\xca\\xae\\xb2vp\\xc4j\\x01\\xb5\\x8b\\x01\\xec\\xef/e\\x89\\xf2b4\\xfd\\xa3\\xb8q\\x1c(\\xa6x5\\xe1\\x7fv\\xcc\\x0fs\\x8d\\x9e\\x0e\\x91tt\\xddjk\\xda:\\xc3!\\xbe\\xf4:h\\xf6\\xed\\xc9\\xf3\\xe3\\xf2\\xd4)\\xdf\\xc0\\xe9/^uoh(\\x10\\xe4j\\xd4\\x89h\\xd6\\x99\\xd5\\x03\\x1f(k\\x02\\xb8\\x0b`\\xee\\x16\\xa0\\xfd\\xa1\\x1c\\xd9\\x8a\\xdd<>\\xa6\\xeb\\xe9\\w\\xc6\\x13\\x8c\\x18\\xd3\\x10t\\x86\\x9ea\\x0e~\\xb1\\x84\\xa4\\xdd\\x98\\xd0\\xc0l\\x94\\xc9|ern\\x12\\x8f\\xd2\\xa2\\x9e\\xd9n\\xf5\\xcb\\xd3"
715.  
716.  
717. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x8e\\xdbq\\xd2\\xbd\\x8d\\x16\\xd7j\\3\\x93\\xac\\xf4+\\x03\\x0e\\x86\\xce,&\\xd99\\x02\\x1d\\xfdp\\xcc\\x8e\\xf7\\x06\\x1f\\x85\\x11\\xc9rd\\xd2\\x90k-\\xd3\\x91\\xbe\\x02j\\x04\\xa3^\\xca\\x92x\\x9dx\\xda\\xdab\\xc4\\xefn\\xaf\\xa6\\xa15\\xf0\\xf3\\x1b\\x80\\xa0\\xb1.\\x8dg\\xe3q\\xe7\\x15\\x94\\x16x\\x92m\\xeca\\xc2\\x11\\x8b\\x96\\xc4`\\x13-a\\xb5j\\xd3\t^\\xb2\\xfa\\xbe\\x9e\\xc2\\xf0'\\x93x\\x93\\xefe\\x9a\\xfa=\\xb37\\x8e\\xcc\\x17\\x99\n\\xe0f\\xbep\\xeav'6\\xb0(\\xca\\x1a\\x7f_\\x9b\\xfdc\\x1b/(s\\xe5\\xa5\\xb7\"\\x19n\\x0cn\\xedj\\xcc\\xd59\\xa3@\\x8b0\\x1c\\x1c\\xf8~\\xf9\"q\\x18|q\t\\xb3\\xd7\\xf9\\x91z\\xf6\\x0b\\xe8\\xbb(=\\x1a\\x90\\xfc\\x0f\\x11\\x013q \\xf4u\\xc2+\\x13\\xaa\\xda\\xa5m\\xe6j\\xe8\\xf9\\x8a%eg\\x8f\\xc3\\x8e\\xe0\\xce\\xc57\\xc8\\xd5\\xfdfl%\\xd5\\x1b1w?1%\\x90,7\\x14\"v?\\xc8\\x08\\x95da\\xa4\\xf9tdh\\xbd\\xe0\\xc8\\xdd\\xd8"
718.  
719.  
720. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x0109<\\xc0\\xff-\r$\\xa6^\\xa1\\xbd|\\x9fle\\x1d\\xc8\\x11\\xfa6\\xb5\\xbc\\xcb\\xa3\\x92\\xaf\\xc6\\xde\\xc4(\\x0e,\\xb9c\\xcb\\x96i2\\xf0\\xb4\\x99h\\xce\\xbfe\\x16i\\x011+x\\xbds\\x9f\\xe0\\x0f\\x18\\xfb\\x06\\xfb\\x91\\x8alc\\xf4+p\\xf2\\x0f\\x10\\x1d=\\xf5\\xcdx/\\xa7\\xea\\xb4q|\\x83\\xf5\\xdf\\xce7\\xcb\\xe8\\x9d?\\xf5\\xd6\\x846\\xfa\\xe2\\xc5\\x8a\\xe6\\x0f\\xea(\\xc0|@c\\x84\"%%e\\xe3\\x15\\x98\\xa04\\xf6\\xb7\n:|\\x0e\\x03\\xb2\\xfa\\xc3xe\\xcd\\x83\\xa3?\\x94u\\xf6\\xa0\\xfa\\x82%\\xd3\\xb2\\xbb\\xf1\\x0f\t\\xa8\\xc3~e\\x9c~\\xa5=\\x16;9e-\\xcei\\x861\\xe0.\\xf8=\\x8e\\xe7)7#c0\\x02\\xcd\\xc3a\\xa5\\x92\\xe6\\xe7ua\\x1f+\\x8c\\x01'\\x149\\xeb\\x964\\x9e\\x95r\\\\xbc\\xc9z|\\x85\\xd8n\\xcd.\\xe1\\x9f\\x9d\\x0f&3\\xef\\xe2#\\xa3\\x87\\xa3\\x05\\x19qrg\\xc5\\x7f\\x15\\xddh\\xf6\\x0ep\\x7fgi\\xfe\\xbd\\x1fx\\xc3\\xeaw\\xd8\\xd3\\x8b\\x8ba\\xe8\\xa3"
721.  
722.  
723. "http_request": "winword.exe_WSASend_get /pki/crl/products/microsoftrootcert.crl http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: thu, 07 mar 2019 06:00:16 gmt\r\nuser-agent: microsoft-cryptoapi/6.1\r\nhost: crl.microsoft.com\r\n\r\n"
724.  
725.  
726. "http_request": "winword.exe_WSASend_get /pki/crl/products/miccodsigpca_08-31-2010.crl http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: thu, 14 feb 2019 06:01:18 gmt\r\nuser-agent: microsoft-cryptoapi/6.1\r\nhost: crl.microsoft.com\r\n\r\n"
727.  
728.  
729.  
730.  
731. "Description": "Likely Malicious Office Document DL/Write EXE to disk",
732. "Details":
733.  
734. "office_dl_write_exe": "winword.exe_URLDownloadToFileW_c:\\users\\user\\appdata\\local\\temp\\dadgk7t.exe"
735.  
736.  
737.  
738.  
739. "Description": "File has been identified by 13 Antiviruses on VirusTotal as malicious",
740. "Details":
741.  
742. "CAT-QuickHeal": "W97M.Downloader.34999"
743.  
744.  
745. "K7AntiVirus": "Trojan ( 00536d111 )"
746.  
747.  
748. "K7GW": "Trojan ( 00536d111 )"
749.  
750.  
751. "Arcabit": "HEUR.VBA.Trojan.d"
752.  
753.  
754. "Symantec": "ISB.Downloader!gen255"
755.  
756.  
757. "ESET-NOD32": "VBA/TrojanDownloader.Agent.OPT"
758.  
759.  
760. "McAfee-GW-Edition": "BehavesLike.Downloader.cl"
761.  
762.  
763. "SentinelOne": "DFI - Malicious OLE"
764.  
765.  
766. "Jiangmin": "Trojan.MSOffice.SAgent.a"
767.  
768.  
769. "TACHYON": "Suspicious/W97M.Obfus.Gen.1"
770.  
771.  
772. "Rising": "Downloader.Agent/VBA!1.BA26 (CLASSIC)"
773.  
774.  
775. "Fortinet": "VBA/Agent.A81D!tr.dldr"
776.  
777.  
778. "Qihoo-360": "virus.office.obfuscated.1"
779.  
780.  
781.  
782.  
783. "Description": "The office file has a macro.",
784. "Details":
785.  
786. "content": "The file appears to have no content."
787.  
788.  
789.  
790.  
791.  
792. * Started Service:
793. "osppsvc"
794.  
795.  
796. * Mutexes:
797. "Local\\2BF388D5-6F8C-40A0-A7EE-996D005C4E14_Office15",
798. "Global\\MTX_MSO_Formal1_S-1-5-21-0000000000-0000000000-0000000000-1000",
799. "Global\\MTX_MSO_AdHoc1_S-1-5-21-0000000000-0000000000-0000000000-1000",
800. "5CAC3FAB-87F0-4750-984D-D50144543427-VER15",
801. "CicLoadWinStaWinSta0",
802. "Local\\MSCTF.CtfMonitorInstMutexDefault1",
803. "Global\\552FFA80-3393-423d-8671-7BA046BB5906",
804. "Global\\MsoShellExtRegAccess_S-1-5-21-0000000000-0000000000-0000000000-1000",
805. "Local\\F99C425F-9135-43ed-BD7D-396DE488DC53"
806.  
807.  
808. * Modified Files:
809. "C:\\Users\\user\\AppData\\Local\\Temp\\Docs_2f74e1ab0f88c625f6e3fd38f78c80dd.doc",
810. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF7DCA2C51557E431D.TMP",
811. "C:\\Users\\user\\AppData\\Local\\Temp\\~$cs_2f74e1ab0f88c625f6e3fd38f78c80dd.doc",
812. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\15.0\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=10",
813. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRSE9119D30-FF47-47DA-86DA-5DE76F0DFBC7.tmp",
814. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS3D379026-20FD-41C7-BE13-40A223A6D011.tmp",
815. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRF13B9B9A7-680B-42F3-9CF0-8045D71CA6C5.tmp",
816. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
817. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
818. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
819. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
820. "C:\\Users\\user\\AppData\\Local\\Temp\\CabB2B3.tmp",
821. "C:\\Users\\user\\AppData\\Local\\Temp\\TarB2B4.tmp",
822. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC",
823. "C:\\Users\\user\\AppData\\Local\\Temp\\cabD9A6.tmp",
824. "C:\\Users\\user\\AppData\\Local\\Temp\\cabD9D6.tmp",
825. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDA07.tmp",
826. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDA06.tmp",
827. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDA17.tmp",
828. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDBDD.tmp",
829. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDBEE.tmp",
830. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDC1F.tmp",
831. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDC0E.tmp",
832. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDC31.tmp",
833. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDC41.tmp",
834. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDC53.tmp",
835. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDC30.tmp",
836. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDC42.tmp",
837. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDCB5.tmp",
838. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDCA4.tmp",
839. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDCB6.tmp",
840. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDC54.tmp",
841. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDCE5.tmp",
842. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDC55.tmp",
843. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDD26.tmp",
844. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDD27.tmp",
845. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDD25.tmp",
846. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDD66.tmp",
847. "C:\\Users\\user\\AppData\\Local\\Temp\\CabDEFE.tmp",
848. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDF5D.tmp",
849. "C:\\Users\\user\\AppData\\Local\\Temp\\TarDEFF.tmp",
850. "C:\\Users\\user\\AppData\\Local\\Temp\\CabDFAD.tmp",
851. "C:\\Users\\user\\AppData\\Local\\Temp\\TarDFBD.tmp",
852. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDFDD.tmp",
853. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD",
854. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76",
855. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD",
856. "C:\\Users\\user\\AppData\\Local\\Temp\\cabE0D8.tmp",
857. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21",
858. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21",
859. "C:\\Users\\user\\AppData\\Local\\Temp\\cabE176.tmp",
860. "C:\\Users\\user\\AppData\\Local\\Temp\\CabE1D4.tmp",
861. "C:\\Users\\user\\AppData\\Local\\Temp\\TarE1D5.tmp",
862. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE246.tmp\\harvardanglia2008officeonline.xsl",
863. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE244.tmp\\rings.glox",
864. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE245.tmp\\chicago.xsl",
865. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE295.tmp\\mlaseventheditionofficeonline.xsl",
866. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE2C5.tmp\\pictureorgchart.glox",
867. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE304.tmp\\BracketList.glox",
868. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE244.tmp\\Content.inf",
869. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE304.tmp\\Content.inf",
870. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE295.tmp\\Content.inf",
871. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE305.tmp\\PictureFrame.glox",
872. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE365.tmp\\gb.xsl",
873. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE245.tmp\\Content.inf",
874. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE246.tmp\\Content.inf",
875. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE386.tmp\\ThemePictureGrid.glox",
876. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE305.tmp\\Content.inf",
877. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE364.tmp\\gostname.xsl",
878. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE366.tmp\\gosttitle.xsl",
879. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE417.tmp\\VaryingWidthList.glox",
880. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE386.tmp\\Content.inf",
881. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE3B7.tmp\\RadialPictureList.glox",
882. "C:\\Users\\user\\AppData\\Local\\Temp\\cabE495.tmp",
883. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE3A7.tmp\\turabian.xsl",
884. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE417.tmp\\Content.inf",
885. "C:\\Users\\user\\AppData\\Local\\Temp\\CabE505.tmp",
886. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE3D7.tmp\\CircleProcess.glox",
887. "C:\\Users\\user\\AppData\\Local\\Temp\\CabE4E4.tmp",
888. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE366.tmp\\Content.inf",
889. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE3B7.tmp\\Content.inf",
890. "C:\\Users\\user\\AppData\\Local\\Temp\\CabE517.tmp",
891. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE3D7.tmp\\Content.inf",
892. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE365.tmp\\Content.inf",
893. "C:\\Users\\user\\AppData\\Local\\Temp\\TarE518.tmp",
894. "C:\\Users\\user\\AppData\\Local\\Temp\\cabE558.tmp",
895. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE364.tmp\\Content.inf",
896. "C:\\Users\\user\\AppData\\Local\\Temp\\TarE538.tmp",
897. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE506.tmp\\Element design set.dotx",
898. "C:\\Users\\user\\AppData\\Local\\Temp\\TarE4F5.tmp",
899. "C:\\Users\\user\\AppData\\Local\\Temp\\CabE626.tmp",
900. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE569.tmp\\Equations.dotx",
901. "C:\\Users\\user\\AppData\\Local\\Temp\\cabE666.tmp",
902. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE3A7.tmp\\Content.inf",
903. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE506.tmp\\Content.inf",
904. "C:\\Users\\user\\AppData\\Local\\Temp\\TarE646.tmp",
905. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE569.tmp\\Content.inf",
906. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328935fn=Picture Organization Chart.glox",
907. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328998fn=Rings.glox",
908. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE6E5.tmp\\TabList.glox",
909. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328893fn=BracketList.glox",
910. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE6D4.tmp\\ThemePictureAccent.glox",
911. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851225fn=mlaseventheditionofficeonline.xsl",
912. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE6E5.tmp\\Content.inf",
913. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328990fn=Varying Width List.glox",
914. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE6D4.tmp\\Content.inf",
915. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851219fn=gostname.xsl",
916. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851217fn=chicago.xsl",
917. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328908fn=Circle Process.glox",
918. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851221fn=harvardanglia2008officeonline.xsl",
919. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328940fn=Radial Picture List.glox",
920. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328986fn=Theme Picture Grid.glox",
921. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE93A.tmp\\InterconnectedBlockProcess.glox",
922. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE8DB.tmp\\sist02.xsl",
923. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE93A.tmp\\Content.inf",
924. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE81F.tmp\\chevronaccent.glox",
925. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851220fn=gosttitle.xsl",
926. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851218fn=gb.xsl",
927. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE8DB.tmp\\Content.inf",
928. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE81F.tmp\\Content.inf",
929. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Building Blocks\\1033\\TM03998158fn=Element.dotx",
930. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE9A9.tmp\\HexagonRadial.glox",
931. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEA28.tmp",
932. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE9A9.tmp\\Content.inf",
933. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328932fn=Picture Frame.glox",
934. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEA08.tmp\\architecture.glox",
935. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE989.tmp\\APASixthEditionOfficeOnline.xsl",
936. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328972fn=Tab List.glox",
937. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEA08.tmp\\Content.inf",
938. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851226fn=turabian.xsl",
939. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEB06.tmp",
940. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEAA6.tmp\\iso690.xsl",
941. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328975fn=Theme Picture Accent.glox",
942. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEAB7.tmp\\Text Sidebar (Annual Report Red and Black design).docx",
943. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEB56.tmp",
944. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEB36.tmp\\ieee2006officeonline.xsl",
945. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEAB7.tmp\\Content.inf",
946. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE989.tmp\\Content.inf",
947. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEB96.tmp\\Basis.thmx",
948. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328925fn=Interconnected Block Process.glox",
949. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEAA6.tmp\\Content.inf",
950. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEB36.tmp\\Content.inf",
951. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328884fn=architecture.glox",
952. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Building Blocks\\1033\\TM01840907fn=Equations.dotx",
953. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEB96.tmp\\content.inf",
954. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851227fn=sist02.xsl",
955. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328905fn=Chevron Accent.glox",
956. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851216fn=apasixtheditionofficeonline.xsl",
957. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Building Blocks\\1033\\TM02835233fn=Text Sidebar (Annual Report Red and Black design).docx",
958. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851222fn=ieee2006officeonline.xsl",
959. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDED9A.tmp\\content.inf",
960. "C:\\Users\\user\\AppData\\Local\\Temp\\CabEE18.tmp",
961. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457444fn=Basis.thmx",
962. "C:\\Users\\user\\AppData\\Local\\Temp\\TarEE19.tmp",
963. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDED9A.tmp\\Metropolitan.thmx",
964. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEE78.tmp\\Banded.thmx",
965. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328919fn=Hexagon Radial.glox",
966. "C:\\Users\\user\\AppData\\Local\\Temp\\CabEEB8.tmp",
967. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEE89.tmp\\content.inf",
968. "C:\\Users\\user\\AppData\\Local\\Temp\\TarEEB9.tmp",
969. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEE78.tmp\\content.inf",
970. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEE89.tmp\\View.thmx",
971. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851223fn=iso690.xsl",
972. "C:\\Users\\user\\AppData\\Local\\Temp\\CabEF76.tmp",
973. "C:\\Users\\user\\AppData\\Local\\Temp\\TarEF77.tmp",
974. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEF88.tmp\\content.inf",
975. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEF88.tmp\\Dividend.thmx",
976. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457491fn=Metropolitan.thmx",
977. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03090430fn=Banded.thmx",
978. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEFF6.tmp\\content.inf",
979. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEFF6.tmp\\Frame.thmx",
980. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457515fn=View.thmx",
981. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457475fn=Frame.thmx",
982. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457464fn=Dividend.thmx",
983. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF110.tmp",
984. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF15F.tmp\\Berlin.thmx",
985. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF15F.tmp\\content.inf",
986. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033917fn=Berlin.thmx",
987. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF42F.tmp",
988. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF46F.tmp",
989. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF48F.tmp\\content.inf",
990. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF48F.tmp\\Quotable.thmx",
991. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF4DE.tmp",
992. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF51D.tmp\\content.inf",
993. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF51D.tmp\\Parallax.thmx",
994. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457503fn=Quotable.thmx",
995. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457496fn=Parallax.thmx",
996. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF667.tmp\\content.inf",
997. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF667.tmp\\Wood_Type.thmx",
998. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03090434fn=Wood Type.thmx",
999. "C:\\Users\\user\\AppData\\Local\\Temp\\cabFCFF.tmp",
1000. "C:\\Users\\user\\AppData\\Local\\Temp\\cabFD1F.tmp",
1001. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFDCC.tmp\\Circuit.thmx",
1002. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFDEC.tmp\\content.inf",
1003. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFDEC.tmp\\Droplet.thmx",
1004. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFDCC.tmp\\content.inf",
1005. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033919fn=Circuit.thmx",
1006. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033925fn=Droplet.thmx",
1007. "C:\\Users\\user\\AppData\\Local\\Temp\\cabFF36.tmp",
1008. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF94.tmp\\content.inf",
1009. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF94.tmp\\Savon.thmx",
1010. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457510fn=Savon.thmx",
1011. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3CB.tmp",
1012. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD449.tmp\\content.inf",
1013. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD449.tmp\\Damask.thmx",
1014. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033921fn=Damask.thmx",
1015. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD594.tmp\\content.inf",
1016. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD594.tmp\\Slate.thmx",
1017. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033929fn=Slate.thmx",
1018. "C:\\Users\\user\\AppData\\Local\\Temp\\cabAB5.tmp",
1019. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDB52.tmp\\content.inf",
1020. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDB52.tmp\\Main_Event.thmx",
1021. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033927fn=Main Event.thmx",
1022. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\~$Normal.dotm",
1023. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRSC0214415-40FC-4E76-84A3-18BB32614D19.tmp",
1024. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEDE.tmp",
1025. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF8A.tmp\\content.inf",
1026. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF8A.tmp\\Mesh.thmx",
1027. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457485fn=Mesh.thmx"
1028.  
1029.  
1030. * Deleted Files:
1031. "C:\\Users\\user\\AppData\\Local\\Temp\\CabB2B3.tmp",
1032. "C:\\Users\\user\\AppData\\Local\\Temp\\TarB2B4.tmp",
1033. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Schemas\\MS Word_restart.xml",
1034. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\",
1035. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM04033937fn=Vapor Trail.eftx",
1036. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM10001103fn=Headlines.eftx",
1037. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM10001103fn=Headlines.xml",
1038. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM04033937fn=Vapor Trail.xml",
1039. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM10001106fn=Badge.eftx",
1040. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM10001104fn=Feathered.eftx",
1041. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM04033937fn=Vapor Trail.xml",
1042. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM10001103fn=Headlines.xml",
1043. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM10001106fn=Badge.xml",
1044. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM10001106fn=Badge.xml",
1045. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM10001104fn=Feathered.xml",
1046. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM10001104fn=Feathered.xml",
1047. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM10001105fn=Crop.eftx",
1048. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM10001105fn=Crop.xml",
1049. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM10001105fn=Crop.xml",
1050. "C:\\Users\\user\\AppData\\Local\\Temp\\CabDEFE.tmp",
1051. "C:\\Users\\user\\AppData\\Local\\Temp\\TarDEFF.tmp",
1052. "C:\\Users\\user\\AppData\\Local\\Temp\\CabDFAD.tmp",
1053. "C:\\Users\\user\\AppData\\Local\\Temp\\TarDFBD.tmp",
1054. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE246.tmp",
1055. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE244.tmp",
1056. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE245.tmp",
1057. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE295.tmp",
1058. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE2C5.tmp",
1059. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE304.tmp",
1060. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE305.tmp",
1061. "C:\\Users\\user\\AppData\\Local\\Temp\\CabE1D4.tmp",
1062. "C:\\Users\\user\\AppData\\Local\\Temp\\TarE1D5.tmp",
1063. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE366.tmp",
1064. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE364.tmp",
1065. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE365.tmp",
1066. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE386.tmp",
1067. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE3A7.tmp",
1068. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE3B7.tmp",
1069. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE3D7.tmp",
1070. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE417.tmp",
1071. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE506.tmp",
1072. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE569.tmp",
1073. "C:\\Users\\user\\AppData\\Local\\Temp\\CabE505.tmp",
1074. "C:\\Users\\user\\AppData\\Local\\Temp\\TarE518.tmp",
1075. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE6D4.tmp",
1076. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE6E5.tmp",
1077. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE2C5.tmp\\pictureorgchart.glox",
1078. "C:\\Users\\user\\AppData\\Local\\Temp\\CabE4E4.tmp",
1079. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE244.tmp\\rings.glox",
1080. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDC1F.tmp",
1081. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDBDD.tmp",
1082. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE304.tmp\\BracketList.glox",
1083. "C:\\Users\\user\\AppData\\Local\\Temp\\TarE4F5.tmp",
1084. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDCA4.tmp",
1085. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE295.tmp\\mlaseventheditionofficeonline.xsl",
1086. "C:\\Users\\user\\AppData\\Local\\Temp\\CabE517.tmp",
1087. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDD27.tmp",
1088. "C:\\Users\\user\\AppData\\Local\\Temp\\TarE538.tmp",
1089. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE417.tmp\\VaryingWidthList.glox",
1090. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDC54.tmp",
1091. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE81F.tmp",
1092. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE364.tmp\\gostname.xsl",
1093. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE245.tmp\\chicago.xsl",
1094. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE3D7.tmp\\CircleProcess.glox",
1095. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE246.tmp\\harvardanglia2008officeonline.xsl",
1096. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE3B7.tmp\\RadialPictureList.glox",
1097. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDA17.tmp",
1098. "C:\\Users\\user\\AppData\\Local\\Temp\\cabE0D8.tmp",
1099. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE8DB.tmp",
1100. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDA06.tmp",
1101. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDBEE.tmp",
1102. "C:\\Users\\user\\AppData\\Local\\Temp\\CabE626.tmp",
1103. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE386.tmp\\ThemePictureGrid.glox",
1104. "C:\\Users\\user\\AppData\\Local\\Temp\\TarE646.tmp",
1105. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE93A.tmp",
1106. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDF5D.tmp",
1107. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDC31.tmp",
1108. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE366.tmp\\gosttitle.xsl",
1109. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE365.tmp\\gb.xsl",
1110. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE989.tmp",
1111. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDCE5.tmp",
1112. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE9A9.tmp",
1113. "C:\\Users\\user\\AppData\\Local\\Temp\\cabD9D6.tmp",
1114. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEA08.tmp",
1115. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE506.tmp\\Element design set.dotx",
1116. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDFDD.tmp",
1117. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE305.tmp\\PictureFrame.glox",
1118. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDD25.tmp",
1119. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE6E5.tmp\\TabList.glox",
1120. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDC0E.tmp",
1121. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEAB7.tmp",
1122. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEAA6.tmp",
1123. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE3A7.tmp\\turabian.xsl",
1124. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDCB6.tmp",
1125. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE6D4.tmp\\ThemePictureAccent.glox",
1126. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEB36.tmp",
1127. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDC41.tmp",
1128. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEB96.tmp",
1129. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE93A.tmp\\InterconnectedBlockProcess.glox",
1130. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDC42.tmp",
1131. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEA08.tmp\\architecture.glox",
1132. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE569.tmp\\Equations.dotx",
1133. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDC53.tmp",
1134. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDA07.tmp",
1135. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE8DB.tmp\\sist02.xsl",
1136. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDC30.tmp",
1137. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE81F.tmp\\chevronaccent.glox",
1138. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDED9A.tmp",
1139. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE989.tmp\\APASixthEditionOfficeOnline.xsl",
1140. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDD26.tmp",
1141. "C:\\Users\\user\\AppData\\Local\\Temp\\cabD9A6.tmp",
1142. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEAB7.tmp\\Text Sidebar (Annual Report Red and Black design).docx",
1143. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEB36.tmp\\ieee2006officeonline.xsl",
1144. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDC55.tmp",
1145. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDCB5.tmp",
1146. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEB96.tmp\\Basis.thmx",
1147. "C:\\Users\\user\\AppData\\Local\\Temp\\cabE666.tmp",
1148. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEE78.tmp",
1149. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEE89.tmp",
1150. "C:\\Users\\user\\AppData\\Local\\Temp\\CabEE18.tmp",
1151. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE9A9.tmp\\HexagonRadial.glox",
1152. "C:\\Users\\user\\AppData\\Local\\Temp\\TarEE19.tmp",
1153. "C:\\Users\\user\\AppData\\Local\\Temp\\cabE176.tmp",
1154. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEAA6.tmp\\iso690.xsl",
1155. "C:\\Users\\user\\AppData\\Local\\Temp\\cabDD66.tmp",
1156. "C:\\Users\\user\\AppData\\Local\\Temp\\CabEEB8.tmp",
1157. "C:\\Users\\user\\AppData\\Local\\Temp\\TarEEB9.tmp",
1158. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEF88.tmp",
1159. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDED9A.tmp\\Metropolitan.thmx",
1160. "C:\\Users\\user\\AppData\\Local\\Temp\\cabE495.tmp",
1161. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEE78.tmp\\Banded.thmx",
1162. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEA28.tmp",
1163. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEE89.tmp\\View.thmx",
1164. "C:\\Users\\user\\AppData\\Local\\Temp\\cabE558.tmp",
1165. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEFF6.tmp\\Frame.thmx",
1166. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDEF88.tmp\\Dividend.thmx",
1167. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEB06.tmp",
1168. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEB56.tmp",
1169. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF15F.tmp",
1170. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF15F.tmp\\Berlin.thmx",
1171. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF110.tmp",
1172. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF48F.tmp",
1173. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF51D.tmp",
1174. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF48F.tmp\\Quotable.thmx",
1175. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF42F.tmp",
1176. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF51D.tmp\\Parallax.thmx",
1177. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF46F.tmp",
1178. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF667.tmp",
1179. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF667.tmp\\Wood_Type.thmx",
1180. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF4DE.tmp",
1181. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFDCC.tmp",
1182. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFDEC.tmp",
1183. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFDCC.tmp\\Circuit.thmx",
1184. "C:\\Users\\user\\AppData\\Local\\Temp\\cabFCFF.tmp",
1185. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFDEC.tmp\\Droplet.thmx",
1186. "C:\\Users\\user\\AppData\\Local\\Temp\\cabFD1F.tmp",
1187. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF94.tmp",
1188. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF94.tmp\\Savon.thmx",
1189. "C:\\Users\\user\\AppData\\Local\\Temp\\cabFF36.tmp",
1190. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD449.tmp",
1191. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD449.tmp\\Damask.thmx",
1192. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3CB.tmp",
1193. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD594.tmp",
1194. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD594.tmp\\Slate.thmx",
1195. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4C7.tmp",
1196. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDB52.tmp",
1197. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDB52.tmp\\Main_Event.thmx",
1198. "C:\\Users\\user\\AppData\\Local\\Temp\\cabAB5.tmp",
1199. "C:\\Users\\user\\AppData\\Local\\Temp\\~$cs_2f74e1ab0f88c625f6e3fd38f78c80dd.doc",
1200. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRSE9119D30-FF47-47DA-86DA-5DE76F0DFBC7.tmp",
1201. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\~$Normal.dotm",
1202. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRSC0214415-40FC-4E76-84A3-18BB32614D19.tmp",
1203. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS3D379026-20FD-41C7-BE13-40A223A6D011.tmp",
1204. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF8A.tmp",
1205. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF8A.tmp\\Mesh.thmx",
1206. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEDE.tmp",
1207. "C:\\Users\\user\\AppData\\Local\\Temp\\CVR9EBD.tmp.cvr",
1208. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRF13B9B9A7-680B-42F3-9CF0-8045D71CA6C5.tmp"
1209.  
1210.  
1211. * Modified Registry Keys:
1212. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\-%`",
1213. "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\LanguageList",
1214. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\VBAFiles",
1215. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache",
1216. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\RemoteClearDate",
1217. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1",
1218. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\Last",
1219. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0",
1220. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\FilePath",
1221. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\StartDate",
1222. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\EndDate",
1223. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\Properties",
1224. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\Url",
1225. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\LastClean",
1226. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle",
1227. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle\\ReviewToken",
1228. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
1229. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
1230. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery",
1231. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\3D8654",
1232. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\3D8654\\3D8654",
1233. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Common\\Cloud Storage",
1234. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ForceCacheRefresh",
1235. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OnceSucceeded",
1236. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
1237. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate",
1238. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT",
1239. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Capabilities",
1240. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ConnectMechanism",
1241. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsManaged",
1242. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsRemovable",
1243. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceOwner",
1244. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SortOrder",
1245. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SupportsMultiple",
1246. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\CapabilitiesMetadata",
1247. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Description",
1248. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Name",
1249. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceId",
1250. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceUrl",
1251. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata",
1252. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\KeyTip",
1253. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\Type",
1254. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails",
1255. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url16x16",
1256. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url32x32",
1257. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url48x48",
1258. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP",
1259. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Capabilities",
1260. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ConnectMechanism",
1261. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsManaged",
1262. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsRemovable",
1263. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceOwner",
1264. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SortOrder",
1265. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SupportsMultiple",
1266. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\CapabilitiesMetadata",
1267. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Description",
1268. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Name",
1269. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceId",
1270. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceUrl",
1271. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata",
1272. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\KeyTip",
1273. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\Type",
1274. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails",
1275. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
1276. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
1277. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
1278. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT",
1279. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Capabilities",
1280. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ConnectMechanism",
1281. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsManaged",
1282. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsRemovable",
1283. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceOwner",
1284. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SortOrder",
1285. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SupportsMultiple",
1286. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\CapabilitiesMetadata",
1287. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Description",
1288. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Name",
1289. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceId",
1290. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceUrl",
1291. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata",
1292. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\KeyTip",
1293. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\Type",
1294. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails",
1295. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url16x16",
1296. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url32x32",
1297. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url48x48",
1298. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP",
1299. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Capabilities",
1300. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ConnectMechanism",
1301. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsManaged",
1302. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsRemovable",
1303. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceOwner",
1304. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SortOrder",
1305. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SupportsMultiple",
1306. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\CapabilitiesMetadata",
1307. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Description",
1308. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Name",
1309. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceId",
1310. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceUrl",
1311. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata",
1312. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\KeyTip",
1313. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\Type",
1314. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails",
1315. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
1316. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
1317. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
1318. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED",
1319. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Capabilities",
1320. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ConnectMechanism",
1321. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsManaged",
1322. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsRemovable",
1323. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceOwner",
1324. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SortOrder",
1325. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SupportsMultiple",
1326. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\CapabilitiesMetadata",
1327. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Description",
1328. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Name",
1329. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceId",
1330. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceUrl",
1331. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata",
1332. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\KeyTip",
1333. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\Type",
1334. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT",
1335. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Capabilities",
1336. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ConnectMechanism",
1337. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsManaged",
1338. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsRemovable",
1339. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceOwner",
1340. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SortOrder",
1341. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SupportsMultiple",
1342. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\CapabilitiesMetadata",
1343. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Description",
1344. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Name",
1345. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceId",
1346. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceUrl",
1347. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata",
1348. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\DefaultFolderRelativePath",
1349. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\KeyTip",
1350. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\Type",
1351. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails",
1352. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url16x16",
1353. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url32x32",
1354. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url48x48",
1355. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP",
1356. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Capabilities",
1357. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ConnectMechanism",
1358. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsManaged",
1359. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsRemovable",
1360. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceOwner",
1361. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SortOrder",
1362. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SupportsMultiple",
1363. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\CapabilitiesMetadata",
1364. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Description",
1365. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Name",
1366. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceId",
1367. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceUrl",
1368. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata",
1369. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\KeyTip",
1370. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\Type",
1371. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails",
1372. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
1373. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
1374. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
1375. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER",
1376. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Capabilities",
1377. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ConnectMechanism",
1378. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsManaged",
1379. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsRemovable",
1380. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceOwner",
1381. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SortOrder",
1382. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SupportsMultiple",
1383. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\CapabilitiesMetadata",
1384. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Description",
1385. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Name",
1386. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceId",
1387. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceUrl",
1388. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata",
1389. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\HideIfEmpty",
1390. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\KeyTip",
1391. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\Type",
1392. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails",
1393. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url16x16",
1394. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url32x32",
1395. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url48x48",
1396. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE",
1397. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Capabilities",
1398. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ConnectMechanism",
1399. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsManaged",
1400. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsRemovable",
1401. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceOwner",
1402. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SortOrder",
1403. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SupportsMultiple",
1404. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\CapabilitiesMetadata",
1405. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Description",
1406. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Name",
1407. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceId",
1408. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceUrl",
1409. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata",
1410. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
1411. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
1412. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\KeyTip",
1413. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\RegularExpression",
1414. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\Type",
1415. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails",
1416. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url16x16",
1417. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url32x32",
1418. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url48x48",
1419. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT",
1420. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Capabilities",
1421. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ConnectMechanism",
1422. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsManaged",
1423. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsRemovable",
1424. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceOwner",
1425. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SortOrder",
1426. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SupportsMultiple",
1427. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Description",
1428. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Name",
1429. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceId",
1430. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceUrl",
1431. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails",
1432. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url16x16",
1433. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url32x32",
1434. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url48x48",
1435. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE",
1436. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Capabilities",
1437. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ConnectMechanism",
1438. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsManaged",
1439. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsRemovable",
1440. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceOwner",
1441. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SortOrder",
1442. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SupportsMultiple",
1443. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Description",
1444. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Name",
1445. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceId",
1446. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceUrl",
1447. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails",
1448. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url16x16",
1449. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url32x32",
1450. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url48x48",
1451. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE",
1452. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Capabilities",
1453. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ConnectMechanism",
1454. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsManaged",
1455. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsRemovable",
1456. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceOwner",
1457. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SortOrder",
1458. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SupportsMultiple",
1459. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\CapabilitiesMetadata",
1460. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Description",
1461. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Name",
1462. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceId",
1463. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceUrl",
1464. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata",
1465. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
1466. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
1467. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\KeyTip",
1468. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\RegularExpression",
1469. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\Type",
1470. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails",
1471. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url16x16",
1472. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url32x32",
1473. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url48x48",
1474. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingConfigurableSettings",
1475. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastSyncTime",
1476. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastWriteTime",
1477. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\OUTLOOKFiles",
1478. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\General\\LastAutoSavePurgeTime",
1479. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109F100A0C00000000000F01FEC\\Usage\\SpellingAndGrammarFiles_3082",
1480. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109F100C0400000000000F01FEC\\Usage\\SpellingAndGrammarFiles_1036",
1481. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109F10090400000000000F01FEC\\Usage\\SpellingAndGrammarFiles_1033",
1482. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Licensing\\09D07EFC505F4D9CBFD5ACE3217F6654",
1483. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\ProductFiles",
1484. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Security\\Trusted Documents\\LastPurgeTime",
1485. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03090434",
1486. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457503",
1487. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033917",
1488. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457510",
1489. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001105",
1490. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033919",
1491. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457464",
1492. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457475",
1493. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033925",
1494. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033927",
1495. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457485",
1496. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033937",
1497. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001106",
1498. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033921",
1499. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457444",
1500. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03090430",
1501. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457515",
1502. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457496",
1503. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033929",
1504. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457491",
1505. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001103",
1506. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001104",
1507. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328935",
1508. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328972",
1509. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328990",
1510. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328951",
1511. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328986",
1512. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328975",
1513. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328998",
1514. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328983",
1515. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328932",
1516. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328908",
1517. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328884",
1518. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328940",
1519. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328925",
1520. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328919",
1521. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328916",
1522. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM02835233",
1523. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM01840907",
1524. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851221",
1525. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851217",
1526. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851224",
1527. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851223",
1528. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851226",
1529. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851225",
1530. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851227",
1531. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851220",
1532. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851219",
1533. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851216",
1534. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851222",
1535. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851218",
1536. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM03998159",
1537. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM03998158",
1538. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328905",
1539. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328893",
1540. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Arial Unicode MS",
1541. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Batang",
1542. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@BatangChe",
1543. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@DFKai-SB",
1544. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Dotum",
1545. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@DotumChe",
1546. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@FangSong",
1547. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Gulim",
1548. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@GulimChe",
1549. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Gungsuh",
1550. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@GungsuhChe",
1551. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@KaiTi",
1552. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Malgun Gothic",
1553. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Meiryo",
1554. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Meiryo UI",
1555. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft JhengHei",
1556. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft JhengHei UI",
1557. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft YaHei",
1558. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft YaHei UI",
1559. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU",
1560. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU_HKSCS",
1561. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU_HKSCS-ExtB",
1562. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU-ExtB",
1563. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS Gothic",
1564. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS Mincho",
1565. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS PGothic",
1566. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS PMincho",
1567. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS UI Gothic",
1568. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@NSimSun",
1569. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@PMingLiU",
1570. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@PMingLiU-ExtB",
1571. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@SimHei",
1572. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@SimSun",
1573. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@SimSun-ExtB",
1574. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Agency FB",
1575. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Aharoni",
1576. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Algerian",
1577. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Andalus",
1578. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Angsana New",
1579. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\AngsanaUPC",
1580. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Aparajita",
1581. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arabic Typesetting",
1582. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial",
1583. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Black",
1584. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Narrow",
1585. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Rounded MT Bold",
1586. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Unicode MS",
1587. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Baskerville Old Face",
1588. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Batang",
1589. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\BatangChe",
1590. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bauhaus 93",
1591. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bell MT",
1592. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Berlin Sans FB",
1593. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Berlin Sans FB Demi",
1594. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bernard MT Condensed",
1595. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Blackadder ITC",
1596. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT",
1597. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT Black",
1598. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT Condensed",
1599. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT Poster Compressed",
1600. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Book Antiqua",
1601. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bookman Old Style",
1602. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bookshelf Symbol 7",
1603. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bradley Hand ITC",
1604. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Britannic Bold",
1605. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Broadway",
1606. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Browallia New",
1607. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\BrowalliaUPC",
1608. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Brush Script MT",
1609. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Calibri",
1610. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Calibri Light",
1611. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Californian FB",
1612. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Calisto MT",
1613. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cambria",
1614. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cambria Math",
1615. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Candara",
1616. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Castellar",
1617. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Centaur",
1618. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Century",
1619. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Century Gothic",
1620. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Century Schoolbook",
1621. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Chiller",
1622. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Colonna MT",
1623. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Comic Sans MS",
1624. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Consolas",
1625. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Constantia",
1626. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cooper Black",
1627. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Copperplate Gothic Bold",
1628. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Copperplate Gothic Light",
1629. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Corbel",
1630. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cordia New",
1631. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\CordiaUPC",
1632. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Courier New",
1633. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Curlz MT",
1634. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DaunPenh",
1635. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\David",
1636. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DFKai-SB",
1637. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DilleniaUPC",
1638. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DokChampa",
1639. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Dotum",
1640. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DotumChe",
1641. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Ebrima",
1642. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Edwardian Script ITC",
1643. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Elephant",
1644. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Engravers MT",
1645. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Bold ITC",
1646. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Demi ITC",
1647. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Light ITC",
1648. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Medium ITC",
1649. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Estrangelo Edessa",
1650. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\EucrosiaUPC",
1651. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Euphemia",
1652. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\FangSong",
1653. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Felix Titling",
1654. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Footlight MT Light",
1655. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Forte",
1656. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Book",
1657. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Demi",
1658. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Demi Cond",
1659. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Heavy",
1660. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Medium",
1661. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Medium Cond",
1662. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\FrankRuehl",
1663. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\FreesiaUPC",
1664. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Freestyle Script",
1665. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\French Script MT",
1666. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gabriola",
1667. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gadugi",
1668. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Garamond",
1669. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gautami",
1670. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Georgia",
1671. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gigi",
1672. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans MT",
1673. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans MT Condensed",
1674. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans MT Ext Condensed Bold",
1675. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans Ultra Bold",
1676. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans Ultra Bold Condensed",
1677. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gisha",
1678. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gloucester MT Extra Condensed",
1679. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Goudy Old Style",
1680. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Goudy Stout",
1681. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gulim",
1682. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\GulimChe",
1683. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gungsuh",
1684. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\GungsuhChe",
1685. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Haettenschweiler",
1686. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Harlow Solid Italic",
1687. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Harrington",
1688. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\High Tower Text",
1689. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Impact",
1690. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Imprint MT Shadow",
1691. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Informal Roman",
1692. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\IrisUPC",
1693. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Iskoola Pota",
1694. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\JasmineUPC",
1695. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Jokerman",
1696. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Juice ITC",
1697. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\KaiTi",
1698. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kalinga",
1699. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kartika",
1700. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Khmer UI",
1701. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\KodchiangUPC",
1702. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kokila",
1703. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kristen ITC",
1704. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kunstler Script",
1705. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lao UI",
1706. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Latha",
1707. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Leelawadee",
1708. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Levenim MT",
1709. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\LilyUPC",
1710. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Bright",
1711. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Calligraphy",
1712. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Console",
1713. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Fax",
1714. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Handwriting",
1715. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Sans",
1716. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Sans Typewriter",
1717. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Sans Unicode",
1718. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Magneto",
1719. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Maiandra GD",
1720. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Malgun Gothic",
1721. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Mangal",
1722. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Marlett",
1723. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Matura MT Script Capitals",
1724. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Meiryo",
1725. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Meiryo UI",
1726. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Himalaya",
1727. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft JhengHei",
1728. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft JhengHei UI",
1729. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft New Tai Lue",
1730. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft PhagsPa",
1731. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Sans Serif",
1732. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Tai Le",
1733. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Uighur",
1734. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft YaHei",
1735. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft YaHei UI",
1736. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Yi Baiti",
1737. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU",
1738. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU_HKSCS",
1739. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU_HKSCS-ExtB",
1740. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU-ExtB",
1741. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Miriam",
1742. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Miriam Fixed",
1743. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Mistral",
1744. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Modern No. 20",
1745. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Mongolian Baiti",
1746. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Monotype Corsiva",
1747. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MoolBoran",
1748. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Gothic",
1749. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Mincho",
1750. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Outlook",
1751. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS PGothic",
1752. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS PMincho",
1753. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Reference Sans Serif",
1754. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Reference Specialty",
1755. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS UI Gothic",
1756. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MT Extra",
1757. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MV Boli",
1758. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Narkisim",
1759. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Niagara Engraved",
1760. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Niagara Solid",
1761. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Nirmala UI",
1762. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\NSimSun",
1763. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Nyala",
1764. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\OCR A Extended",
1765. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Old English Text MT",
1766. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Onyx",
1767. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Palace Script MT",
1768. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Palatino Linotype",
1769. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Papyrus",
1770. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Parchment",
1771. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Perpetua",
1772. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Perpetua Titling MT",
1773. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Plantagenet Cherokee",
1774. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Playbill",
1775. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\PMingLiU",
1776. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\PMingLiU-ExtB",
1777. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Poor Richard",
1778. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Pristina",
1779. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Raavi",
1780. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rage Italic",
1781. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Ravie",
1782. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rockwell",
1783. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rockwell Condensed",
1784. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rockwell Extra Bold",
1785. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rod",
1786. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Sakkal Majalla",
1787. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Script MT Bold",
1788. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe Print",
1789. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe Script",
1790. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI",
1791. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Light",
1792. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Semibold",
1793. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Semilight",
1794. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Symbol",
1795. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Shonar Bangla",
1796. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Showcard Gothic",
1797. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Shruti",
1798. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\SimHei",
1799. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Simplified Arabic",
1800. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Simplified Arabic Fixed",
1801. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\SimSun",
1802. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\SimSun-ExtB",
1803. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Snap ITC",
1804. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Stencil",
1805. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Sylfaen",
1806. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Symbol",
1807. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tahoma",
1808. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tempus Sans ITC",
1809. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Times New Roman",
1810. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Traditional Arabic",
1811. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Trebuchet MS",
1812. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tunga",
1813. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tw Cen MT",
1814. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tw Cen MT Condensed",
1815. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tw Cen MT Condensed Extra Bold",
1816. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Utsaah",
1817. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vani",
1818. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Verdana",
1819. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vijaya",
1820. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Viner Hand ITC",
1821. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vivaldi",
1822. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vladimir Script",
1823. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vrinda",
1824. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Webdings",
1825. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wide Latin",
1826. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wingdings",
1827. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wingdings 2",
1828. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wingdings 3",
1829. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\NextUpdate",
1830. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\LastUpdate",
1831. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\NextUpdate",
1832. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\LastUpdate",
1833. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Toolbars\\Settings\\Microsoft Word",
1834. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations",
1835. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0",
1836. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0\\File Path",
1837. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0\\Datetime",
1838. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0\\Position",
1839. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Data\\Settings",
1840. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Options\\BackgroundOpen",
1841. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\NextUpdate",
1842. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\LastUpdate",
1843. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\MTTF",
1844. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\MTTA",
1845. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Feedback\\AppUsageData_1"
1846.  
1847.  
1848. * Deleted Registry Keys:
1849. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\-%`",
1850. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
1851. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
1852. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
1853. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate",
1854. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\le>",
1855. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851224",
1856. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033937",
1857. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001103",
1858. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001106",
1859. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328951",
1860. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328916",
1861. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001104",
1862. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001105",
1863. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328983",
1864. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\3D8654\\3D8654",
1865. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\MTTT"
1866.  
1867.  
1868. * DNS Communications:
1869.  
1870. "type": "A",
1871. "request": "surprizea.net",
1872. "answers":
1873.  
1874. "data": "51.15.137.172",
1875. "type": "A"
1876.  
1877.  
1878.  
1879.  
1880.  
1881. * Domains:
1882.  
1883. "ip": "51.15.137.172",
1884. "domain": "surprizea.net"
1885.  
1886.  
1887.  
1888. * Network Communication - ICMP:
1889.  
1890. * Network Communication - HTTP:
1891.  
1892. "count": 1,
1893. "body": "",
1894. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
1895. "user-agent": "Microsoft-CryptoAPI/6.1",
1896. "method": "GET",
1897. "host": "ocsp.digicert.com",
1898. "version": "1.1",
1899. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
1900. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
1901. "port": 80
1902.  
1903.  
1904. "count": 1,
1905. "body": "",
1906. "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
1907. "user-agent": "Microsoft-CryptoAPI/6.1",
1908. "method": "GET",
1909. "host": "ocsp.msocsp.com",
1910. "version": "1.1",
1911. "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
1912. "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
1913. "port": 80
1914.  
1915.  
1916. "count": 2,
1917. "body": "",
1918. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
1919. "user-agent": "Microsoft-CryptoAPI/6.1",
1920. "method": "GET",
1921. "host": "crl.microsoft.com",
1922. "version": "1.1",
1923. "path": "/pki/crl/products/microsoftrootcert.crl",
1924. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
1925. "port": 80
1926.  
1927.  
1928. "count": 1,
1929. "body": "",
1930. "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
1931. "user-agent": "Microsoft-CryptoAPI/6.1",
1932. "method": "GET",
1933. "host": "crl.microsoft.com",
1934. "version": "1.1",
1935. "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
1936. "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
1937. "port": 80
1938.  
1939.  
1940.  
1941. * Network Communication - SMTP:
1942.  
1943. * Network Communication - Hosts:
1944.  
1945. * Network Communication - IRC: