API tools faq
paste
Advertisement
paladin316

Docs_89573614c4f99f739ca8b7ff7f4514e8_doc_2019-07-15_22_30.txt

paladin316
Jul 15th, 2019
1,640
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 62.01 KB | None | 0 0
raw download clone embed print report
  1.  
  2. * MalFamily: "TrojanDownloader"
  3.  
  4. * MalScore: 10.0
  5.  
  6. * File Name: "Docs_89573614c4f99f739ca8b7ff7f4514e8.doc"
  7. * File Size: 216064
  8. * File Type: "Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, Code page: 1252, Template: Normal.dotm, Last Saved By: Administrator, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Mon Jul 15 20:13:00 2019, Last Saved Time/Date: Mon Jul 15 20:13:00 2019, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0"
  9. * SHA256: "d32859ada33f04b6ded87f6c09ffe45dee65ad8b4c69c02d5498d80e54ca9920"
  10. * MD5: "89573614c4f99f739ca8b7ff7f4514e8"
  11. * SHA1: "6cd51fff7cbd0cbadaf6b7e2329de34eff57504d"
  12. * SHA512: "baad9ef76cdf5cd4059e4240c96d4cf3c1754a86276168c67aadd5391573c7c9cad15bf4b796ad3fb414b3d552274d4314d25811189267c8990a0e8715cfcc32"
  13. * CRC32: "446AFF02"
  14. * SSDEEP: "3072:VeWVjjswlZaLdScXjjHXy1LiJRvemlHgmQpPBU+7soNg7JXjEOS1hTo6W4dp:VeWVjjswvmgejjq6NDqcV4v"
  15.  
  16. * Process Execution:
  17. "WINWORD.EXE"
  18.  
  19.  
  20. * Executed Commands:
  21.  
  22. * Signatures Detected:
  23.  
  24. "Description": "Attempts to connect to a dead IP:Port (7 unique times)",
  25. "Details":
  26.  
  27. "IP": "52.109.16.5:443"
  28.  
  29.  
  30. "IP": "52.109.6.40:443"
  31.  
  32.  
  33. "IP": "65.52.98.231:443"
  34.  
  35.  
  36. "IP": "104.18.24.243:80"
  37.  
  38.  
  39. "IP": "104.122.149.95:443"
  40.  
  41.  
  42. "IP": "103.116.16.56:443"
  43.  
  44.  
  45. "IP": "72.21.91.29:80"
  46.  
  47.  
  48.  
  49.  
  50. "Description": "Performs some HTTP requests",
  51. "Details":
  52.  
  53. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
  54.  
  55.  
  56. "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
  57.  
  58.  
  59.  
  60.  
  61. "Description": "A document file initiated network communications indicative of a potential exploit or payload download",
  62. "Details":
  63.  
  64. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\xcb\\x1b9\\x17\\x11\n\\xa8\\x8c)\\xfb(g\\xbf\\xd8\\x8em\\xc0\\xef\\xa4g\\xbb\\x98\\x00_\\xbe\\xc5\\xe0\\xb5ejq\\xe5\\xf5\\xfd\\x1fj\\x82\\x12\\xf0?\\x1du\\x97\\x14\\xbdbh\\xaei\\xd9\\xbel)y\\x8a\\xa8\\xa1a0\\xa6ot\\x8a\\xe0\\xcd\\x93\\x8c~\t2cu\\xdb(\\xbd\\xd9\\x87\\xae)%\\xee\\xf2_\\x05\\x8e5\\xa6m\\x1c\\x02\\x9c|f\\xc4\\xaf6\\xe8zx\\x1e\\xc7/\\xbe\\xf9y\\xc9\\xea\\xe6.-x\\x1c\\x86\\x9a\\xd36j\\x9c\\xd4'1;1f\\x9c.#i!\\x040v\\x17\\xcf\\x7fu\\x16\\xbf\\xc5\\xbbg\\x0f\\xcfi\\xaf\\xa5\\x11\\xe9\\xf6h\\xac\\x06\\xb1\\x01\\x0b\\x14e\\x0c\\xe0~\\xb4zb*zm\\xbc>\\x1d0\\xd2\\x1a\\xe3\\xb7\\xc7\\xb5ae4\\xa7e\\xe55\\xe4\\xa7\\x04\\xc76\t0\\xa1s\\xb6)\\xc6\\\\xd7\\xcea\\xf3zz\\xe7\\x8fw\\xab\\x8c\\xb7\\x98\\xbc\\xfah\\xa1\\xd6\tc\\xa9\\x8e\\x08\\xae\\xc59|\\xe3\\xcf#4\\x02\\xc1\\x9dd\\xde\\xeb\\xd4@\\xbe\\xd7\\xffq\\x83s\\xe8\\x92"
  65.  
  66.  
  67. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00~\\x01\\x00\\x00z\\x03\\x01,\\xf5\\xc7\\xc2\\xbf\\x0b\\xb1\\x03\\xc8l\\x9do\\x0eh#/\\xe4\\xa1\\xfb\\xd5#\\xe7mbq zlf\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x009\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00 \\x00\\x1e\\x00\\x00\\x1broaming.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  68.  
  69.  
  70. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00z\\x01\\x00\\x00v\\x03\\x01,\\xf5\\xc7\\xf7\\xd3\\x14x\\xd7=\\xc8\\xe0\\x89\\x90\\xfe$\\x95u7\\xa7(\\xf9p\\x97\\xb1\\xdc\\x05\\x07\\xbc\\xf4\\xdc\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x005\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1c\\x00\\x1a\\x00\\x00\\x17odc.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  71.  
  72.  
  73. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x16\\xe1s\\x89\\xcfc:6f\\xcaxe;\\xe6!\\x1f#\\x8b\\xf6'\\xbd\\xf7w\\x88n1\\xd9\\x9dr\\x01\\xe0\\xef%\\xc8\\xeahg\\x9a#\\xa7\\x08\\xf2\\xe62@\\x1e\\x1a\\x9a\\xa6\\x1e\\xe2\\x82\\x1d\\x85\\xd8\\xa0\\xf6b(5\\xd2idr\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000w\\x14\\x93kl\\xbb;\\x06`\\xdde\\xb41\\x83\\xd8\\xbb\\x1d2\\xba\\xf3\\x97m\\xb4o\\xfe\\x01\\xaa`0\\x9b\\xdc\\x93\\x8bh\\xdd\\xfai4\\x08\\xc9\\x88~\\x0e\\xdcb\\x99\\xf7\\xc9"
  74.  
  75.  
  76. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x87\\x9bb\\x00\\x85#\\xe8\\xda\\xedz\\xb9\\x0c\\xe1\\x0f\\xb0\\x10\\x06\\xc7\\x88f\\xfcm*\\xa4\\x96\\x995\\x16\\x9d\\x83bdq\\x01+\\xbc\\x0b\\xf3-\\xbd\\xf82\tl\\xd8\\xba\\xd8\\x9a\\xe5\\xb8$\\x8f\\x81\\x8c\\x86\\xe0zj\\x0cv\\xc5\\xe8\\xea\\xfd\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xc5\\x9ci\\xe2\\xa8edry-\\x97ys\\x8f\\xa9\\x01\\xe2\\xc3\\xdf\\x8c\\xca\\x1c\t\\x92\\xdby\\x86\\x9c\\x0c\\xbc\\xf9\\xe4|\\xa4l\\xef\\xf2o\\xa39\\x89\\xfd\\xdc\\x9cdwuv"
  77.  
  78.  
  79. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\xf4\\xdb\\x86\\x82\\xeb\\x94\\x9d\\x80\\xe1\\xe1b*\\x1b4m\\x9f\\x87+\\x1b\\x96s7\\xe6\\xce\\x94&\\xe6\\x87$\\xc0\\xca\\xd64\\xac\\xb0x%;\\x8d\\xe0\\xc6\\x0bk\\xda\\xb1p\\x8dp\\xdb=-3\\x9b\\xb6\\xb8,\\xa5\\x130\\x01\\xcf\\xc9\\x04\\xd0\\xea\\x8a\\xdc\\xd1\\xe5\\xebki\\xedj\\xff3\\x97\\xa6\\xcb\\xd6\\x98\\xf3\\xec\\xb1 \\xc6)z\tl\\xd7p\\xc8\\x1bl\\x92ie<8\\xa5~4\\xa1\\xd5\\x0c\\xe8\\x0c\\x19\\xa3\\xb8\\xbd\\xbe\\x11\\xb7\\xc22\\x8f\\x90n?(%j\\xbe\r\\xd2\\xb5z`\\xebp\\xb6\\xebr\\x0f\\x10*\\x1a\\xcb=d\\x9c\\x9f\\xcd=m\\x8a\\x0b\\xe8\\xf5@n\\xcauqn\\x16\\xd8f\\xa0\\x98z\\xd4\\x00\\xa0\\x7fo,\\xf3'\\xe6\\x9c*p1l\n\\x90!\\x11\\x7fd\\xc4\\xfdw\\xba0\\x97#\\x18\\x94\\x8d\\xa6*\\x8c\\x13m\\xe8~\\x18\\xb3i\\xc0)\\xb8\\xbcv8i\\xf2\\xbd(\\x83z\\xd3=|\\xa4$\\x08\\xab\\x9f\\xbe\\xac\\xd0j,\\x877\\x9ehjn\\xfe\\xa4\\xd0\\x0f\\xdc'\\xae\\xda\\xf5jr\\xfb\\xef"
  80.  
  81.  
  82. "http_request": "winword.exe_WSASend_get /mfewtzbnmeswstajbgurdgmcgguabbtbl0v27rvz7lbduom%2fnyb45spuewqu5z1zmijhwmys%2bghunoz7oruetfaceai4elabvpzalrznpjlrv1u%3d http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nuser-agent: microsoft-cryptoapi/6.1\r\nhost: ocsp.digicert.com\r\n\r\n"
  83.  
  84.  
  85. "http_request": "winword.exe_WSASend_get /mfqwujbqme4wtdajbgurdgmcgguabbrpc1vzt9qvn7bzy3iidtbhla4mkqquwiif1tycsck3fd7%2fhijo5ox%2f%2bn0ce3saagyvv14%2fmepdgh0aaaaabk8%3d http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: sat, 23 mar 2019 17:46:18 gmt\r\nif-none-match: \"dd54d75d468"
  86.  
  87.  
  88. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p0\\xcd\\xf1)\\xbf\\x19\\xae\"\\xe0\\xad\\xde9\\x8fs\\xa4;\\xd2\\xbf\\x19\\xea>@0ugv\\x7fg\\xb2\\xe0\\x0c\\x9ff^\\xc6\\x0e\\x90\\x10\\x1c\\x0ff\\x8a\\xea\\x7f\\xfer>\\x03\\xe0\\xe5\\x04y0 \\xc6\\x8a\\x9e\\xc9\\x94\\xf8\\x8f\\x99^\\x9f\\xec\\x0eh+\\xa9\\xa2\\xcawxn\\xa7\\x1c\\xb8\\x8a\\x1fv\\xfe\\xe9\\x93om\\x98\\x9c\\xdd\\xdfis5=\\x1b\\x8dn9\\xc9\\xcb\\xd9\\x84*\\xb3\\x90\\x89\\xc1\\xd4$\\x124\r\\x82$\\xde\\x14\\xc4\\xcc\\x7fr\\x13\\xa5z\\xe1\\xfa\\xd27\\xb1h1z\\xfd\\xb7\\xb7\\xcd7si\\x89\\xd8-%\\xad\\x0c\\xa2\\xb0@ ag!\\xda\\x89_\\xd4\\x94\\x00\\x0f\\xf3\\xb8\\xb9\\x0fz\\xf8%a\\xb2\\x1f\\x94bm\\xb0\\x91\\xbet:\\xb1\\x8bz\\xfc\\xfc\\xbc\\xdd;\\x92\\x0f\\x93>\\xe6<\\xe6\\xa9\"x\\xeef\\xec\\x0b\\xe7\\x8f\\xb3\\xed\\xad\\x7f#\\x92\\xc8\\xb9%\\xfb\\xe3j\\xd8\\xc6\\x8c<\\xf4|\\xa4\\xdb%,\\x97\\x83k\\xa4\\x88'a\\xf7\\x9dlp\\xed\\xc1\\xe6\\x97\\xd2\\xa8\\xe6t4\\xa0\\x0bt=\\xfa\\xd3\\x15\\xc8"
  89.  
  90.  
  91. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x02 \\x11\\xd1\\xbb\\x8c\\xd9\\xba\\xc52$\\x8a\\xdb\\x86\\xd2\\xa5\\xb4\\xfe\\xffr\\x84!h\\x16+\\xee7\\xbbw\\xdb\\xc8\\x1f.au\\x8e \\xd4c\\xc3rs\\xbap\\xa4s\\xd7\\x13^xe\\x11\\x1f$\\xaa\\x03&k\\x05\\x9c\\x9a\\x19\\x88$bt\\xb5\\xd1\\xd3\\x0c\\xb4\\xce\\x88\\xb2d\\x84=i*\\xcf\\x11dd\\xc6\\xa5\\x83\\x8av\\xb6l&\\xe5b\\xa3:\\xcbio\\xd2~\\x9d\\xdd#l\\x8f\\xaem\\xf6*\\xd2\\x8d\\xeda2\\x15\\x8e9\\x08qi\\xb1w$\\xd2\\xc8\\x0c\\xde\\xe1 \\xcdn$l\\x14\t\\xda\\x13\\xa4\\x07\\x10v\\xcczi\\x88\\x11\\xbf`\\xa2ls\\xb6%\\xd1v\\xf0\\xa1m\\xd6\\xb8\\xce\\xbd\\xa7\\xdc\\xb0\\xbas<\\xc4\\x93\\x92\\xed\\xd6\\xdb\\x17\\x10\\x9c\\x0f\\xc3\\x19\\xd3\\xd9\\x9fz\\xablr\\xb1p\\xbc\\x16\\x03am=\\x81h1\\x80>\\x8fx\\xc58\\xb7b\\x8b\\xc2\\x01\\xc7:\\x82\\x05\\xbfs)\\x7f\\x81\\x83\\xb0\\x87\\xb4z&\\xfe\\xcc\\xc5\\x1f\\xb63\\xd9\\xa0p\\xd3\\xb0\\xa4m3(?:\\xe8a#\\xbb\\xe1\\xd0t\\xf9k"
  92.  
  93.  
  94. "http_downloadurl": "winword.exe_URLDownloadToFileW_https://globusholidays.in/plint.exe"
  95.  
  96.  
  97. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x7f\\x01\\x00\\x00\\x03\\x01,\\xf5\\xd0,\\x95\\x0b\\x1ai\\x9c\\xcfftxk\\xd8o9/p`\\x8f%r@\\x99\t:\\xedo\\xe0\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00:\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00!\\x00\\x1f\\x00\\x00\\x1cactivation.sls.microsoft.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  98.  
  99.  
  100. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x01\\x06\\x10\\x00\\x01\\x02\\x01\\x00.\\x1f\\xbd\\xb2\\xec!\\xdb\\x0f\\xdd\\xbf\\xaey\\xc88\\xf8q\\xd4je\\xef\\x8a8\\xfd\\x8c>\\x8d\\x82\\x9f\\x0e\\\\x13\\x17\\x83=\\xc9d\\xde\\xf0\\xa6\\x1e\\x85\\x18\\xcc$l\\xe1\\xa1\\xa4\\x16\\xff\\x7f\\xa1_=st\\xa6*\\x88\\xe7\\xbeb\\xe6\\x07\\xcc\\xd0\\x1d\\x86x\\xd9!\\xc1\\x17\\x1drb\\xc5\\xc2;\\x92<\\xc0?\\x00\\v\\x13\\x89\\xf1\\xf2\\x9f\\x96\\x92z\\x0f\\x1a\\x1d\\xd5\\xb7\\xf2b\\x02<\\xb9nm\\x93\\xfd\\x80\\xd5\\x92\\xe8r\\xfaey\\xeb\\xb1\\xc1p\\x82@\\x15(.\n\\x05x\\x1d\\x91ml\\xd15\\x1cx\\xdep\\xc7y\\xe2\\xa3\\x03\\x0f\\xa0\\x1a\\xf1\\xdb\\xbaal\\xddp\\xf52o\\x05\\xea\\x92\\xb9\\xba\\\\x9b\\xefs\\xe5k*`it\\x9e\\xbc\\xa2zx\\x00(\\xb1\\x15\\xde\\xd4\\x08=rv\\_\\xe5\tc\\x8e\\x059<\\xd6(\\x19\\xe9\\x97\\x1dkr\\x1d\\xd9\\xe4\\x81=\\x96\\xe6\\xc15\\x11\\xeb\\xd6,\\xb7\\x0bv.\\xe3o\\x1c\rc2\\xc9\\xac\\xfb\\xc1)u\\x0c\\x103@slv\\x8b("
  101.  
  102.  
  103. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x01\\x00\\x00y\\x03\\x01,\\xf5\\xd1\\xcb\\xc6y\\xcd\tf<\\x95\\x1af\\xe8;\\x06\\xfbt\\x86\\x96\\xcc\\xf2a\\x00=i\\x08\\xf9\\xced\\x8b\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x008\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1f\\x00\\x1d\\x00\\x00\\x1atemplateservice.office.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  104.  
  105.  
  106. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01`\\xc7\\x9b\\x07\\x89\\x9d\\xee$\"\\xa453\\xbdl\\x00wp\\xe2\\xe4\\xb0\\xfdp\\xe4hpm\\xceo\\xc6\\x1b\\xfe!\\x98z\\xc3*)\\x95\\x8d\\xdf\\xb6t$\\xdf\\xe2\\xbce\\x81\\xca0\\xdc\\x92\\x86\\x11\\xec\\xf6\\xd9\\xd8\r5\\xa7$\\xea\\x992y\\xb1\\xf55\\x87\\x85\\x08\\x98\\x8c\\x86c*\\xfc@\\xe3\\x17\\x87b\\xb7\\x0fa_0\\xe4\\x0e\\x00\\x90\\x11\\x89f\\xec\\x1d\\x14eo\\xfe\\x076\\xc1\\x10i\\x86dnbm\\xf9kp\\xc6\\xc4\\x0b\\x03me\\xf3n\\x05\\xda\\xa7\\xf5\\x90\\xde\\x13quw\\xe6\\xdd\\xf3\\xe9\\x8and\\x83*x\\xb2\\x91a\\x07uj6t\\xedw\\x890\\x0b\\x1c\\x90\\x06\\xbe\\xe6m5j i\\xabu\\x0c\\xad\\x918v\\xb0t\\xe6\\x9bm\\xf72le\\xbc\\xa1\\xfel\\xe0o\\xbf\\xdf\\xc5\\xc5i\\x03\\x05\\xf8\\x83\\xf7q\\xf2\\xb6t\\x0fe\\xc3\\xa9\\xdc\\xe6y\\xf1yx'\\x03\\xca\\x8d~\\x0bf\\x03\\x84\\xe4\\x897w4\\xa5o\\xfa\\xbf%\\xe9q\\xc9>\\xff\\x94\\x0b\\xc6\\xbb\n\\x0f\\xe4e\\xaf$\\x89\\xba\\x02"
  107.  
  108.  
  109. "http_request": "winword.exe_WSASend_\\x17\\x03\\x019p\\xdc\\x10b\\x1d\\xc0c5\\x14\\xb2\\xb2\\x1b+\\xdd\\xdc\"q\\xc4\\xa3\\xb4\\xa9\\xe5\\x116i'\\x07b\\x8f\\xf2&ig\\xc2\\x8a\\x9f\\x0b\\xcbs\r\\x96\\x7f\\x1e5\\x11g\\x95\\xff?\\x9b\\x82\\xf2i\\x07\\x83+@\\x1c\\xcb\\xff\\x83\\xe1\\x0e(.\\xac#\\xd7\\xf4'm\\x9a\\x1e\\xc8:\\xb2\\x82\\xbc\\x10\\xdd\\xab\\x90\\xd6fk\\xa3\\xbe\nx\\x14\\xc5f\\xdfx\\x0b\\x157\\x8f\\\\x9d\\xd9c ?\\xd4\\xbb\\x97o>+ap\\x81\\xa5\\xe6\\x8bn*\\xbd\\x12w\\x9026\\xd8=p&\\x17\\xc1l\\xb0\\xd8\\x00\\xdfmf\\xfck\\xa4\\xda\tb$\\xc0\\xcca\\xcb\\x05\\xc6\\xf53y\\xa4\\xdf#\\xea\\xc6\\ \\xae\\xf2~\\xa4\\x18\\xf1q\\xd6\\x80v_x<\\x8f\\x0ejbc\\xda\\x048\\x04\\x08w\\x1a:\\x04\\xac\\xf5\\xaa\\x90\\x9e3\\xb9u\\g)>\\x8bh\\xfcw\\x7fx\\x893\\x91;<%c\\x7f\\xf4\\xebt\\x060\\x91\\x81\\x04\\xf6p\\x93f\\x1a.\\xca(ii\\xe4s\\x87\\x90\\x16\"9ys\\x80\\xe1\\xd7\\xa0\\xaaq\\x8b="
  110.  
  111.  
  112. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xf2a\\x1a\\x05\\x99\\xa1\\xc3\\xd0\\x9cvp\\x03rr\\x04\t\\x1e_\\x1a\\xd7v%\\x93\\xbe\\x8d\\xb5\\x89\\x85\\x88\\xcfl\\xf6\\xb4q\\x0f\\xe8\\xe3do'w\\xb4\\xffm\\xe4\\x8a\\x08\\xf5\\x8e\\xe5n\\x14d\\xc7\\xdbd\\x8c\\xb8\\xe6\\xb5?\\x93\\xd7\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x1b\\x1dp\\xefe\\xdd!s\\x936\\x07\\x9f\\x9d\\xf3\\x12\\x18\\xe0\\x1f\\x16im\\xb0f\\x85\\x91u\\xb8l\\xfeo\\xd1l\\x95\\xde\\xe5\\xb1g\\xd4\\x05\\xb2\\x9a\\x1c\\xf2\\x10p\\x8a"
  113.  
  114.  
  115. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\xf4\\x99/=\\xb1\\x1e;\\x014z4\\xde\\xf6\\x94\\xab\\xb2\\x15\\xc4\\xf9\\xc1p\\x85\\x14\\x92z\\x05\\xb2kh\\xd9\\x8b1\\xec1kx\\xd6_\\x13\\xc7\\xc6\\xbb8\\xc4\\xb8\\xa0\\xe3\\xd8\\xc4h\\xaay\\xd0\\x18\\xa6a\\xf4\\xb8vy\\xd5:\\x05\\xf8\\xb8\\xcb\\xc3\\xcd\\x87\\xaa\\x023j\\xb94v\\xdf\\xce3\\xf3\\xfe\\xd3m\\xbbr1)\\xb1l\\x9e\\xb2\\x17\\x051\\x848\\xd9/\\xd5n!\\xac\\xcb\\xb3\\xa9\\x8a\\x83\\x07\\xfau6\\xf2\\x9d\\xba\\xea\\x12\\x0f\\x0fzf\\xf9\\x0c?\\xaf\\x90\\x02kw\\xb7\\xef\\xfc\\x17b\\xc5s\\x02\\xe5d\\x89j\\x95t\\x0e=\\xbc\\xb9oa\\x94=`\\xb9r\t\\xdb\\xf5#\\xc9\\xf5\\xb5\\xa4\\x92\\x1bg\\xaa\\xdco_\\xf2\\xcfj\\xfe\\x9fm\\x84\\xff;`<\\xa1~vp=\\xdd\\xc2\\x06\\x82s=x\\xf7\\x84\\xbc\\x04c\\xfc\\x19\\x7f\\x1enj\\xdal0\\x8d$l\\x1blu\\xc4\\xee\\x93\\xba\\xc5\\xbc\\xe9wn\\xc0\"\\xe5\\xec\\xb6\\x8f\\xf1\\xcai*\\xc4\r\\xc2\\x85%\\xb4\\xaa\\x82\\xff0z\\xd3=i\\x83#\\x0bi"
  116.  
  117.  
  118.  
  119.  
  120. "Description": "Likely Malicious Office Document DL/Write EXE to disk",
  121. "Details":
  122.  
  123. "office_dl_write_exe": "winword.exe_URLDownloadToFileW_c:\\users\\user\\appdata\\local\\temp\\t6wzuelwf.exe"
  124.  
  125.  
  126.  
  127.  
  128. "Description": "File has been identified by 12 Antiviruses on VirusTotal as malicious",
  129. "Details":
  130.  
  131. "K7AntiVirus": "Trojan ( 00536d111 )"
  132.  
  133.  
  134. "K7GW": "Trojan ( 00536d111 )"
  135.  
  136.  
  137. "Arcabit": "HEUR.VBA.Trojan.d"
  138.  
  139.  
  140. "Symantec": "ISB.Downloader!gen255"
  141.  
  142.  
  143. "ESET-NOD32": "a variant of VBA/TrojanDownloader.Agent.OPB"
  144.  
  145.  
  146. "SentinelOne": "DFI - Malicious OLE"
  147.  
  148.  
  149. "Jiangmin": "Trojan.MSOffice.SAgent.a"
  150.  
  151.  
  152. "Endgame": "malicious (high confidence)"
  153.  
  154.  
  155. "TACHYON": "Suspicious/W97M.Obfus.Gen.1"
  156.  
  157.  
  158. "Ikarus": "Trojan-Downloader.VBA.Agent"
  159.  
  160.  
  161. "Fortinet": "VBA/Agent.UNL!tr.dldr"
  162.  
  163.  
  164. "Qihoo-360": "virus.office.obfuscated.1"
  165.  
  166.  
  167.  
  168.  
  169. "Description": "The office file has a macro.",
  170. "Details":
  171.  
  172. "content": "The file appears to have no content."
  173.  
  174.  
  175.  
  176.  
  177.  
  178. * Started Service:
  179. "osppsvc"
  180.  
  181.  
  182. * Mutexes:
  183. "Global\\MTX_MSO_Formal1_S-1-5-21-0000000000-0000000000-0000000000-1000",
  184. "Global\\MTX_MSO_AdHoc1_S-1-5-21-0000000000-0000000000-0000000000-1000",
  185. "Local\\2BF388D5-6F8C-40A0-A7EE-996D005C4E14_Office15",
  186. "5CAC3FAB-87F0-4750-984D-D50144543427-VER15",
  187. "CicLoadWinStaWinSta0",
  188. "Local\\MSCTF.CtfMonitorInstMutexDefault1",
  189. "Global\\552FFA80-3393-423d-8671-7BA046BB5906",
  190. "Global\\MsoShellExtRegAccess_S-1-5-21-0000000000-0000000000-0000000000-1000"
  191.  
  192.  
  193. * Modified Files:
  194. "C:\\Users\\user\\AppData\\Local\\Temp\\Docs_89573614c4f99f739ca8b7ff7f4514e8.doc",
  195. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF0C78C4CB237B807A.TMP",
  196. "C:\\Users\\user\\AppData\\Local\\Temp\\~$cs_89573614c4f99f739ca8b7ff7f4514e8.doc",
  197. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS4201A073-09B4-4631-8DA7-E2BDB20EA84F.tmp",
  198. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\15.0\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=10",
  199. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRSECDF5314-DB52-41C6-9E05-DFE8F728B4EC.tmp",
  200. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRF6D164B6B-4E76-4D66-822B-2EFDCA5E6646.tmp",
  201. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
  202. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
  203. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
  204. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
  205. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab80DA.tmp",
  206. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar80DB.tmp",
  207. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC"
  208.  
  209.  
  210. * Deleted Files:
  211. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab80DA.tmp",
  212. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar80DB.tmp",
  213. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Schemas\\MS Word_restart.xml",
  214. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\"
  215.  
  216.  
  217. * Modified Registry Keys:
  218. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\45d",
  219. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\VBAFiles",
  220. "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\LanguageList",
  221. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle",
  222. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle\\ReviewToken",
  223. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache",
  224. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\RemoteClearDate",
  225. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1",
  226. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\Last",
  227. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0",
  228. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\FilePath",
  229. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\StartDate",
  230. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\EndDate",
  231. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\Properties",
  232. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\Url",
  233. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\LastClean",
  234. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
  235. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
  236. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery",
  237. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\BC839F",
  238. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\BC839F\\BC839F",
  239. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Common\\Cloud Storage",
  240. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ForceCacheRefresh",
  241. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OnceSucceeded",
  242. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
  243. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate",
  244. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT",
  245. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Capabilities",
  246. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ConnectMechanism",
  247. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsManaged",
  248. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsRemovable",
  249. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceOwner",
  250. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SortOrder",
  251. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SupportsMultiple",
  252. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\CapabilitiesMetadata",
  253. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Description",
  254. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Name",
  255. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceId",
  256. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceUrl",
  257. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata",
  258. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\KeyTip",
  259. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\Type",
  260. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails",
  261. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url16x16",
  262. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url32x32",
  263. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url48x48",
  264. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP",
  265. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Capabilities",
  266. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ConnectMechanism",
  267. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsManaged",
  268. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsRemovable",
  269. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceOwner",
  270. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SortOrder",
  271. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SupportsMultiple",
  272. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\CapabilitiesMetadata",
  273. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Description",
  274. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Name",
  275. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceId",
  276. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceUrl",
  277. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata",
  278. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\KeyTip",
  279. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\Type",
  280. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails",
  281. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
  282. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
  283. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
  284. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT",
  285. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Capabilities",
  286. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ConnectMechanism",
  287. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsManaged",
  288. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsRemovable",
  289. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceOwner",
  290. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SortOrder",
  291. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SupportsMultiple",
  292. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\CapabilitiesMetadata",
  293. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Description",
  294. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Name",
  295. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceId",
  296. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceUrl",
  297. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata",
  298. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\KeyTip",
  299. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\Type",
  300. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails",
  301. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url16x16",
  302. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url32x32",
  303. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url48x48",
  304. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP",
  305. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Capabilities",
  306. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ConnectMechanism",
  307. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsManaged",
  308. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsRemovable",
  309. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceOwner",
  310. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SortOrder",
  311. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SupportsMultiple",
  312. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\CapabilitiesMetadata",
  313. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Description",
  314. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Name",
  315. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceId",
  316. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceUrl",
  317. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata",
  318. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\KeyTip",
  319. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\Type",
  320. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails",
  321. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
  322. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
  323. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
  324. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED",
  325. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Capabilities",
  326. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ConnectMechanism",
  327. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsManaged",
  328. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsRemovable",
  329. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceOwner",
  330. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SortOrder",
  331. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SupportsMultiple",
  332. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\CapabilitiesMetadata",
  333. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Description",
  334. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Name",
  335. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceId",
  336. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceUrl",
  337. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata",
  338. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\KeyTip",
  339. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\Type",
  340. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT",
  341. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Capabilities",
  342. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ConnectMechanism",
  343. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsManaged",
  344. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsRemovable",
  345. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceOwner",
  346. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SortOrder",
  347. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SupportsMultiple",
  348. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\CapabilitiesMetadata",
  349. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Description",
  350. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Name",
  351. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceId",
  352. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceUrl",
  353. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata",
  354. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\DefaultFolderRelativePath",
  355. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\KeyTip",
  356. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\Type",
  357. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails",
  358. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url16x16",
  359. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url32x32",
  360. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url48x48",
  361. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP",
  362. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Capabilities",
  363. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ConnectMechanism",
  364. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsManaged",
  365. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsRemovable",
  366. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceOwner",
  367. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SortOrder",
  368. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SupportsMultiple",
  369. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\CapabilitiesMetadata",
  370. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Description",
  371. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Name",
  372. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceId",
  373. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceUrl",
  374. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata",
  375. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\KeyTip",
  376. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\Type",
  377. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails",
  378. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
  379. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
  380. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
  381. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER",
  382. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Capabilities",
  383. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ConnectMechanism",
  384. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsManaged",
  385. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsRemovable",
  386. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceOwner",
  387. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SortOrder",
  388. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SupportsMultiple",
  389. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\CapabilitiesMetadata",
  390. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Description",
  391. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Name",
  392. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceId",
  393. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceUrl",
  394. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata",
  395. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\HideIfEmpty",
  396. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\KeyTip",
  397. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\Type",
  398. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails",
  399. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url16x16",
  400. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url32x32",
  401. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url48x48",
  402. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE",
  403. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Capabilities",
  404. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ConnectMechanism",
  405. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsManaged",
  406. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsRemovable",
  407. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceOwner",
  408. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SortOrder",
  409. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SupportsMultiple",
  410. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\CapabilitiesMetadata",
  411. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Description",
  412. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Name",
  413. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceId",
  414. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceUrl",
  415. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata",
  416. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
  417. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
  418. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\KeyTip",
  419. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\RegularExpression",
  420. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\Type",
  421. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails",
  422. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url16x16",
  423. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url32x32",
  424. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url48x48",
  425. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT",
  426. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Capabilities",
  427. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ConnectMechanism",
  428. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsManaged",
  429. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsRemovable",
  430. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceOwner",
  431. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SortOrder",
  432. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SupportsMultiple",
  433. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Description",
  434. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Name",
  435. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceId",
  436. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceUrl",
  437. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails",
  438. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url16x16",
  439. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url32x32",
  440. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url48x48",
  441. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE",
  442. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Capabilities",
  443. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ConnectMechanism",
  444. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsManaged",
  445. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsRemovable",
  446. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceOwner",
  447. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SortOrder",
  448. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SupportsMultiple",
  449. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Description",
  450. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Name",
  451. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceId",
  452. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceUrl",
  453. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails",
  454. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url16x16",
  455. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url32x32",
  456. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url48x48",
  457. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE",
  458. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Capabilities",
  459. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ConnectMechanism",
  460. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsManaged",
  461. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsRemovable",
  462. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceOwner",
  463. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SortOrder",
  464. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SupportsMultiple",
  465. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\CapabilitiesMetadata",
  466. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Description",
  467. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Name",
  468. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceId",
  469. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceUrl",
  470. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata",
  471. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
  472. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
  473. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\KeyTip",
  474. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\RegularExpression",
  475. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\Type",
  476. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails",
  477. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url16x16",
  478. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url32x32",
  479. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url48x48",
  480. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingConfigurableSettings",
  481. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastSyncTime",
  482. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastWriteTime",
  483. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\OUTLOOKFiles",
  484. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\General\\LastAutoSavePurgeTime",
  485. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Licensing\\09D07EFC505F4D9CBFD5ACE3217F6654",
  486. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\ProductFiles",
  487. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Security\\Trusted Documents\\LastPurgeTime",
  488. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109F100A0C00000000000F01FEC\\Usage\\SpellingAndGrammarFiles_3082",
  489. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109F100C0400000000000F01FEC\\Usage\\SpellingAndGrammarFiles_1036",
  490. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109F10090400000000000F01FEC\\Usage\\SpellingAndGrammarFiles_1033",
  491. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03090434",
  492. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457503",
  493. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033917",
  494. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457510",
  495. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001105",
  496. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033919",
  497. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457464",
  498. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457475",
  499. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033925",
  500. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033927",
  501. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457485",
  502. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033937",
  503. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001106",
  504. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033921",
  505. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457444",
  506. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03090430",
  507. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457515",
  508. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457496",
  509. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033929",
  510. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457491",
  511. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001103",
  512. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001104",
  513. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328935",
  514. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328972",
  515. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328990",
  516. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328951",
  517. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328986"
  518.  
  519.  
  520. * Deleted Registry Keys:
  521. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\45d",
  522. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
  523. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
  524. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
  525. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate",
  526. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\sub"
  527.  
  528.  
  529. * DNS Communications:
  530.  
  531. "type": "A",
  532. "request": "globusholidays.in",
  533. "answers":
  534.  
  535. "data": "103.116.16.56",
  536. "type": "A"
  537.  
  538.  
  539.  
  540.  
  541.  
  542. * Domains:
  543.  
  544. "ip": "103.116.16.56",
  545. "domain": "globusholidays.in"
  546.  
  547.  
  548.  
  549. * Network Communication - ICMP:
  550.  
  551. * Network Communication - HTTP:
  552.  
  553. "count": 1,
  554. "body": "",
  555. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
  556. "user-agent": "Microsoft-CryptoAPI/6.1",
  557. "method": "GET",
  558. "host": "ocsp.digicert.com",
  559. "version": "1.1",
  560. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
  561. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  562. "port": 80
  563.  
  564.  
  565. "count": 1,
  566. "body": "",
  567. "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
  568. "user-agent": "Microsoft-CryptoAPI/6.1",
  569. "method": "GET",
  570. "host": "ocsp.msocsp.com",
  571. "version": "1.1",
  572. "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
  573. "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
  574. "port": 80
  575.  
  576.  
  577.  
  578. * Network Communication - SMTP:
  579.  
  580. * Network Communication - Hosts:
  581.  
  582. * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!