Docs_21205bc0cd77edaca66fe195a3016e66_doc_2019-07-17_21_30.txt

1.  
2. * MalFamily: "Ealp"
3.  
4. * MalScore: 10.0
5.  
6. * File Name: "RTF_beb86a6171a5311949c82f451b8eb934.doc"
7. * File Size: 218170
8. * File Type: "Rich Text Format data, version 1, unknown character set"
9. * SHA256: "3f7978a8accf0041a9f01de14134256c7c6e8b667183641f21349c947ce92346"
10. * MD5: "beb86a6171a5311949c82f451b8eb934"
11. * SHA1: "479d29d8f03dcc67e3f490ecc9b304c25fbab506"
12. * SHA512: "3f3023977b2a61a90c2006565ecb57551b7c9322471a80e3f8131e230642707a77a0e3c761f3ebd2415f01bd027bd38f2c18d3bda60d15c546d953f7a921c847"
13. * CRC32: "B5DB9D39"
14. * SSDEEP: "1536:mrokUe1ehegeqfD3oZ1OkHFRIxPILSQWns3R:mroeZmxgLSQWno"
15.  
16. * Process Execution:
17. "WINWORD.EXE",
18. "u.exe",
19. "u.exe",
20. "u.exe",
21. "splwow64.exe"
22.  
23.  
24. * Executed Commands:
25. "C:\\Users\\user\\AppData\\Roaming\\u.exe",
26. "\"C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE15\\FLTLDR.EXE\" C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT",
27. "C:\\Windows\\splwow64.exe 12288"
28.  
29.  
30. * Signatures Detected:
31.  
32. "Description": "Attempts to connect to a dead IP:Port (10 unique times)",
33. "Details":
34.  
35. "IP": "23.59.214.201:443"
36.  
37.  
38. "IP": "69.192.108.32:443"
39.  
40.  
41. "IP": "23.15.4.32:80"
42.  
43.  
44. "IP": "65.52.98.231:443"
45.  
46.  
47. "IP": "104.18.24.243:80"
48.  
49.  
50. "IP": "23.15.4.26:80"
51.  
52.  
53. "IP": "108.170.57.54:80"
54.  
55.  
56. "IP": "52.109.92.24:443"
57.  
58.  
59. "IP": "72.21.91.29:80"
60.  
61.  
62. "IP": "52.109.16.4:443"
63.  
64.  
65.  
66.  
67. "Description": "At least one IP Address, Domain, or File Name was found in a crypto call",
68. "Details":
69.  
70. "ioc": "quations.dotx"
71.  
72.  
73. "ioc": "ontent.inf"
74.  
75.  
76. "ioc": "harvardanglia2008officeonline.xsl"
77.  
78.  
79. "ioc": "ist.glox"
80.  
81.  
82. "ioc": "gb.xsl"
83.  
84.  
85. "ioc": "chicago.xsl"
86.  
87.  
88. "ioc": "gostname.xsl"
89.  
90.  
91. "ioc": "ieee2006officeonline.xsl"
92.  
93.  
94. "ioc": "e.gu"
95.  
96.  
97. "ioc": "nline.xsl"
98.  
99.  
100. "ioc": "iso690nmerical.xsl"
101.  
102.  
103. "ioc": "rocess.glox"
104.  
105.  
106. "ioc": "iso690.xsl"
107.  
108.  
109. "ioc": "ccent.glox"
110.  
111.  
112. "ioc": "rings.glox"
113.  
114.  
115. "ioc": "gosttitle.xsl"
116.  
117.  
118. "ioc": "rid.glox"
119.  
120.  
121. "ioc": "..3b"
122.  
123.  
124. "ioc": "adial.glox"
125.  
126.  
127. "ioc": "rame.glox"
128.  
129.  
130. "ioc": "set.dotx"
131.  
132.  
133. "ioc": "ext.glox"
134.  
135.  
136. "ioc": "pictureorgchart.glox"
137.  
138.  
139. "ioc": "anded.thmx"
140.  
141.  
142. "ioc": "content.inf"
143.  
144.  
145. "ioc": "rame.thmx"
146.  
147.  
148. "ioc": "etropolitan.thmx"
149.  
150.  
151. "ioc": "rop.thmx"
152.  
153.  
154. "ioc": "asis.thmx"
155.  
156.  
157. "ioc": "iew.thmx"
158.  
159.  
160. "ioc": "eadlines.thmx"
161.  
162.  
163. "ioc": "avon.thmx"
164.  
165.  
166. "ioc": "ype.thmx"
167.  
168.  
169. "ioc": "ircuit.thmx"
170.  
171.  
172. "ioc": "g.n9"
173.  
174.  
175. "ioc": "late.thmx"
176.  
177.  
178. "ioc": "esh.thmx"
179.  
180.  
181.  
182.  
183. "Description": "Performs some HTTP requests",
184. "Details":
185.  
186. "url": "http://danmaxexpress.com/ssl/u.exe"
187.  
188.  
189. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
190.  
191.  
192. "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
193.  
194.  
195.  
196.  
197. "Description": "A process attempted to delay the analysis task by a long amount of time.",
198. "Details":
199.  
200. "Process": "splwow64.exe tried to sleep 3240 seconds, actually delayed analysis time by 0 seconds"
201.  
202.  
203. "Process": "WINWORD.EXE tried to sleep 279 seconds, actually delayed analysis time by 0 seconds"
204.  
205.  
206.  
207.  
208. "Description": "A document file initiated network communications indicative of a potential exploit or payload download",
209. "Details":
210.  
211. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\x96\\xbdw\\xed\\xb8\\xba~r\\xd0\\xb5\\xbd\\x0cue\\x86\\xb72(/)\\xb9\\xddk\\x0bp\\xf5\\xb2\\xad\\xd6'8\\xcc-`d&\\xc0\\xab4c\\xf5\\xd5\\x8c\\xf3\\xe5\\xb7\\xc1\\xaf5\\xba\\x15zf\\x14@\\x85\\xcc_\\x1b\\xff\\x9bg\\xa8|\\xf1e\\xf3\\xee\\x1er\\x103\\xb2q\\xdf\\x86qw&*\\x84\\x9c\\xc4<mg\\xc2\\xbf\\x0e\\xe1e\\xbc=\\xe29\\x9a\\x94\\x1a\\xd1\\x17\\xca\\xeb\\x91\\x04\\xfb\\xfb\\xfbf)@*\\xe5v/\\x89\\x94ym\\xd5\\xbd \\x7f\\xc9\\xcd\\xab8j\"\\x943\\xa1\\x7f\rt\\xe0|m\\x14mk\\x9d\\xc9l\\\\x0ck\\xd2\\xbc\\xe0ls\\xeb\\xd1\\x9b\\xe0\\xea\\xd9@\\xf6\\xc0w\\xf4\\xcd0\\xadu\\xb9~\\x81\\x03\\xa2*\\x07\\x80@~\\x86%\\xf1\\xfe\\xb0x\\x8eu\\xd76\\xde\\xc6\\xe2\\xb1g\\xcf\\x1a\\xc2p\\xcb\\x12\\xbb#\\x84a\\xcf4<mh\\xe0\\xa4\\x9b\"et\\x87\\x90\\xe6a\\xff\\x83n\\xcbh\\x13i\\xf0:dl@\\x81\\x05\\xed\\xe8\\xdc|\\xaf\\xe99\\xdb\\xc5xs \\x80\\x82\\xad\\x93\\x87"
212.  
213.  
214. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00~\\x01\\x00\\x00z\\x03\\x01/rn\\xd2\\x98>\"tqa\\xe7\\xfam5/\\x87\\xd6r\\xd9\\xe2d\\xc1b\\x83\\x99\\xb0\\xaaw\\x16t\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x009\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00 \\x00\\x1e\\x00\\x00\\x1broaming.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
215.  
216.  
217. "http_request": "winword.exe_InternetCrackUrlW_httP://danmaxexpress.com/ssl/u.exe"
218.  
219.  
220. "http_request_path": "winword.exe_HttpOpenRequestW_/ssl/u.exe"
221.  
222.  
223. "http_request": "winword.exe_InternetCrackUrlA_http://danmaxexpress.com"
224.  
225.  
226. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x00\\xcfka\\x98\\xb7\\xc2s\\xfe:\\xcbc\\x98\\x8fz\\x19\\xf8\\x84\\xd4\\x99e\\xe4\\xff\\xdfa\\xf5\\xae2\\x81\\x1e\\xfb$v\\xef\n\\x1d\\x19\\xd0 4x\\x9c\\xbfy\\x00\\x92\\xae\\xf9\\xc9 h\\x8e\\x98w\\xfd\\xee\\xbe+\\x84i.\\xc1aa\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x85%?r\\xba\\xbc\\xd0(\\x8cf\\x15\\xa7\\xce\\xc4\\xb6g\\xe77x\\x1dz\\xfd\\\\x89\\xf3\\xee\\xc7\\x16\\xaf\\xe6\\xcb\\x16\\\\x90b\\xad\\xfa!^\\xb2~*s\\xbe\\xa8\\x9b?"
227.  
228.  
229. "http_request": "winword.exe_InternetCrackUrlA_http://danmaxexpress.com/ssl/u.exe"
230.  
231.  
232. "http_request": "winword.exe_WSASend_get /mfewtzbnmeswstajbgurdgmcgguabbtbl0v27rvz7lbduom%2fnyb45spuewqu5z1zmijhwmys%2bghunoz7oruetfaceai4elabvpzalrznpjlrv1u%3d http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nuser-agent: microsoft-cryptoapi/6.1\r\nhost: ocsp.digicert.com\r\n\r\n"
233.  
234.  
235. "http_request": "winword.exe_WSASend_get /mfqwujbqme4wtdajbgurdgmcgguabbrpc1vzt9qvn7bzy3iidtbhla4mkqquwiif1tycsck3fd7%2fhijo5ox%2f%2bn0ce3saagyvv14%2fmepdgh0aaaaabk8%3d http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: sat, 23 mar 2019 17:46:18 gmt\r\nif-none-match: \"dd54d75d468"
236.  
237.  
238. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01pq\\xa9\\x90\\xf9\\xce\\x8e\\xb8\\x97,\\x05\\x95\\xca-l@\\xd6\\xc5\\xc1;1\\xf1\\xec\\\\x90\\xe5f\\xf4\\xdd\\x00+\\xed\\x0e\\x014\\x05p\\xd7\tm\\x14\\x02mfu\\x19\\xe4\\xab\\x9d\\x03\\xac\\xc7\\x86\\x8cr\\xe4\\xef<\\xa6\\x1d\\x1c\\xb4\\x14gm\\x8c@i\\xdeb\\xe87\\xa7\\xd4\\xf9=\\xea\\xd3j\t\\x16\\x18ff\\xc1\\x8cb\\xae\\xf0\\xaa\\x01%\\xad=\\xbfpp\\x1b\\x1e\\x90\\xd9b\\xccnxy\\xe1\\x90:\\x83g\\xbd\\xa8?\\xda;\\x82\\xc5\\xack6;\"st\\x04\\xa1o\\x95\\xe6\\x89i\\xcd~`\\xc9$\\x11\\xcd\\xfe\\xdb\\xda;=\\x827\\xd9\\xe5\\xf5\\xe8k.\\xd69\\x97sq-\\xa4;>\\xc0mz\\xa2\\xd8>a\\x1e\\xb2g\\xaa\\xb37h\"\\x14\\xf6\\xe6\\xb8\\x01\\xe6\\xbb\\xef\\xb9j\\xd8w\\xe6r\\x80a\\x90\\xde\\x9c4\\xcc\\x89\\xb1tx`c\\xf2f\\xdb\\xac\\xd3\\x84\\x9c\t\\x8e\\xa9e\\xda7\\x1a\\xae\\xf2\\xcdm\\x9e\\xc3j\\x8d\\xc5\\xa2\\xc0\\xc9\\x9a\\x96\\x12\\xcb5\\x9f\\x8d\\x04\\x98?e\\xe0\\xf9\\xae\\xf3\\xc4\\x83\\xd0\\x8e\\x7f"
239.  
240.  
241. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x02 \\xefd\\xd8\\xa1\\xeeb\\xfd\\x19wc\\xf4@q8<s~\\x94\\xbd\\xebqn\\x86\\xeb\\x93#\\xbc\\xf21\\x9b\\xc5\\xfe;\\xeb\\xe2\\xe4a\\xa7\\x80\\xa8\\x1970$\\xbc\\xae+\\xfc\\x1a\t\\xb3\\xf9\\x15\\xce4\\xc0\\xad7loz\\x0cm\\xa4_\\x10\\xc7\\xfe?nm\\xbf)x\\xa6_\\x14~&\\w\\x88\\xf8\\x05\\x15\\x9b\\xaat\\x95\\x19\\xf8a\\xc3\\xe6\\x86\\xbf\\xb8u`\\xf8&\\xe9y\\xa6\\xaf\\x15\\x00\\xf6\\x05\\xe0\\x0f\\xa4\\xca*\\xa3):\\xf1\\xa8&\\x1c\\xb8w\\x9e\\xd0w\\xf1`\\xe7\\x9e\\x12o\\xf9\\x12\\xd4\\xf4\\x99\\x04xo\\x1cex\\wd\\xb1pb\\xd9,x\\xc4\\x03\\\\xca\\xea\\x19@\\xa7\\xdf\\x15\\xca\\\\xef\\xfa\\x81\\xc5~\\xd4\\xc3\\xf0\\x1e\\xb2m\\xfd\\x9e\\x15\\x13\\xed\\x84\\xd5c\\x89\\x941\t\\xdbq\\xeb\\x86\\xe6\\xfcn\\xb4\\xd3\\x1c\\x86\\xa2\\x8a\\xf66b\\xdf\\xb1\\xe7\\xa9\\xbe\\xed:\\xf0\\x01r5\\xa3\\xc7\\xacf\\x12\\xd8\\xdf\\xdfj\\xe1:\\xf0\\xa1zd\\x18\\xddk?h=\\x90o\\xa9\\xed^\\xd2\\xd3\\xb1\\xef7ok"
242.  
243.  
244. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00z\\x01\\x00\\x00v\\x03\\x01/rsk\\xc71\\x01\\x15s\\xa4(/\\xa5\\xc6\\x82\\x95/\\x1a\\x0fyb\\x1d\\xea\\xeb/l\\xfa\\xd3\\xd3\\x8a\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x005\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1c\\x00\\x1a\\x00\\x00\\x17odc.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
245.  
246.  
247. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04v\\xde\\x9b\\x95g\\x8b(:b\\xe8k\\xb7\"\\xaa\\xeb\\x8d\\x03\\xbd\\xf3\\x8a\\xdf\\x9c\\x85k\\xf5\\x1bz\\xc6\\x98\\x8a`r(y\\xc5\\x91\\xd9cm\\xd6\\xbc\\xec\\xad\\x02k\\xcc\\xb1\\xef\\x0b\\x1e\\xe9p\\x92\\xbb\\xc7\\x8a\\x96#u\\x95\\xecx\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x831\\x8d\\xe2\\xb2\\xb6~of\\xd8\\xe2\\xb8\\x94\\x19x\\xd7n?\\xe3\\x02\\xed\\x19x\\x94kkfft\\x0b\\xfd\\xc0\\xf6\n\\x00\\xe7\\xed\\x14\\xaea\nm\\xaf\\xab\\xf4\\xea\\x1az"
248.  
249.  
250. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\x8b\ttb\\x06\\x98\\x1bn#\\xbc\\x86\\xdd\\x9a/\\x9b\\x1b\\xaa\\xb5\\xeas-\\x9b\\x8d\\x148\\x84\\xed\\xb0\\x9d\\xd33\\xb9\\x16m\\xde0\\xdd\\x16\\xe4\\xdb*,\\xc3\\xb7\\xbe\\x99k\\xee\\x8du\\xef\\x1bt\\xfdp\\x17\\x1b\\xb0\\x15mo\\xff\\xa4,\\x06?\\xb9\\xc8\\xf7u\\x98r&\\x93\\x04\\x1c&&_\\xb4\\xac\\x1a'im\\xe6\\x89\\xab\\xce8\\xe2bci\\xad\\xe8\\x90\\xef\\xf5\\x0f\\xfa\\xc0\\xfa1p\\x01g^\\x9c\\xe1\\x16\\x01q\\x81;\\xe7>_\\x1af\\xcb\\x04xw\\xc2\\xc4\\x84e\\x9c\\xa2\\x94ckb\\xa3\\x0c\\xdc\\xb9c\\x83r\\xaa\\xc2\\x19\\xc4q!(\\x98ip`+c~\\x14pc\\xff\\xd7\\xe4\\xac\\x1es\\xfb\\x1a\\x11p\\xa2\\x81\\xb6f#\\xa5\\x80t\\x17\\xc4_\\x8b\\xfa4\\xe2|\\xdc\\x16\\xf25\\xf9\\xfa\\xa4\\x82\\xdep\\xcdpnl\\x0f\\x97n:\\xb9\\x1c\\xaag\\xa9\\xe2\\xc0\\xd2\\xf4\\x18\\x80\\xfc!\\xfe\\xe1n\\xea\\xd7\\x9a\\x98\\x0fy\\xeb\\xb4\\x89x(;\\x87\\x11 \\xb2k\\xb34e\\xcd\\xd7\\xdfp\\xcd,(1\\xf2"
251.  
252.  
253. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x01\\x00\\x00y\\x03\\x01/rwn\\xa9\\xee\\xc4y8\\x98\\xe1\\xd1^3\\xf2\\x1a3\r\\xd7<z\\xba\\x1a\\xeb\\xb23\\xf0\\xaf\\xffq\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x008\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1f\\x00\\x1d\\x00\\x00\\x1atemplateservice.office.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
254.  
255.  
256. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x0b\\x98m\\xe7\\xdbr\\xa8o\\x1a\\x1d\\x10\\xa4\\xb0\\x05\\xd9\\x8e\\x00\\xb2\\xf3\\x155\\x11\\xba\\x8fg\\x12\\xa9u\\x15\\x7f$\\x8b\\x04\\xf0\\x03uh~\\xce\\x1e\\xd0\\xdeu1\\xd3\\x9e a\\xa8\\xc6g\\xcfb\\x8bo\\x92\\xf7\\xe0\\xc8\\xa8\\xa5\\xef\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000eg\\x8ea\\x8b\\xf8'\\xdcz\\x83\\xae\\x84\\xd2b\\xac\\x1fs\\xc2\\xb0\\xb1p\\x1b\\xc4\\x98\\xc4s\\xc94\\xb5\\xea\\x9d\\xf3\\x193\\xd4\\x87\\xc1u\\x14k'7\\x96\\x87wd"
257.  
258.  
259. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\xba\\x1b\\xb3\\x8c@\\xd7\\x9f\\xb2-\\xbf7\\xc3j\\xa4eh\\xe4\\x0b\\xb1\\x1a:\\x91\\x18d\\xfb\\x87\r\\xeb\\x17\\x88s\\\\x80\\xf47\\x12&re\\xe6\\xc3\\xc7d\\xd9q\\xcd(\\x90\\xbb\\xdb5x\\xe9\\x16\\xff\\x86o\\xd8q\\xd0\\xb2\\x1c\\xbd\\x99\\x94\\x8bc\\xd1\\xda\\xdf\\xe8w9\\xa4n\\xd2t\n\\x05z\\xc0\\xa4l\\xfej\\x1ae !$!\\xd9\\xe1^\\x9f\\x8aos(\\xl\\xaa-\\xc2\\x18\\xef\\x18\rw\\xb9g\\xb0d\\x86k\\xea\\x8ao\\xfd)7\\xc4\\xae\\x8bt\\xbf\\xd9\\x97\\x03s\\xfb\\x94\\xc2x\\x14ey\\xa0\\x96\\xf9\\x91\\xb9\\xc8q\\xe3\\xba\\x9a\\xa9\\xd2\\x85/?\\gp\\xe4\\xe6+\\xf8\\x8f\\x94\\xeb\\x81\\xa7\\x19\\x0b\\xe9\\xc5\\xe4`\\x1a\\xad\\xb5\\x88\\x1ez\\xe1(\\x08p6\\x8b\\xc0\\xac0\\xca\\x0cy\\xa9\\x13\\xe04\\xb9\\xc6l\\xcc\\xa5\\xd4\\xa1\\x89\\xba\\x92\\xab\\xf2\\xa2\\x88ry\\x1en\\xe4\\xd9v\\x85\\xc7\\x81\\xc7\\x8fxb\\x19\\xf2rm\\x12\\x91\\x1f\\x97\\xc5,\\x8f\\x88\\xd2\\xc7\\xb0b\\x7f)\\xad\\xa2c"
260.  
261.  
262. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/ryw\\x80b2q\\xf2\\x9e50\\xb1os\\xda\\xdd\\x1e\\xef\\xdd\\xa6\\x0c\\x00#u\\xd5kv#\\x89\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
263.  
264.  
265. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/ry\\x87\\xf6\\x99\\xfb\\x8fn\\x97\\xe1\\xf8i\\x1bf'\\x9d\\xc3\\x0e\\x1b\\xb4\\xf2\\x0fm\\xb0\\xc5\\xf1\\xd1\\x90s4\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
266.  
267.  
268. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/ry\\xa6\nj\\xfec\\xad\\xf7\\xdf#\\xf2)\\xa4\\xe8\\xfc\\x02\\xfe`\\x17\\x9b\\x0f7\\xe8\\xea\\xc9)\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
269.  
270.  
271. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\x80:\\x95l\\x85\\xa8\\xcf\\xf5v\\xa6bw\\xfa\\x15i\\xdd\\x84\\x05\\xdd\\xd5\\xf3=i\\xfb\\xfb\\xeey@\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
272.  
273.  
274. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|t\\xc8,\\xcfb\\xc0b\\xc4b\\x9c\\x14\\xe0ka\\x17\\x020\\x81'\\x10\\x028r\\xf0\\xf4\\xfd\\xb4\\xf7\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
275.  
276.  
277. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\x7f\\xf3\\xe0_\\xe6\\xbd\\x00\\xe9\\xa0\\x0e\\x08!\\xa9\r\\xeb\\xd6qv\\x93\\xf8=\\x9c\\xa9\"\\xe1vq\\xd1\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
278.  
279.  
280. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04g\\xa2w\\x83\\xa8\\xc5f\\xedzl\\x00\\xc9\\xbd\\x05\\xdb\\xac\\xff\\xd9\\xc0j\\xec\\xe2\\xa6\\xb8\\x83h\\xcb0\\x8b\\xea\\xd2\\xe4g\\xa4\\xea\\x0f\\x9fd\\xfd\\xf7\\xa3r\\xfd<6&o\\x07\\xe6aluxb\\x0fz)\\x11m&n;n\\xc1\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xdd\\xfc\\x0f\\xc0\"\\xa2\\xc9t\\x1d+ye\\xd9r\\x98\\xab\\xb0\\x07\\xe5\\x87\\x9b\\xb4\\x83c\\xdfo*r\\x94c\\xcd\\xcc\\xcf&\\x08\\x01c)b\r\\xc3yo$\\xca\\xbd\\x1b\\x08"
281.  
282.  
283. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xc4=l\\xfc\\xd5f\\xae\\xb4lc1\\xc1nl\\x95z\\xfch=\\x02\\xcdj\\x977\\x84\\x90+\\xc9\\x11\\x92\\x02a\\x1bzmeq,y\\xda\\xf7\\xe5\\xd7\\xa0\\xfb!\\xdf\\xdc\\x9f\\xe1\\xb9\\xbam\\xe4\\x1a\\xcd\\x02$\\x9b|\\x13\\x1c\\xce\\xb4\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000n-`\\x99?\\xeb\\x08s5\\xafy\\xb9g\\xe2\\xcf\\x07@\\xb6\\xb0o\\xe4\\xb1\\xbf\\xe2c\\x8d\\x9a\\x1d\\x1af\\xe3\\xf5\\xd7\\xd4\\xb4i\\xc9\\xc2\\xe4\\xb6o\\xae\\xee\\xff\\xc4"
284.  
285.  
286. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xe3\\xbf\\x1bt\\xd5\\x95\\xf9@\\xbb\\x84e\\xd4\\xc6v\\xa6\\xa7\\xab\\xd45*\\xa9\\xd0\\xca/\\x01\\xa5\\xe5\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
287.  
288.  
289. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xb5\\xdd7li;\\xad\\xc6c\\xda\\xce\\x9fj*hf\\xc1d)\\x9dv.p\\xe8b5o\\x0b\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
290.  
291.  
292. "http_request": "winword.exe_WSASend_r\\x00\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xa4\\xc9x\\x1a\\xdco\\xab\\xe3\\x9e\\x87u\\xb3a\\x80\\xb6=\\xc4^$;\\x113i(\\x96s5\\x95\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
293.  
294.  
295. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x14/,\\xbc\\xc2\\xbc\\x11r\\x91p\\xban\\x8fo\\xbb)\\xb9\\x0e^\\x0f\\xf5\\x95\\xe3c\\x0c`hc\\xb1\\xf2\\x88\\xb3\\x03\\xd3\\xe4\\x904ks5\\xda\\xf2\\xa5\\xaa\\x18pu\\x05c\\x1d1\\xf0\\xed\\x8d\\xea\\x10v-z\\xfd\\x18\\x0b\\xa3h\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000s\\xbc)\\xbak\\xd7b\\x9czl\\x08\\xba\\x8a\\xad\\x96\\x9c\\xec\\x01\\x9e\\x96d\\x8by\\xd6\\xbb\\x883\\xc6kzf\\xd9\\x00\\xff\\xe7\\xc0\\xca\\xff\\xf4\\xe9\\xea\\x89\\xc29a\\x96o"
296.  
297.  
298. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|k\\xad1\\x93\\x80\\xdc\\x1f\\x8e~\\x04\\x19\\xb1\\xbb%\\x91\\x16\\xb2\\xfd\\x93&\\x04=\\xbb\\x0b\\xe4\\x8a\\x8fr\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
299.  
300.  
301. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xf4w\\xd5\\xb7o`\\xb2\\xce\\xb0\\xbfs\\xdb\\x88\\xbcu\\xf0\\xda+\\xa4\\x9b\\xe2\\xc3:\\xc7\\xe9\\xd9\\x81\\xbe\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
302.  
303.  
304. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xa8\\x91lo`(k\\xa1\\xdbq\\xd2\\xe7\\xe0\\x19\\xd7\\xb99i\\x8e^\\xe7\\x19\\xa5\r\\xa6\\xe9\\x05\n\\xe4\\x98\\x99\\xed\\xc2\\x88z\\xe4nh\\xde\\xf0d\\xa6\\xdc\\x15\\x84\\x94\\xc3a\\xa0n1xx6n\\xe42\\xa6z\\xd9\"l\\xa4.\\xea\\xf2\\x11u5\\x85t\\x17b\\xa6\\x1b\\xb6\\xe7\\xdasc\\xf2\\x15\\xc7\\xabq\\xae\\x98d\\xd9k\\xdd\\x86:\\xf6\\x8f\\xcb\\xf7\\x97d%\\x1b!bxd\\xbb\\x08.\\xbb\\x03u\\x9b\\x14\\xa5:\\xf3\\xba&\\xdd\\xe9\\xf4\\x9c\\xd9\\xd6n\\x1b\\xf9\\x97\\xa2b2\\x83k\\xdd\\xd31\\xdb\\x15\\xbey\\x9b\\x9a\\xb8\\xea\\xdd\\xfan7\\xdf\\xa9wz\\x9c\\xe5\\xd9`\\x08\\x90a\\xb3\\xb6^\\x91\\x7f\\xadk\\xf2p\\xc8((!\\xed_\\x8c9\\x06v\\x08t\\xef\\x1b\\x7f\\x9d\\x9bw\\xc2\\x83\\xdf%\\xc3\\xd3\\x85rk3b\\x1a\\xa5\\xd6=\\xf2\\\\xa5\\x0e\\xdb\\x8d\\xb6\\x18\\xa6j\\xa0\\x9c\\xce\\x8c96\\xaaify\\x04\\x18j\\xd0v\\x08\\x1ae\\xe6\\xdc\\x0f,\\x04\\xca\\xc1\\xb4%,k\\xbd\\xc3\\xcd\\xef"
305.  
306.  
307. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xfb_-\\xd2\\x1d\\x81$n\\xa8\\xd1\\x1f\\xb0b!\\xf1j\\xdb\\xf5\\x01o\\xa98\\x8b\\x17\\xbc\\xe9\\x1b$\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
308.  
309.  
310. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xcf\\xfa\\xbc\\x0b\\xce\\x87tw\\x98\\xaaj\\xab\\xa5\\xc9\\xd6i\\x82+\\x8c\\xf6h\\x0b\\x08\\x99\\xb4\\x85\\xaf\\xc0\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
311.  
312.  
313. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|;\\x92\\xfb\\x19\\xf0l\\xbf\\x89\\xb2\\x19\\xab\\xdfw\\xc2j,\\xd8o\\xa4o\\x9a\\xd0&\\xf2k\\xb5\\xf4\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
314.  
315.  
316. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xa8\\x85j0\"u1\\x86~\\xf3v\\x82i\\xfa~\\xb4\\xe0+\\xa9\\x04\\x0e\\x9co'v\\xeez\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
317.  
318.  
319. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|q\\xb3\\xa5\\xb4t\\xbf\\xf6'\\xa5\\xbc\\xc1_\\\\x15b\\xf1h\\xbfsc\"^w\\xdbg\\xb5\\xad\\xed\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
320.  
321.  
322. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|q\\x81\\xff\\xf2^l\\x04\\xed\\x94\\xf8\\x8d\\xbd\\x08\\xdf\\x0f\\xba\\xdb\\xd5\\xb8\\x89\\xbf\\xfc\\x14m\\x01\\x9a.\\xc1\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
323.  
324.  
325. "http_request": "winword.exe_WSASend_>\\x00\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xbem\\x7f\\x19\\xde\\x00\\xc0\n/\\x13\\x11c\\x98$\\xcd\\xb4\\x84\\xd3jq\\x0b\\x16\\xc89\\xf5\\x8b5\\xd2\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
326.  
327.  
328. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xb6\\xac\\x93\\xa2)\\x9e(\\xfc\\x18\\x8f\\xafhw\\x85\\xae\\x99f*<g\\x08\\xb7l\\xb8\\x03\\xc3$`\\xaa\\xff=\\xc6\\x13d\\xca\\xa4\\xc6f'\\x1f\\xa8\\xa9ngqz\\x15-2+\\xb3\\xd0\\xaam\\x1e\r\\xa6?o\\xbf\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x86t\\xb1\\xa2x\\x8ap-.\\x1c$y\\xb7d\\x0b\\x84\\xff\\x9f\\xf5\\x03i\\xdcc\\x85\\xdd\\xa8\\xee\\xb1\\xae\\x14\\xb9r\\xaa\\xa4\\x00\\xec\\x12c\\xa8\\xcb\\x89\\x9f\\xf5\\x80ue|x"
329.  
330.  
331. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|j21\\xdf\\x1a\\x08\\xb3\\xfdr\\xb8\\x86\\xaa\\x1e\\x93\\xc6\\x0f?x~sloy\\xe3ws\\xe7.\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
332.  
333.  
334. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\x7fa\\xe0\\xdf2&\\xa0\\xb0\\xb1\\x81\\xcd\\xfc\\x96\\x96\\x03t\\xeaw\\xec\\xf3a1x,\\xd4\\x94\\xf9\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
335.  
336.  
337. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\x85\\xfds\\xdcn\\xd8'\\x91slz\\x16(i\\xeck\\xca\\xd4\\x1c.\\xb6\\x93\\xb5\\x0f\\x14:`\\x06\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
338.  
339.  
340. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|z\\xa4\\xd6!\\xa5cw<\\x00\\xf4\\xac\\xf9x\\x00\\x90\\x99\\x82c\\x7f\\x19p\\x15\\xc1;v\\x85\\xf2\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
341.  
342.  
343. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xd2\\x0f\\xfa\\xe7\\xefa\\x8f_^\\xa6\\xd6\\x9e\\xa9!\\xc8\n|\\x91\\xbd!\\xfe\\xef\\xa8k\\xab\\x99ec\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
344.  
345.  
346. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|(\\xae*\\xbc\\x1e2\\x98n\\xf8io~`:\\xe52\\xebs\\xc5\\x02\"\\xbe\\xd6\\xc5u\\x1e\\xf95\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
347.  
348.  
349. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\x8dp\\x83\rr\\x05\\xa0<\\x88\\x89y\\x81\\x1b\\xa8\\xd8\t`@\\x89\\x84)\\xe9\\x11\\x96\\xa2g\\x99\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
350.  
351.  
352. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x9ez\\xa3\\xf8(\\xeb\\xe0\\xbe\\x01\\xcc\\xcc\\xe3\\x9drwv\\x98yj\\xfb\\x0by\\x04\\x1dp\\xe4\\xac\\xbf\\xf2s\\xee\\x18v-\\xcc\\x96\\xc3\\xd6rz,\\x10y43\\x87\\x95\\x9cn\\xbb%g\\x9a\\xdc\\x8dq\\xca\\xfb\\xd4\\xf1\\xb8\\xf5y\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x06\\x14\\xbf\\xbf\\x83w\\xde\\xd7k\\x10\\x03\\x95p\\x9e\\xc2\\x80\\xa4\\x85\\x8a-a\\xccn\\x02\\xbe$\\xac\\x97\\xf5\\x17\\x98\\xed$\\xa0\\x8f\\x8e\\xf5\\x1d\\x9a:\\xc3\\xad\\xd8\\x9cx\\x12\\x8b"
353.  
354.  
355. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x10p\\x9dl\\xb6\r\\xe9\\xc4v\\xf4\\xa1\\xe6\\xf4\\xfe\\xbf3u\\xf9\\xe9r\\xe0v\\x15\\x99k\\xf6\\xeex9\\xc2)\\xa7(\r\\x8c\\xa2\\xb3t\\xcd\\xce\\xef\\x0c\\xa4\\x03y\\xb2_\\xf7\\x96d\\xcd\\xce\\x87\\x1e#1\\xb8:\\xc9\\xe3\\xa4z\\xe5\\xb8\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000; \\x98uy'0\\x95~\\x14\\xeb\\xd7\n\\xbf0\\xc1d\\x9b\\x18\\xb2\\xe4\\x9a\\xf4\\xe7(+\\xdc\\xffnh\\xcb\\x872\\xd1\\xb5a\\x17\\xb5mcc\\xcco\\x01a\\xb5\\xd8"
356.  
357.  
358. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xaa\\x16\\xc9\\xe0\\xff\\xd3sl\\x85j\\xf8a\\xa8\\x88ua\\xe8\\xec.6?\\x16au,\\xe8\\xec\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
359.  
360.  
361. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xc7\\x82\\x07mb\\x97h\\x85\\x93b\\xb8\\xd1\\xd5\\x9c\\x00t\\xd5\\xc6\\x07\\xd3z-ez\\xdf\\x89\\xbe#\\x83/l\\xf4\\xc0\\xcax\\xca\\x91\\x17=\\x07\\xc3wo\\x9b\tan\r\\xbf\\xedy\\xe0\\xeb\\xe6\\x14\\xb6q\\xb0w\\xc2\\x1f\\xf9cek6vt:\\x04\\x06\\x7f\\xc0u\\xce\\xb9\\xdf\\x82\\xafc\\x14 \\xf43m\\x7f\\x8b\\xeb\\xc9q\\xc6\\xfd\\xde\\xdc?z\\xc4|\\xacqu\n\\xb4\\x9d\\x0b\\xd4*\\xfa\\x9a\\xef\\x1f:^#\\xf4l0|\\x1er\\x85\\x9c\\x7f\\xa4\\xecw\\x04\\xfe\\xbe\\x90p\\x98\\xeb\\x13\\xb0\\xd4_~\\x02\\xc2\\x93\\xfc\\xc7\\xbb\\x89\\xfdw\\x8a`\\x12-\\xa4\\xaf\\xca\\x17\\x00\\xc4\\xf9\\xfe!\\xd1\\xb1\\xe1\\xd8\\xbe\\x05\\xd7\\xc1\\xcd\\x91\\x0f\\xf6\\xa5f\\xdb\\xf1d\\xe3\\xdd\\xee\\x11\\xe6=`\\xfb\\xb0^\\xb5z~\\x19n\\xef\\xc1t47\\xd3\\xcb-b\\xde>\\x98<98\\x84\\xef\\x82z\\x12\\x9a\\xf6\\x16\\x941\\xd9\\x9d\\x0c\\x10=|\\xccm\\xd21\\xad\\xfc\\x1f\\x1b&t\\xa9y\\xcak\\xf2_z\\xef\\xfd\\xf6\\xa2` \r$ \\xe4"
362.  
363.  
364. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|>\\xf0\\xd8\\xab\\x1b\\xbd\\xb3\\xd8\\x86\\xfe\\xd4\\x8fr\\xa3\\x8b_czj\\x8e\\x86m\\x1c\\xc4\\\\xef\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
365.  
366.  
367. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x044\\x02\\xdbp_\\x13y\\x85\\x91v\\x19\\xe4d\\x03u\\xd3?<\\xc5p\\xbflp\\x9f\\x02v\\x00z\rn\\x05\\xb5\\xb4o\\xa8\\xe8lh\\x9d\\x8bi\\xec\\xbb\\x04\\xba\\xf2`\\xa4\\x98f\\xd6\\x8b\\xae\\x8c\\x83\\xa3\\xba(z\\xc1\\xdf0\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x83!\\x93\\xb4bqcom\\xf0\\x07\\x1bqp\\x95\\x8b\\xae\\x9b\\x0b\\xb6\\x19t\\x89;\\x0c\\x89\\xb4\\xe4\\x9d9p\\x89\\x92\\xdf\\xe7p\\xdf\\xdf4\\xea\\xf5qj\\x96`\\xb9u\\xae"
368.  
369.  
370. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xe4\\x87y\\xd3\\xcc\\x11\\xddh~x^s/\\x9d#ogv\\x1ckv\\x8a\\xa6\\xb5\\x02\\xd6\\x87\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
371.  
372.  
373. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04'k\\x18\\x01q\\xf1%(\\xfd\\xe5\\xf2\\xabe(\\xfc,\\xf2\\x1bf:r\\xf3?z\\xc3\\xa1\\x12h\\xeb\\xf0k\\xb9u\\xfc@\\xbc!c\\xae/\\xa5\\xd5u\\x83\\xd0oz\\xb07\"\\x0b\\xb6\\xc0\\xe6\\xd7rp\\xbf\\x16\\x1b\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000t\\xa2\\xd3_\\xbb\\xe5\\x85\\x0b\\xb01~\\xbb_\\x1a\\x8e\\xd9\\xa6ag\\x83\\x027\\x93\\xde\\xb3\\xd6\\x11\\x8e\\xa9t\\x93\\x98\\x15^\\x8f\\x8f4\\x17\\x1f\\xa7\\xc7v\\x8f\\x06p\\x82\\x08\\xd9"
374.  
375.  
376. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xfa\\xf9\\xfa\\x079\\xfa'\\x9f\\xab'\\x7fz\\xab\\xc5\\xa7,\\x14v\\x11\\x96\\x80\\xd7\r\\xa3v\\xa1e\\xf0\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
377.  
378.  
379. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xa9e\\xc9\\xec|\\xaf\\xaa\\xcf\\xdf\\xf9\\x9d4\\x12\\xf1o\\x81\\xc3\\xa4\\xc1\\x14 q\\x08k\\xe3\\x9b*\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
380.  
381.  
382. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|*zm\\x01\\xe0\\x14\\xc3'\\xae\\x10\\x91\\x98\\xe6i\\xc99\\x9az\\xd7\\xa7\\xae|\\xf0p\\xa6h\\x8a\\xda\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
383.  
384.  
385. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xd7\\x8c\\x01\\xa7\\x7f\\xcd\\xb1\\xe3\\x96\\xeaxe\\xc8\\xa9\\xf09c\\xb3l\\xd1,\\xdc\\xffn\\xdd\\x8f^\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
386.  
387.  
388. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xba\\x8f\\xe6\\xc2i\\x00\\xbd\\xc3\\x04\\xfd=\\x98\\xdc\\x88\\x8a\\x83\\x91\\xef\\xf2\\x8fe\\xbe\\xeb\\xd5\\xf7/25\\x80\\x0b\\xf0\\xa6#9c\\x17\\xab\\xd5\\x8b\\x8a\\x84\\xee0\\xfags\\xccq*>\\x1f\\xe7\\x86\\x03i\\x18z\\x17pe\\xbb\\x97\\x0f\\x84n\\xcc\\x00t/\\xcdn\\xece\"\\xf9\\xf7k\\xb5\\xdb\\xca|g\n\\xdfu\\xb0f\\xc6\\xec@\\x1cu,\\xd0r\\xc9<\\xda\\xe9\\xa0x?\\x87\\xc9\\x84z\\x00\\x05j\\x8b\\xeb\\xb2\\x16\\xa7\\x1e\\xdd\\x96\\xd0\\x13%\\xd0.\\xec\\x05\\xc8\\xab\\x93\\x86\\xe7\\x1c\\xa4\\xf09;\\x94\\x9f(h\\xe3\\xe7\\xd4\\x9cu\\xear0%\\x93l\\x9eye\\xf1\\xdc\\x98\\x8a\\xe8\\xb7\\x8b\\xa5u\\xd0h\\xf9o\\xf6:5\\x01\\xbf\\x98o\\x7f2\\xca\n\\\\x12\\xddo\\xf1\\x9d\\x05\\xca\\xa2\\x04\\x94`t\\\\xca\\xb1\\xb6sp\t\\xae\\xba\\x129\\xfd\\xa3x6e\\x1a\\xef\"@\\x82td\\xd4y\\x05*\\xcf7+3\r\\xc1\\x0bf\\xe1\\xc4v@\\x92\\xed\\xc0\\xe9\\xd7\\x84\\x0e\\x89\\x86.%\\x9c)f=\\xdb\\x04\\xf2"
389.  
390.  
391. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04%\\xf5\\x99\\xd8k\\xf3\\xa5g\\xce\\xe4\\xdb\\xbd\\xcc05\\xa97\\xcc#\\x92\\xf9@\\xbc\\xec\\xa4v\\x83!\\xd3iad\\xf9\\xd3\\x17\\x02`\\x9ci\\xd27\\xe8j\\x18\\xe3\\x80nd`\\x82q+;\\x18\\xad\\xad1\\x01a\\xbb\\xe7x\\x93\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x80*\\x12\\xe0z\\xecjk\\xf25;\\xfdp\\x14\\xf4|n\\x04\\xe8r\\x1b'\\xac\\x9f<\\xf3\\x08t\\xa7\\xa95\\xf5\\x06\\x87\\xa1\\xce\\x13v\\x84i\\x07\\x1f\\x1e(\\xbaku:"
392.  
393.  
394. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xb6\\x19\"\\xd4ex\\xaf\\xa2\\xd8\\x19\\x93c\\x02\\xf0\\xd0\\xa8\\x86\n\\xc8\\xeb\\xbe\\x01\\x0es\\xad\\x84vd\\x99\\x9a\\xb8\\xb4y2\\xfal\\x8ex7\\x0b'\\xe3\\x86\\xc6\\xd3=\\x13w\\xbe\\:=\\xc9\\xd7\\x8d\\xbb\\xdb\\x864p\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000:b<\\xd2\\xd2\\x1ae\r\\xf5kn\\x98\\x1e\\xbe\\xc7\\xe0\\xd2\\xa9^\\x06\\x0e\\x9e\\xd0\\x87\\xf6\\x0e\\x92vo*q\\xf0jc\\x1e\\x16?\\x9d\\x81\\xc1\\x97d\\x931\\xbd\\xd2\\xe5"
395.  
396.  
397. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xfb\\xf6\\xd3\\xb1\\x80)\\xb1t\\x14u\\xed\\xb1y+\\xe1\\xb1\\xc2\\xf6*,\\x19\\x1d\\xd0\\xd7\\xe4\\xa8\\xfan\\x9cjh\\x126\\x122>k\\x11\\xa3d\\x8cd&t\\xc5\\xe6-b\\x06\\xb5_\\xd3x?\\xbdj\\xb4\\x16j%\\x84)\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\n\\x8d\\xfc\\xed\\xcd\\xfdh\\xe6b\\xa7qg\\xb9\\xa9y!\\x9e\\x1fr\\xe9>q\\xe8\\x9b(i\\xa2\\xbf\\xabr;^e\\x11\\xeb\\x9c\\xed\\x19\\xe0rn\\xdb\\x1dj\\x07)\\xe0\\xfe"
398.  
399.  
400. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xc1o\\x03\\x92\\x0b\n\\x98\\xc9k\\x173+\\xb5n\\xbb7.\\x1f:y\\x0f%\\x89\\xdd$\\xbe\\x00\\xb5|\\x0b5\\xee\\x94_\\xeb\\xd5\\xbdn0\\xc3'\\xabx8\\xd7\\xe0\\x1bmb\\xd2t\\xba\\xed\\xed\\xc0\\xa1\\x97\\x04\\x8e0\\xd7\\xdc\\xbaj\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000#\\x9f\\xfb\\xb9\\x8b\\x04wnxi\\xdc\\xa1\\x0b\\x06\\x99wj\\x7f\\x04\\x7f*?\\xc6\\x19\\x14j\\xb3\\xcb\\xb8\\xb79\\xeez\\xf3\\xa41\\x01p\\xceau*4\\xb4\\xba$"
401.  
402.  
403. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xb3\\xa8\\xe6e\\xc0`\\x9e\\x9b\\x01\\xf6v(\\xa7r#\\x1a\\x9f\\x15\\x82k\\x16\\xd9&\\xc34\\xc7\\x13q\\xb3\\%\\x1d\\xfbkw\\xf9\\xc5qk\\xa8\\xfdm\\xfe\\x1fn\\x97\\xff\\xd5k\\xdfu\\xfdt\\x8cdbg\\xc4g\\xbe\\x13\\xca\\xcf\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000l*\\x1c\\xfa,\\xe2\\xcf\\x17\\x0e\\xfej\\xf6\\xc2\\xb6b\\xbf\nc\\xc4\\x96\\xdec2r\\xafeg\\xae\\x1fp\\xc4ef\\xbc\\xa8\\xe6\\xca4n7v\\xb5\\xb8\\xa9nf"
404.  
405.  
406. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xa3\\xcb\\xb7\\xa4\\xec\\xfe\\xc3\\xad\\x8e\\xfc%\\x0b\\x83;\\xf6acx\\xbd\\x81\\x94\\x0fx\\xe5z\\x9e\\xc1\\x81\\x1c#8\\x91\\xaf\\xfb\\xf3\\x9b\\xec\\x14\\x97\\xed\\xe3\\xff\\xfd\\x85i\\xa8\\x9a\\x88t\\xfd\\x8b\\xdb k4yjkh\\xfcqh\\xdb \\x02\\x9e?\\x8b\\xdc\\xc4\\xd5b$\\xa2\\x8ae\\x1a-\\xd1('\\xc0\\xf6;\\x9a\\xa02v\\xbem\\xda\\x1f'\\xe0\\x00\\x0b\\xa9\\xea1d+\\x0f\\x835~\\x9d\\x8d\\xde\\xa5kp\\x0fl)0\\xbe*\\x97\\xa2\\xf4d\\x81\\xcb\\xa60\\xdc\\x02\\x9d\\xb9\\xdf\\xb8\r-\\xea\\xc0\\xb9\\x99'\\\\x1dgi\\xcf\\x1f\\x9bb\\xbb*\\xf1\\xf4\\xbc\\x02<\\xe3\\xb6\\xa2?\\xde~\\x06\t\\xa4\\xc5y\\x89&\\xb4\\x99'xr\\x01b\\x91r\\x96\\xa6\\xdax\\xba'\\x83\\xb2x\\x85\\x16\\xfaf;\\x0bc\\x9f\\xb2\\x12ug\\xfe\\xd9\\xd1\\x99\\x06!\\x8c\\xa7\\x8d@nk8\\x131q\\xe9\\xda\\x073e\\x07\\xc5\\xf8\\x10k'\\xbc\\\\x8afbw\t\\xd2x\\xe2rhls+\\x81\\xc1\\xdd\\x17t'\t\\xf6\\xa6\\xc8"
407.  
408.  
409. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x873\\xe9\\x07\\x90n\\xa8\\x8b\\xe4<\\x18j\\x11\\xbf\\x8e\\x0050\\x19\\xca\\xa0\\x9cd\\xd5\\xcf\\xe4q\\x0cfdw\\xfbr\\xb8\\x87=\\xef\\xa3\\xd1`\\x1f\\x93\\x0c\\x9f\\x05u<\\xf9j\\x89\\xee\\x02\\xef\\z\\xd0\\xb0\t\\xf6\\xd7\\xa5\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xc4hay\\xc9\t\\xc5\\x9e\\xbd\\xbc\\x94o~\\xa1\\x88e\"\\xd2\\x131m\\xc9\\xb8y\\xd2\\xd8$5\\\\\\x1a\\xefr\\xd9\\xd7\\\\xa0c|\\x120\\x03\\xae\\x07\\xb7\\xcf\\xb0\\xe0"
410.  
411.  
412. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xa7\\x11\n\\xc0\\xe9\\x89b\\xb2\\x11\\xd9\\x8d\\xe8\\xe9\\xe4\\xc4\\xc1\\xc7\\xb9\\xa4\\x14\\x8d\\x08\\xf9\\xc4\\x99\\xae\\xa7\\x03\\xc4(a\\xe4\\x03\\x1b\\xa5s\\xef\\xb7\\xa2\\xe6\\x88\\x84\\xac\\xd6\\xc8\\xeb\\x87\\xf9\\xda\\x91\\xdf\\x1d\\x7f\\x1c!a\\xd5\\xea\\xba\"v\\xb6\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xa3p\\xf4r\\xd0s\\x8f\\xa0\\x99r\\x11\\xccd!\\xc5s\\xfb\\xe5\\x9e\\xb1\\\\xa8m\\xf1xh\\xe1i\\xb2\\xde\\xf0\\xdb\\x92\r\\xe2\\xec\\x92km\\x9b(\\xa7\\xa7\\xdd\\xd8c"
413.  
414.  
415. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xd7\\xc7cp\\xf7\\x08\\xf4\\xccw\\xac\\xdb\\xbd|9k\\xac\\xdd\\xd7\\xc5\\xa0\\xaf\\x8fv\\xc8\\xcc\\xe6k\\xe8\\x95\n\\xd8\\xe8\\xcc\\xa4\\x8df\t\\x82\\x03td\\xc8i\\xe7\\xec\\xc1\n\\x18\\x08\\xf2\\xdd\\xc8\\x02\\xb9\\x1ff\\xe6~\\xd4e\\x00\\xe51\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x1eu\\xb2`q#\\xc2\\x98\\xaa2\\xadx\\x81\\xa4\\x10a0:cr\\xec\\xdea\\xee9u:\\xfd\\x19l\\xe0\\xa7\\xa8\\x0f\\l\\x0c\\x94\\xd1\\xfa\\x80\\x04t\\xdb\\xc1n#"
416.  
417.  
418. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04!\\x9d\\x88h\\x12s\\x84l\\xd1l\\xf0l\\x9a:\\x85\\xeb\\xdc58\\x94\\xb6l\\xecpyz\\xf8\\xaf\\xfaixq\\xa7\\xc2\t\\xa4\\x14_t\\xef\\xcf\\x9a\\xfc\\xdf3\\x8c\\x8eazn\\x16-/p\\x95\\x17\\xff\\x1ei\\xdf\\x0f!\\xfda\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xa2\t\\xc2\\xc9=\\x00o\\x1a\\xaa\\xady\\x85\\xc7z\\xc9\\xe5\\xd9j\\xfc\\xd4\\xa3\\xd1\\x05\\xe3\\xe4\\x91fx'\\x0bp\\x12\\r\\x93\\xfc\\x14\\xdf^\\x9ev\\xff\\x1a\\x83h\\xb3\\x0f\t"
419.  
420.  
421. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04f\\xec\\x98\\xb1_\\xed\\xf8\\xecs\\x15v\\x95 l\\xb5\n20i\\xb7\n\\x8b\\xa1\\xba\\x7f\\xc6m\\x0c\\xfc\\x8a\\x022\\x83pn\\xfe~\\x95\\xd2\\xac'\\xe1u\\x01\\xa7q@\\x9b\\xce\\xa2t\\xa3\\xf7\\x81\\xba\\xd2\\xf5n\\xb0\\xf5\\x0e\\xe6\\x97\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xe9\\x89\\xd4vk\r\\xfe$\\x1e\\x11\\x8c\\x8d9\\xe1\\x18\\x01e\\xbd\\xc8\\xc4s\\xfe5\\x80\\xbby\\xefq\\x8f\\xf2j\\xf6f\\xe7\\xb6\\xb5\\x975\\x9b\\xadf\\\\x91\\xb3m/x"
422.  
423.  
424. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xf1hu^\\xe1q\\x1af\\xc8=\n\\xd1o\\xe0\\xe0\\xd0fn\\xe4\\x8d\\xb5\\xee\\x05\\x8e\\xf0\\xb1\\xf8\\x9e\\xc1m\\x06\\x12a\\x81\\x1f\\x9a\\x02\\xb6\\x89\\xbc\\xca\\xf5c\\xd5\\x0c\\x0e\\xef\\xb3\\xf4\\xcd\\x86\\x90\\xf2\\xcc\\xaby<\\x81\\xe9\\xeb@e\\xf1\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x8c\\xd0\\x89\\xb7\\xb8p\\xfbm\\x9d\\x02y_\\x8c\\x87<\\xcf\\xf9\\xfc\\x10m\\xedlq\\x96 sk?\\xe8\\xed\\xae\\xb7\\xd7d\\xbaj\\xd3\\xde\\x17\\x1d\\x863q%\\xaag\\\\xe7"
425.  
426.  
427. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x8b`\\x11\\xd4\\x9d\"\\xed\\x11l\\x82\\xf3\\x99\\xc2i\\xacc\\xc9\\x97\\xa7\"\\x92\\xd7\\xf0zd\rm\\xeeb)\\xbc>\\x02r\\xac:l\\x97\\x1b\\x14\\xa5x\\xc4\\xe7\\x94c\\x9feh\\xea\\xe6!^\\xc2\\x848\\xca\\xa8\\x98\\xde$\\x08!\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\"\\xb8?d\\x00\\x0f\\x81$1d\\xbc\\x9d\\x82x\\x9e\\xb1|\\xa7\\xc9*#v\\xbf\\xa8y\\xb4\\x89xj\\xe81oycrq\\x95\\xd5\\xbdsb\\x10\\xf8\\x8fr\\xc4\\x8c"
428.  
429.  
430. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb3\\xee/\\xd1\\xc4\\xe1\\x84\\xd3\\xd5gj\\x86\\x99m\\x03i_3\\x83<\\x12e\\xf8\\xe84c<\\x02\\xce\\x1c\\xc3g\\xcd\\xfajr\\xe1\\xad\\x91on\\x8dw\\xb5\\x8a\\xc6,\\xb4\\xe3\\x8f\\xd7\\x92;\\xbax!\\xc3k\\xbd\\xd8w9l\\x93\\x0e\\xf3\\xafwx\\x8f\\x84'\\xa0\\x1a<d\\xb9\\xac-\\x0c\\x94@\\xc47\\x1a\\xcb\\xe3h\\x9e\\xc6\\xe19\\x10\\xc3\\xd8\\xcd\\x96\\xd7\\x05\\x83m\\xbc_3wz\\xb5\\x07\\xba\\x1f\\x9bw\\xe1~d\\xd0\\xe6\\x13g\\xf8\\xe0\\xab\\xeb1\\xb8\n\\x9e\\xa3;\\xd6w\\xf4h\\xf8\\x96\\x8b\\x1a\\x18\\xcab\\xf3\"\\xb8\\xa4:\\x1a\\xa2\\x87\\xa4\\xc4\\x81%\\x88\\xff\\xf1v\\xc7\\x9fm\\x10\\x11\\xdex`0\\x9e\\xb45\\xc7\\x98p\\x10`$qh\\x8c\\x1e\\xf3\\xd1\\xfd\\xf5\\xca\\x8b\\xbc:\\xdb\\xbd\\xd1a\\x01\\x88\\xee\\xd2r\\xd6w&~\\x98\\xe1\\xd6\\xef|\\xfd\\x96\\x1d\\xba\\xfcs9\\x97s#m,k\"+f\\xbczp\\x1f7\t\\xc6e\\xd4l\\xb6\\xd8\\xc9o\\xe9w>\\xf8\\xf9\\xad\\xfe\\xd6:\\xc0 \\xab"
431.  
432.  
433. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04sme)0\\xff\\xdc\\xfbp\\xd7/\\xb5\\x81\\x0f\\x06\\x84q\\x03\\xac\\x00\\x9d\\xf5\\x9e\\xd2t\\x04?\\xff\\xca\\x80\\xf5\\x19<\"\\xa3\\xa8\\xf1\\xe4y_\nv\\x05\\x8f\\xb2\\xa0\\xd4\\xca\\xc6\\xb2#\\\\xef\\xf6\\xc62t\\x8eo\\xcfl\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000y\\xe4\\x07\\x10\\xdd\\x89b\\x8a \\xc4!\\x03\r\r\\x0b6l\\xccb\\x0fb\\x19\\x12j\\xfa`.u4dg\\xdcr\\x8d\\xe5\\xa2\\xa4\\xdbi\\xd4e\\x96\\xe9a\\xcd\\xfd\\xd6c"
434.  
435.  
436. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xe9\\xd8\\x9d\\x00\\xdep\\xfb\\x81\\xf0\\x93\\xc0\\xe1a\\x84\\xb5z\\xd1\\xfed\\xba1lk\\x90u\\x1f\\xaf_k\\x81fp>jd\\x1e\\xc8`g6\\x16\\xbe\\x9a\\x0b\\x9ce~\\xb6\\xf0f\\x83`\\xc7\\x08\\xb8\\x85\\x92'\\xf5\\xb9\\xcf\\xb9\\x93\\x0c\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000-g\\x17\\xaex\\xdeg\\xff^g\\x1d\\xff\\xa4\\xaew\\xca\\xb7\\xd6-\\xc7'\n\\xe5\\xfb\\xcc\\xe0u)\\xe4n\\x8c\\x10b\\x130\\xf1\\xb6\\x9b\\x13\\x02\\xf5\\xf20\\x8c\\x82x\\xab6"
437.  
438.  
439. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\z\\xd5\\xbe\\x81\\x95\\xe2\\xb4\\x8d\\x07\\xd4u\\xf3\\x97\\xeee\\x17a$z&\\xef\\xdd\\x06ip\\x95\\x832w\\x83d\\x0fq\\xe9\\x8d\\x8f\\xdb\\x0cq\\xfc\\xf7\\xdf\\xb6\\x99f\\x81f\\x96mt*c\\xae\\x8d\\xf0\\xe0\\xffj\\xfc\\x9c\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000k\\x8a\\x0fjok)\\xb7h1\\xa7.\\xe8\"p\\xb6\\x11r\\xbd-\\x99\\x82t\\x1a\\xa9\\xea\\xdb\\xdf\\x91\\x08\\xfe\\xec\\x89jpi\\x02\\xb0\\xed3l\\xe4\\xe9:%w\\xb8x"
440.  
441.  
442. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\"\\xaf)\\xedgy\\x0b\\xc8\\x9d\\xfe\\x02\\xd2sp\\xcd=i)9o9\\xb4\\xfb\\x81\\x03\\xebs\\x90\\xbd\t\\xd61`\\xa4\\xe9\\x84\\x95v\\xe6wc\\xe3-\\x97\\xe7.\\x9c3\\xc2\\xd1\\xe1x\\xf6t\\x85m\\xd8\\xc2\\x1cg\\x1d\\x056\\x8d\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xe7\\xe9\\x13`\\xcc\\xbc\\x1a\\xf4\t\\x8a\\x0ex\\x10r\\xb2\\x1d(\\xf7|\\x85\\xd549\\x1c\\xdd5\\x13$\\x92oi\\xcb\\x8c\\xea\\x19n\\x95@~\\xc6\\xc2\\xcage(\\x90!"
443.  
444.  
445. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x9a\\xe9zr\\xcd\\x18\\xeae\\xbbn\\x94sf\\xe9\\xaei\\xe0\\xdb\\x19mf\\x0e5\\xbd\\xf5\\x88s\\x04\\xbca:\\xf1\t$\\xea\\x96!\\\\x14\\x19rkk\\xc5\\xb5o'\\xc0\\x03t \nd\\xbc\\xa6\\x17\\xa5\\x1f;\\xa3\\xbcz\r\\x19 ?fg\\xfe \\x03\\x02\\xf8\\xa2\t\\x86\\xbe8v\\x81j\\x88\\xa1a$\\x02:1c7p\\xda\\xfd\\xfb\\xb6jz?\\xd9\\xe1\\x1f\\x94\\xb9\\xb0q\\xa0uy\\|\\x04n\\xe6\\xd7=\\x1a_l\\xb56\\xcd\\x9f\\xc5\\xf4\\x1b\\xbd\\xcf\\xf9_\\xa3i\\xf4\\xe9\\xfal\\xbe\\xd1\\xa6\\xd5\\x94n\\xc3s?bto\\x13\\xb9\\xcag\\x0b3\\x10\\x0c\\x92du^j\\xf1\\x88^\\x12<\\x82lp\\xf2\\xef\\x8d\\xa3\\x90\\x14m\\x9e\\xe2|<o\\x1d\\xb8\\x91*\\x1ch\\x1a\\xd3\\xdd\\xdd~\\xcd\\x12\\xf9\\x97\\xfd\\xfc,\\x8c\\x9a\\xff\\xab\\x1cq1\\x8f\\xaa\\xc7\rq\\x14j\\x7f\\xb2\\xa5\\xb2\"\\xc2\\xf4\\x8d\\xd0\\x8d\\xc2a\\xb8\\xb8c|\\xfa4~\\xea?(\\xdb4o\\x9dy\\xf6\\xee\\x16\\xb3\\xce\\x06"
446.  
447.  
448. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04<q)?8\\xd5o\\x04gm\\xaf\\xac\\x0c#\\xa9\\xe5\\x00\\xf9<\\xff\\xcb\\x8ee`\\xb5\\x04kqd\\xc5\\x0b%l\\xaa\\xb5c\\xbf\\x05\\xc5du\\xd1y9\\x0fp\\xd9=\\x8f\\x03\\xb0\\xdcm\\x1fw\\xc7\\xc8g\\xc0\\xda\\x85\\xab\\x1a\\x0b\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xf9m\\xd8a_\\x1a\\xf7x\\xffs\\x14(\\xd1u\\x98\\xcf>\\x13\\xde\\xa5\\xa0\\x00\\xe3$\\xf75\\x8dwh\\xbf\r\\xd4\\xe6w\\xca<ii\\xcfz%\t\\xba\\xadf\\x05\\xf6"
449.  
450.  
451. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xb5x;n1\\xceyh\\xece\\xfb6y\\x9a\\xba\n\\xdd+\\x14\\xdc\\x13\\xf0\\x03\\xf1cp\\xf4\n\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
452.  
453.  
454. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|^\\xe0\\x15\\xf1s\\x15\\xd5|o\\xbaj\\xb3\\xa2\\xf4\\xecg\\x12\\x04\\xe91\\x16l<n.\\x01\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
455.  
456.  
457. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|8\\x87\\xff|gu\\xcb\\x06\\xa8\\xa4\\x80\r\\x18\"\\x8b\\x1b7vhzk8r\\x15\\x9d\\x15\\xefu\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
458.  
459.  
460. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xc0\\x03o\\xaf\\x88;p\\x1c\\x88\\xd9~\\xaf7'\\x00e\\x04\\xf0)\\xce_e\\x9c\\xc3\\xfe\\x1ab\\xc2\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
461.  
462.  
463. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb72\\xcbx\\x8em\\xd3\\xbca)\\xca\\xe5\\x89>\\xb4\\xa8mg1\\xb2$\\xdc\\xae\\xc2$\\xc2\\xa3\\x05\\xf9\\xffc\\x81\\xea=\\xdf\\xeb\\xe6<z\\xc0\\xf3s\\x87\\x1b\\xe8\\xdb9\\xea\\xe4\\xb5\\x97\\x8e\\x8b\\xc6\\x19ml\\x190\\xd5z\\x88\\x1a\\xbfe\\x1f\\xa0\\xec\\xa9o\\xb6\\x97\\xdd\\x9e)\\xe4\\x9c\\xdca\\xe8\\x03<\\xf7\\x08:\\xdfz\\x89j\\xcb\\xa1\\xaf\\x9f\\\\x95\\x8e\\xf3\\xc3\\xac\\xe0e\\xeal\\xe8\\x7fk\\x04k_\\xc5\\xf3p\\xb6\\xe2\\x94\\xa7\\x85\\xca\\xab;\\xeao\\x8d\\xe1\\x13\\xcd\\xfca\\x92\\x82\\xb4\\x9c\\xf9;\\xf4\\x89\\xf2\\xb0c\\xac\\xee\\x18\\x01\\xfe\\xc3\\x80\\x03s\\xa2\\x9f\\x19i\\x99j\\xc7\\x07\\x92-6\\xf3\\xacu\\xe0\\xd7r\\x98\\xcb\\xc4\\x7f\\xf6\\xf9\\x01\\x16\\x99\\xcf\\xbd\\x0ckr\\x1bv\\xab\\xecs\\xd7\\xc4\\xa2z>n\\\\xdf\n\\xd9\\xdb\\xe3\\x07?n\\x12\\x1b>'\\x11\\xbc\r\\xe2\\x13\\x85\\x92\\xeb\\xc8x\\x93h5olk\\xdf@\\x11\\xf2\\x9e\\x0b\\xde\\x9cj\\xf9t\\x86p.\\x9b\\xab\\xee\\x1cgn\\xed\\xf9\\x1a\\x7f\\x82\\xf3"
464.  
465.  
466. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010#e\\x9e4\\xb1\\xfe@\\x1azw\\x99\\x85\\xd1\\xb8s\\xcb\\xc1\\xf5!\\x96\\x8c/\\x14.\\x97\\xc5n\\xf8\\xca\\x9f\\x03lo8\\x1a\\xe9q\\x86\\xa0v\\x056a\\xa8\\xe8\\xa7\\xd9\\x93r\\xaeuu.\\x0fk_\\xcd\\x11\\x0efg\\x9e+\\xfd\\xad\\xf6\\xa7x\\xa0'\\xe4\\x12\\xc6\\xb1\\xac\\x9c\\xb1\\x82\\x80\\xd1j\\xed\tt\"\\x9eel\\xe3r#$`\\xdeq=\\xe1\\xff\\xed\\xb4\\xccw\\x8c\\xdf\\xe6\\xb5\\xb5pi\\xdd\\x0e\\xe5\\xc8\\\\x16\\xc8\\xcb\\x97\\xe12\\xd2\\x14\\x17\\xfa\\x81\\x8fi>:?a\\xb3\\x81g\\x81\\xe5w\\x0e,\\x16\\xae#\\x9f\\xc7\\xca\\xfe\\xe6\\xbb3\\x05\\xe7\\xebi\\xd6\"\\x1d$\\x91\\x91.\\xde\\x9ac\\x81\\xaf\\xfd>7\\x821\\xca\\xc8*`\\x90n\\xd4\\x91\\xd9\\xbb\\x9d\\x93\\x028\\xd9o\\x96\\xc25i\\xb8\\x92\\xc0\\x84\\xed\\xadr\\xe7\\xa0\\x87i\\xd0\\x15\\xbcn\\xc1u\\xabg:\\x90\\xf3u8j\\x86\"\\xf8\\x99g\\xad\\xd3z<\\xcebdf\\xba\\xef%\\x83m\\x97\\x99\\x18\\xafu\\x18\\x902\\xb8\n\\x07\\xef\\xbd\\xe7\\x87"
467.  
468.  
469. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xe9\\xc8b\\xe5\\xb0):\\x00\\xbe\\xe0\\x0bq\\xd9\\x8b\\xf3\\x91\\xfc\\x1d\\x88\\\\x82\\x9a\\xcd\\xbb\\xe2v\\xc9:\\x8fw#\\xbd\\xe3joe\\xd5\\xe7\\xde\\xcc\\x92\\x1d\\xe6\\xbc\\xc4\\x91\\xb1\\xb8\\x9a\\xac_\\x04\\x06~ay)\\x07\\xbb>\\xc3\\xbf\\xa3n\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000u\\xcb-o4:\\x90\\xa3\\x18\\xf5<lg\nr\\xaeg\\x9fd\\x95\\x14\\xb8l\\xf0\\xa0fza\\xf8\nj\\x91\\x89\\xf7dm,\\xe7pp\\xce\\x91r\\x8b\\xc9\\x1a\\xa99"
470.  
471.  
472. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xc6\\xcb2\\x15\\x9c\\xfa\\xbb\\xba\\x86u\\xa0\\xee\\x1ax\\xe6\\x1a\\xb3\\x19\\xb8x\\x88v\\xed=\\xcc\\xea\\xd5\\xaf\\xffh\\x85\\xb4\\xae1dk\\xf3,\\xb6v\\x97c\\xa6\\xeat\\x17\\xcb\\xf2:\\xa5\\xf3?\\x12:\\x81wm\\xc7gx\\xdc\\xeb\\xa4\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x007\\x8f\\x8c\\xc6\\xdbx(\\x8c91>\\x9b\\x83(\\x89;;?0\\xcd\\xcc\"\\xd0\\x8f\\xc7\\xd3#\\xf0\\xbbm\\xf7\\xcdw\\xffd1ji\\xab\\x03\\x81\\x9f\\xd4\\xc1\\xd9"
473.  
474.  
475. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010r\\x06\\x10\\xf6s\\xc2\\xf2t|\\xad\\x10;~\\x98a\\xf9\\xb4s\\x84\\x91\\xee\\x01?\\x01\\x043m\\xb7\n\\xc8\\x94\\xc0\\xc6\\x94\\xdb\\x87\\xf6;i\\x18\\xfbr\\x0e\\x06\\x02\\xf2i\\xd7\\xfe\\xb3\\x93\\xa3s\\xe4n\\x1ezr\\x7fp\\xe8\\x85v\\x0c\\x01z\\x04\\xc8p\\x03\\x11\\x10\\xcf\\xe3\\x03\\x8f1\\x12\\x1d\\xbd\\xa5\\xd6\\xa1k\\xe9\\xc6i\\x85\\xc8\\xaebc\\xfb\\xdatp\\xd9\\xe7\\x98\\xb7\\x88o\\x03\\xe4\\x1d\\\"\\x04\\x1e\\xddb>\\x93>\\x7f\\xae\\x8e\\x19\\xfe\\xec\\xf3\\x00%\\xd0^v\\xb7\\xd3\\xe9\\xc3\\xea\\xe4\\xf4\\xaei\\xe3\\xb4bm\\xe8\\xc5\\x1d\\x9a\\x91\\xef\\xafc/b\\xd2\\x0f\\xf4m=8\\xf1<\\xe3\\x07\\x8f3\\x17\\xed\tt\\xd9\\xdf0\\xb7d:\\x956\\x0f\\xd9\\xac\\xc6\\x82\\x9b\r3\\x8f\\xd1@y\\xcela\\x80a\\xe5\\xc9\\xf3\\x13\\xf2\rm.s\\/\\xcc\\xa7\\xd0a%\\xad\\x04r\\x0e\\x07\\xd6\\xa3\\xeeb\\xd6\\xe3\\x9a\\xef\\x8e\\xc4\\xcf\\x07\\x91\\xcd\\x93^\\xbcno\\xcd\\xf5,\t)~j\\x01\\xf5\\xfa\\xb9\\x1c~c\\xff\\x1a\\x18\\xe2"
476.  
477.  
478. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04al\\xa6\\x1e$vk\\xe4-\\xfc\\xf4\\x85\\x0b\\xf8_iww\\x11.\\xd2=\\xcb)+\\x89w\\xc5\\x07\\x82\\xc0\\\\x95\\xa2\\x062\\xe4t\\x98\\xdauq&k\\xc4\\x102l\\x1c\\xc7 p\\x9dvs\\x99\\xa6_y\\xdc*#.\\xf2\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x91\\x16`\\xd65+\\xecu;\\xa1\\x97\\xf3x\\x8d\\xa3x\\xea\\x83\\xd0\\xce\\xb0\\xc2ic\\x12\\x10\\xf4/\\xee\\xec\\xfb\\xda\\x94\\x1f\\x95\\xc6\\xe3+\\xf6\\xac4\\xf2o\\xf5#\\xd2\\xf0"
479.  
480.  
481. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x99\\xf7\\x1d,\\x00pc#yu\\xdbj%\\xf9\\x08\\x03\\x0ba\\xb2k\\xd4\\xb4w\\x8e\\xc5\\xc9p\\x99!\\xdd\\xf1\\xc0a\\xe0\\x13ts#\\x1a\\x85a%\\x8a7n\t\\xde\\xf6\\xaac\\x92\\xe0\\xb1\\x96,\\xc2\\x1bfhn\\xd6\\xe1\\\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xd2\\x01\\x17\\x82$\\xcc\\xeeh\\xb4ln\\x14pp\\xcd\\xee\\xe2\\xf9\\xf9n\\xd5\\xcd\\x94^\\xd9\\xbck\\xe5\\xa6\\xa7\\x86#:fs\\xd0\\x9e\\xfe\\x86\\x9er\\x96\\xb3kh\\x92#"
482.  
483.  
484. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04vos#\\xdf:\\xeb\\xb14\\x04\rx\\xf5\\xb3v\\xb6\\xcd*\\xcd9ph\\xba\\xdd\\xb5\\xb5\\xb3\\x92\\x88\\xad\\xbb>4quj+\\xd4\n\\xa5|\\xb1f\\xf4+\\xb9\\xf1j\\xb7\\x17\\xc9,os\\x08\\x9c\\xf66x\\x9az\\x9a\\x05\\xcf\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000#\\xab\\xe2\\xc8e5\\x1c\\x9f\\xd8\\xf0\\x8fb\\xc9\\xb2\\x1d\\xb5ap\\xb3\\x85\\xd5?\\xf4\\xf4\\x15nd\\x98d\\xefw\\xe4\\x0f\\xe5\\xca\\xcc\\x7f\\x95\"\\xc3\\x0f\\x04e|\\xfe:p:"
485.  
486.  
487. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04p\\xcbj\\xfe\\xc7\\xc7\\xf5,\\xd1p\\x8d\\xe0\\x9f\\xda\\x16vv\\xea%\\xe5\\xdei\\x0e\\xd9\\xb9\\xf1ccz\\x11\\xa1\\xd8\\xcd\\x97|\\x04\\xb7>v\\xd9vh\\xc4\\xd8\\x81n\\xa0\\xf7\\x08\r\\xce\\xcf\\x91\\xd4\\x85\\xd9\\xbc\\xden\\x1a|\\x99\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xa7\\xd9\\x1b\\xb3p\\xf6\\xd9\\xa0\\xd1\\xfbl\\xbd\\xe7\\xda\\xfeu&2\\x9d\\x13=68\\xffn\\xe1\\xb2\\x11\\xf5^7\\xe7\\xcbh\\xa5\\xe3\\xb1a\\xe7\\xe1!)\\xbf\\xbe\\x1fz\\xef\\xde"
488.  
489.  
490. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010w1\\xb1\\x18\\x06\\x86\\xbcxc\\x0c\\x0b\\xc4\\xa5\\xf3u\\xc1c\rrus\\x01\\x9b\\xf1v\\xc0a\\xd8ay\\xb5v\\xd0\\xa2\\xdd\\xf2\\x85\\xf0l\\xb1\\xb3\\x9d+\\xaf\\xba\\x04x68\\xfcp\\xa5\\xbe\\xc1a>8\\xe7\\xf5\\x1b\\xed\\x89\t,o65\\x8c\\x8ev\\xbfz\\xd7\\x9e?4b+`p\\x97@w\\x94\\x9czw\\x14\"++\\x9cxpv>l\\xa9\\xcc\\xf9\\xe54\\x9b\\xfd\\x07lw\\xa4\\x11>\\xeb\\xa5\\xe2j&\\x1c\\x8f\\xfb\\xbd\\x98.\\xd8\\x8b\\xc5\\xc6r\\x96\\xad\\xea01q\\x86\\x87c6\\xce\\x87\\x81\\x19=\\x15\\x16\\x1e\\x1d\\xb4\\x90\\xdd\\x0b^=\"\\xeen0\\x92\\xd3\\xdc\\x88xg\\xfe\\xdaq\\xeat\\x14\\x94\\xcd\\xe0\\x19\\xe5\\xb6\\x80|\\xc2\\xf2 \\xabw\\x089\\xe9\r\\x0b\\xeen\\x1e\\xf9\\xf9\\xcf\\xa5\\xaej\\xe8\\xe1)\\xd2\\xd4\\x8ci\\xec\\xa1>sa\\x94tt\\x1c\\xfb\\xe2\\x9ey\\xfe\\x89\\xb5\\xb5t-\\xda\\xa5\\x15\\xd2b\r\\xb7\\xbb\\x97\\x10\\xc7\\xa6j)|j\\xe46\\xa2f\\xb7\\xb1\\xc4t\\xc7\\x97\\xfe\\xc2"
491.  
492.  
493. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x0105\\xa4\\xc4\\xab\\x0f\\xbf\\xb0:\\x8c9\\x9fg`jj\\xab\\x90g\\xb8'n\\xad\\xf6\\xa9\\xd4\\xa1\\xe2c\\xd4\\xf6\\xa0\\xad\\x1a\\xa4\\xaa\\xb2/\\xa2\\xd7r#\\xce\\x95\\x8d\\xecs\\xf4\\xbf\\xf97\\x972o\\xaa\\xd9\\xf0\\xa0\\x0c_'\\xad\\x83\\x95\\xfb\\xec\\x92\\xbc\\x93\\xcd\\x03\\xba4\\x82~\\x10\\xceq\\xd9u\\xb2l\\x7f\\xc0i\\x84\\x1d\\xa6*\\x80md\\x8figi-\\x05\\x99\\xdd\\xe6\\xf2\\:4\\xda\\xa5\\xb5dx\\x0b\\x9e\\x0f$\\xd7g\\xaa\\xc29\\x82jn\\xc9-\\xc4\\x8a\\xb8\\xd0\\xe0\\x1e\\x04\\x0e=\\x89\\xbc\\x87\\xb6\\xc1\\x90\\x97\\xa1\\x148yy\\xb7|\\x19\\x83d\\xfd\\x00|\\xbd9\\xce\t%\\xb3\\xf26\\xa45\\xben\\xe3@\\x90\\xffb\t?\\xf3\\xc6k\\x05\\xcb\\xb7\\xbe\\x87\\xbd\\xc3\\xb5\\xd3\\xf5>\\xab\\xad\\xa0\\xd1\\xee\\xa5o\\xdey\\xdf\\x02\\xef\\x0c\\xf9\\xec\\xd6\\xe6n\\x14\\xb8\\xed1\\xa2!\\xe2\\x0b\\x1e\\xf4\\xff\\xc8\\xb4\\xbc\\x94\\xc5\\xc3z\\xa6\\x01&zo\\xe7\\xcc\\xce\\x80\\xd8u\\xfbxo\\x12a\\x176h\\xdf\\xce\\xad%tn\\x84\\x9f"
494.  
495.  
496. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x046q\\x01\\x9e8\\xdb\\x80\\xd8\\x1fw\\xbd\\xd2rk\\xe4\\xef\\x10<p\\xa2q\\xba\\x8c\\x8b\\x80?\\xb9 \n\\x1f\\xcf\\x90\\xca\\xf4\\x06\\xcd\\xe8\\xc9\\xce4\\x86\\xb7\\x88\\xf8\\xc0t\\xd1f\\x94b\\xaf\\xafq\\x9bd:\\xeb\\xe4<\\xeb\\x94;/g\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x03\\xe7a\\x8b\\x945\\xc2\\xfe\\xe7\\x89\\x81\\x9f\\xcb>\\x06x\\xe4b:%\\xe5\\xdb\\xec\\x07\\xe7\\xf1%\\xd4\\x19\\xd7b\\xec\\xe5(\\x03\\xcb^$l\\xe9\\x88\\xfb\\xbe\\x9f\\xf0cw"
497.  
498.  
499. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb1\\xd7\\x8a\\x16/\\x81>$\\xf4\\xeb5\\x01d\\xba\\xc2\\x8d\\xd6\\x9b\\x94\\xd1\\x9do\\xd5\\xd3|\\x8e\\xe0k\\x1a\\x0f\\xba\\x93\\xb9\\xcdn\\xd9\\xee\\xc4.\\xe7|>\\x19\\xcb\\x8e3d/\\x91\\xae\\x00\\xe9\\xbce@\\xdd\\x1a|\\xda\\xe9/tc\\xd0\\x90\\xa12l\\xc7j\\x02dmt\\xb5i\\xb6\\x841f\\x04\\xec/\\xca\\xa2` \\xd6\\xad\\x08\\x87\\xfb\\xa1\\x82\\xff\\xaa\\x04\\xe7-\\xe8\\xa04\\x95\\x0f\\xea\\xf9\\xce\\xbfd\\xc8k\\xf9p\\xf8~5\\x12\\xd1\\xe3\\x1a\\xa8\\xbf\\xfe@\\x99\\xeco\\x06*r\\x9a\\xe9r57\\xb2\\x89\\xf7%\\x90n!;\\xd9uy@o\\xab\\xa2j\\xbb`\\x1d\\xa2\\x0e\\xe2\\xb1\\x8b\\xee\\xe6d\\xd0f\\xf5\\x94\\xceh\\x01\\xdb\\xd4\\x0e\\x85i\\x83\\x9a\\x85\\xb2>i\\xa8\\xea\\xaa_\\xbc4a\\xcb\\xbc@0\\xc5\\xd6\\x85\\x8ei\\xce/\\xe0@|\\xf4\\x18\\x82\\xa6\\x836ld\\xb6\\xd5\\x0b\\xb7c\\xbd\\xa5\t:\\x02\\x11\\x92\\xc5\\x18\\xe4\\xf4\\x82\\x0b\\xe6\\xf3\\xe9b\\xb8\\xeb\\x9b\\xaf\\x98\\xd0p\\xe6\\xb0\\xe5d\\x8a\\xa7\\x12w`\\xf6"
500.  
501.  
502. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x17*\\x9b0\\xa6\\x9e\\xc9\\xec2\\xba\\x82&\\xa4\\x12\\x11\\x14\\xef\\xee\\x92\\\\xb2\\xb3\\x89&\\xd2\\x93j\\xea\\xd8-\\xe4h\\x08\\xee\\xb4\\xec\\xb2\tgn\\x7fx\\x925_\\xe9~\\xde\\xb0\\xa6\\xf50sy\\xe6\\x11\\xb3\\xbd\\xb4\\xdd\\xcb\\xe9w\\x82\\x19\\x9c3h.\\x1d3\\xf2\\xfa\\x1f\\xb7\\xa0\\x17\\xd4\\xfe\\x16\\xe1\\xdd\\x83qlg\\xf2s\\xe0bc\\xbfkky\\x7f\r\\xa2\\x85\\xa9\\x0fj\\x8d\\x828\\xb2\\xa2\\xc7\\xc1\\xc57\\x82m\\x8a\\xab\"\\xa7\\xed\\xf8\\xc1\\xed`\\xe8\\x1b\\xd4\\x17k\\x94b\\x01o\\x83$\\xd0l\\x8d\\xf9\\xbae\\xa8\\xa4\\x89s\\x84\\x03\\xfbk\\x13;;al\\xbej\\xbe \\xe1;\\x1e\\x83\\xb9\\x98\\xe9\\xcf'\\x03jjm\\xdd7mc\\x08| \\xda\\xfb'\\xb3m\\xd3z\\x13\\x9b\\x8b\\x03\\xb3\\x0e\\xf9i\\x08\\xaex\\xb2\\xf2p\\xcac\\xdb\\xfaa\\xeah\\x0f\\xf2\\x01izq6\\xe3\\x05&\\x99\\xb1j\\xee\\x03\\xf8h\\x18xs\\x0b\\x89qq\\x04\\xfa\\xf9\\xe2&\".\\xbc\\xb9\\xed\\xbc\\xcf\\x89\\xf5\\xab\\xdc\\xf6x\\xc3\\x81e"
503.  
504.  
505. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xc8+\\xdd\\x96\\xe5\\x10\\xa2\\xbc\\x9d.\\x19\\x9ea\\xd1\\x81\\xa6:7\\xe1*\\x97\\xe6\\x9a8\\xd7x\\xd5\\x90\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
506.  
507.  
508. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|3\\x85\\x89\\xbe\\x9e-\\xc6m\\xe1qvn\\xa4~s\\x16a\\xe3\\x9f\\xcf\\x038>\\x00\\x16 \\xcb6\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
509.  
510.  
511. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|#\\xbe\\x87\\x15\\xb0\\xf0\\xe6\\xbfd\\x82\\xc4\\xdam$s7\\x81bw\\x91&\\x082\\x9c`g\\xb4\\x84\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
512.  
513.  
514. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|r\\xa2\\xc8\\xc2\\xbd\\xa0\\xcbi\\xb4\\xadf\\x12y\\xd8\\xe3\\xe6,$\\x90\\xe78c\ta2\\xc53 \\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
515.  
516.  
517. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|thx\\xe2\\xf4\\xb3n/\\x97dj\\xfe\\xd4y\\x14\\xe2\\xa1\\xe9\t\\x19x\\xca\\x86\\x07\\x05\\xc9\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
518.  
519.  
520. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\x1f\t\\xf0\\x89dzt\\xc1\\xa7|\\xa3\\xc3\\xe8\\x8a\\xc9b\\xae\\xa2\\x0e\\xb7\\xeb\\xec\\xb5\\x0e\\xd8\\x04\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
521.  
522.  
523. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xd6~\\xaf\\xf4\\xad\\x85nm\\xf3\\xac\\xd5\\xfc\\xa28ov\\x9d\\x94\\x18\\xdb\\xde\\xa5\\x94\\xcagk\\x16\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
524.  
525.  
526. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xa7\\x95\\xe8j0\\x7f\\xfe \\x8f/\\xc0\\xb8\\xbc5\\xad\\xb1\\x97\\xf2;:m\\xdfh\\xa8\\x0f\\x8d\\xb1\\xd3\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
527.  
528.  
529. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|=\\xd5l\\xe3\\x9c\\xa7\\x94\\x95p\\x19\\xcb\\xb5\nyz\\x1ctd6\\xa23s\\xfa\\xb5\\x1d\\xa0yu\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
530.  
531.  
532. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xae\\xab\\xd5!\\xd7\\x15ij\\xf8at\n\\xdf\\xbf\\x8a\\xd2\\xf6\\x13\\x90\\x11\\xed@\\x0fs'\\xb6\\xdd\\xeb\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
533.  
534.  
535. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe5\\xacn77\\xddpc\\x9a\\x93\\xf5\\xca\\xcd\\xef\\xf7\\xfaoyw4o\\xcf\\x91\\xa4\\x8e\\xe2y\\xe9\\xeem\\x83n\\xdc\\xee\\xad\\x1c\\x8abt\\xe6\\xbb?\\xb8-c\\x0f\\x9a\\xf3\\xbej\\xdb|$\\xc6\\xfb0\\x88\\x9f\\xd6\\xf6\\x16\\x8ax9;3\\xc2?\\xa6\\x11\\\\x16\\xdfza\\xf1k\\x1f\\x92\\x05jf\\xe0\\xf6\\xb7\t\\xf0\\x0c\\xbdy\\x8a\\x13j(\\x97\\xd6\\xdf\\xc1\\x16\\xb8,\\x1f\\x9b\\xe2\\xc4\\xc1\\x8a\\x94\\xef>y\\x84\\xf1\\xd3\\xa8\\xf1q$\\xb4j\\xd9w\\x15o\n\\x1dn\\xbd\\xce33\\xc7\\x98wq\\xe8\\xc1\\xbb\\xbe\\x90\\xc3k\\x01\\x9a\\xf7\\x82\\xb0k\\xb4\\xc63*a\\xe1\\xb7\\x93\\xc8\\xcb\\xbf!`9\\x97.\\x80\r\\x0f6&\\xaf)\\x06t\\xaf\\x04\\x89\\x9b\\xb1+\\xa1p)\\x8c\\xfe\\x92\\x90\\x974qj\\x08v\\xea!\\x90\\x12\\x1e\tv\\xe4\\xbf\\xd4\\xbdq\\xd8y?%\\x04\\x81\\x06\\xde\\xca\\xa4\\x1dkhn\\xaa\\xf8\\x19sei\\x17\\xc8\\x91\\xa8\\x99=\\xf9\\x1cl\\xa4\\x88&m\\x84\\xe2\\xd1\\x95p_ d\\x88\""
536.  
537.  
538. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x83\\xef\\x82j\\xb3\\xd1\\x84\\x84\\x0b\\x0b\\x7f7\\x88\\xae\\xd0\\xbe\\xf8\\x19\\x0c\\x93\\xf5\\xca\\xe0\\xea\\x91 e\\x18\\x9b\\xbf149\\xd2\\<\\xe6e\\xcc\\xe6z\\x11\n\\xf0j\\xca\\xa74'\\x02\\x94\\xd3\\xee\n\\xb6ue\\xd6f*\\x93+\\xb8n\\xadd\\x18 e\\xf2\\xab\\xc4o\\xb5\\xd9\\xa8\\xfc\\x19=\\xa5\\x15\\xfe\\xa7\\x1ep\\xb9\\x8c\\xe9r\\xee\\xc9\\xfbrx\\xad\\xd8\\xf8\\xe7r>c8$\\x82 \\xda\r\\x90*\\x12b8\\xa7\\x8f\\xed;k\\x1ac\\x88^\\xbf\\xc5w\\xde\\xdaf\\xc2i\\xcb\\x16\\x8c\\xbe\\xc1p\\xd7\\xdbf\\xfccp\\xfb\\xedt\\x1fe\\x18\\xec')\\xa5\\x91\\xf1\\x05y\\xf9\\x80u#o~\\xf6\\xdfu\\xb1b\\xf1:\\x86\\x0c\\xde\\xea\\x08\\xae\\xd9\\xca`\\xe5?k2\\x8e\\xeb\\xca\\x1b+\\xa4\\x198\\xcar\\xa37s\\x1e\\x11\\xe5\\x94\\xae8\\xdb?uh\\x08\\xd9\\xca0\\xe6\\x8b\\xe8~\\x7f\\x11\\x7f\\xba\\xeewm8\\xd1r\\xd6w\\x04\\xc4o\\xe6\\xea\\xf2\\x00cr\\xc9(\\xd5\\xf5\\x00h0\\x968\\xb2`"
539.  
540.  
541. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x0101\\xee(\\x9c=6\\xbf\\x8e\\xd20\\xa03\\xd3\\xa2g\\xe9\\xb8o\\xa11\\xd5j\\x18\\xfbn\\x84\\xa9\\xc0s\\xb5=\\xf8'\\x9a\\x03@\\x92\\x17\\xc4e\\x07\\xb9\\xc2hx\\xce\\x12\\x0c\\xd0gk\\x16s`(np\\xb8=&\\xb5*i\\xa8\\xe2^pa4v\\xa9en\\x17\\xb7\\x9bib\\xf4y\\x1c\\x0f\\xb1c\\xb1:.n\\xec\\x0fr\\xb43\\x92\\xdc\\xfc c\\xf8&\\xa0\\x0e\\xab\\xd7\\xeb\\xfdc\\xd1\\x8e\\x0f<v\\xed\\xec\\x7f\\xcb\\xa93\\x00k\\x87\\xfa\\x17'h\\x8aku\\xcd\\xce\\xcfs7'9\\xc7%\\xfb\\xa0\\xb3\\xf4%pbt\\xeb\\x90):m\\x07\\xe9\\x81\\xdc$\\x98\\xed\\xfa(\\x97\\xa2u\t\\x12\\x9fq\\xa5o\\x19\\xcaqm&j\\xbb3r\\x1dj\\xa0\\xe3\\x10*l`\\xa1k\\x7f\\x9b\\x10\\xc3?w\\x06\\x92\\xbd&\\x80\\x00\\xb8\\xc3\\x9d\\xd2n\\x01\\x9e:\\xc6\\xacs\\xce\\xcc\\xf8p\\xff\\x992!-\\xd9\\\\x02\\xa8\t\\xb2\\x9b\\xe4\\xfb\\xda$\\x03\\x86\\xa1\\x99\t\\xa4\ro=\\x14b\\xea\\x13\\x13\\x1cw;\\xf1\\xda"
542.  
543.  
544. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|>\\xa7\\xc8s\\x98\\x1d\\x99\n\\xf1y\\xcdr_;\\x97v \\xef\\x0e\\xf5r_mo~\\x01a\\x00\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
545.  
546.  
547. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\x04\\xde\\x9fw~&\\xac\\xf2\\xa24;>#\\xd1p\\xd8t\\xa5\\x98,#\\x16\\xa6\\xaabqw\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
548.  
549.  
550. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\x94b\\xb3\\xadq\\xf7\\xc1p7\\xd1\\x1fae\\xb1\\xd2`\\x7f\\xd7\n\\x87\\xd9\\x9e\\xeb\\xbdyt9m\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
551.  
552.  
553. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|&i\\x90\\x9a\\x93\\x8eo\\x16\\xc6\\x8f\\xbasa\\x8do\\x1e\\xf1\\xc3\\xe6\\x9a0\\xe4\\xe3\\x9a\\xc0\\xca\\xa7\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
554.  
555.  
556. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/r|\\xda\n\\xd5k\\xb9\\x9d\\x16\\x8e%\\xd3\\xa3\n\\xcb\\xe1\\x8a@m9\\xe9)\\xbe\\x9drz!d\\xdd@\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
557.  
558.  
559. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb0|n0,\\xd7\\xca\\xbc\\x18\\xa1~\\xb5z\\x08\\xe4\\xfc\\xa7\\xb7\\xdfm\\xe1\\x9e\\xf95\\xf6\\x14\\xa0k+\\x9a\\xc2^\\x1a\\x14\\xb6p\\xeff\t\\x1f;.\\xf9\\x13\\xed\\xb9\\x9am\\xf3\\xe9\\xc3y\\xf7\\xcd\\x8d\\x13\\x0fz\\xb7y\\xcd\\xcb\\x97j%\\xc1\\x9e\\xde\\xc9\\xddx8\\xcd\\x08\\xc9\\xf2tr\\x1dk4\\xf2-_\\xff\\x0e\\x15\\xc6\\xf7\\xd0\\xeb\\xcf\\xda~\\x0b0j\\x06\\xf1\\xd9o\\xf9\\xe0\\x069\\x8c\\x1d\\xe0\\x84t\\x11\\xb2~\\xa3\\xc5a\\xe9\\xc3\\xe0\\xba\\xc5\\xa9\\xf6\\x9f\\xa0p\\xb1>\\x03\\xb8\\x8d\\xd0q\\xed\\x8d\t\\x87\\xbeaz\\xf3\\x18\\x01\\xab s\r\\x1b\\xc1\\xd7\\x0e\\xb8,\n\\x89y\\xe5\\xea\\xef\\x83q\\xabwipp\\xb8\\xd2h\\xbcl\\xcf\\x90vf\\xb3y\\x8c\\xe0\\xb3\\xd2r\\x9b<\\xe4\\x96\"\\x0ex\t\\x88\\xb2o29\\x9an\\x1fsmn\\x95\\x9f>>\\xf8\\xa0u\\xd0k-+\\x1d\\x00\\xbd\\x85-\\x84\\x1bgx\\xfb\\xec\\x19\\x90&ro\\xc5u\\xc8-\\xce\\x96\\xe9\\xd0\\xb4\\xe3\\xa8\\xd1\\xfa\\xc1\\xdakaf\\xd5"
560.  
561.  
562. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xaf\\xf9`-\\x88\\xd8\\x94\\x14\\xb9\\xa4):\\xfb\\xa7\\x8e?b\\xbeua\\x07a\\xfd\\xa5c\t\\x99\\x1a\\x02\\x1b\\xa1\\x11\\x0e\\x86$\\xbb\\x91v\\x19x\\x8a(\\xf7c_\\xdcz\\xd6\\x0f\\xcf\\xaf\\x8a\\xe5d\\xb1\\x10\\xb2e\\xa3\\xdemkx\\x949\\xdao\\xb7|7\\xb0\\x10\\xa5\\x84\\x97\\xcc\\x98\\xba\\xc4\\xfb\\xbb\\xc6\\xce\\xa8\\x01\\x08i\\x91\\xbc\\xcc\\x0f\\xc3\\x07\\x13\\x8e\\xc9\\xd7\\xb1s\\xb9\\xbf\\xf8\\xd5\\x84\\x92)\\x89>\\xde\\x04\\x15\\x02\\x85\\xac\\xef\\x14\\xa9\\xe6\\x9a\\x8f\\w\\xa5t\\xbbm\\xd6\\x10\\xa3\\xbb\\xaf\\x19w\\xbep\\xec\\xd9&k\\xc1\\xc7\\xccyi\\xef\\xdfrf\\xabz\\xaa\\x81\\xf9i\\x96\\x07i\\x91\\x987@=\\xf8\\xbc\\x05^\\xe2\\xcb%b\\xd8_f\\xc4\\xa7\\xf3*\\x80\\xe2\\xc4\\x8f\\xc4n4\\xa4d\\xaa\\x1c\\x08\\x848\\xf5\\xd8\\xb52\\x1d)\\x0ed\\xfbx\\xbc\\xc2a\\xb6\\x83\\xde\\xa4b'\\xeb\\xfd\\x87\\xeem\\xe5\\x1c5gct\\x06\\xb1zojx\\xca\\xc8l\\xcca\\x8b6\\xa9f\\x12\\x19\\xcfh,\\xe5\\x91\\xb7u\\xec"
563.  
564.  
565. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xd8x\"t=\\xb0\\x85\\x8e\\xe9\\xdc\\xd5\\xd1\\x88\\x985\\x1ed\\xdc/\\x04<\\x04ez$g\\xe2@n\\x01\\xfb\\x99\\x9b\\x98\\xa0\\x8d\\xaa\"\\xab\\t-\\x88*\\x94\r\\x9e\\x8f\\xabme\\x84d\\xd2\\xd3\\xefv\\xebuc\\xc2\\xe8c\\xed\\xc6\\xf0\\xc70c\\x17\\x9bs\\xe7\\xa9m\\xc3\\x1d\\xde\\xb7\\xa9/\\xcc\\xfb>\\x1f\\x9f,hh\\x0fg=\\xbb5##\\x81n\\xfcj\\xa1\\xf3rk\\xcc\\xa5~\\x02l\\x82t\\xd8j\\x176\\xefo\\xf1\\xa6\\xc6#\\xe1\\xe1u6\\xbbl\\x11\\x9c\\x8f\\xcf\\x88\\x05\\xbf~\t\\xebw\\xa2=|\\x025\\xdbf\\x90\\xccg\\xf0a\"\\x98i\\xd8ln\\xca\\xce0%\\xaa)\\xb2\\x1f*x\\x95\"\\xa7\\x17\\xf8\\xaa\\xce\\xd1\\x1d\\xbd\\xcd\\xece\\x05\\x14\\xfb(\\x0b\\xa6\\x88\\x80\\xd9\\x92\\xb86\\xd2z\\xde\\xe4\\xc4\\xea'\\xd8v\\xb0g\\xef\td\\xa61\\xe7\\xb5l\\xa2\r\\xf9~ljlw\\xeb\\xef\\x19\\xe5pg4\\xe2\\xc5~\\x8bv\\x00\\xe5\\xc8'\\xb4 z\\x83\\x0b\\x8fn:\\xc0w\\xc9o\\xfd=\\xb7w"
566.  
567.  
568. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010=h4\\x91\\xbf\\x90\\x05\\x94\\x91\\xa9v\\xbb\\x9b\\xa7\\x04'q\\x9f\\xcdn\\xb0\\xd3\\x11\\xcc\\x11\\x02y\\xd0d\\xb4\\x928f\\xdf\\xa8g\\x99\\x08\\x1am\\x96\\xdbf1b#\\x9a8\\x9d\\x14,\\xca\\xda|\\xd5m\\x01(\\xc4\n\\xd4\\xbf\\xd8&\\xab\\xf9\\xa8\\x84\r\\xa5\\x00\\x7f\\xcd\\xbe\\x04\\x9c\\x06.\\x1e>\\x81!\\xd7;\\xb0b\\xb6w\\xc2jpz\\x89\\x08?ig\\xe9h\\x1e\\x15\\x0f\\xad\\xeb.\\xbc\\xf5)k(\\xf1\\xfd\\x87.\\xdb\\xd2q\\xfa5\\xac\\xe3fi\\xc9\\xb1\\x13\\xaa\\x11\\xb2\\xfb\\xd9\\xd0\\xcc\\xa7#\\x06\\x95\\xc3d\\x81\\xaf)a\\xde\\xec\t\\xb6\\xcc\\x9c\t\\xa9\\xa7\\xe3\\xd9p\\xd2\\x93\\x9ar\\xfa\\x0b\\x98+)n\\x9c\\xe8\\x07\\xe0e\\x1d\\xf5\\xba\\x9f\\xa5\\xa32\\x81\\x9f#\\x8f\\xfet2\\x0f\\xdex\t\\xed\\xf6\\xd40d-t\\xcb#\\x84:\\x0c\\xc8:\\xda\\x7f\\xca\\xf5v\\x15\\xaf~\\xffz\\x0c\\xa0\\x9d\\xf0\\x10\\xde\\xf4\t~\\xfc\\x9e4c\\x01\\x14\\x83\\xd7\np\\x84\\x8f\\xad\\xf4\\xa0y\\x8f/\\xeeg-u\\xe8\\xf0\\x8brf"
569.  
570.  
571. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xbb+\\xe5\\x0f\\x08\\xd1k`6\\x83\\x8btt\\xe1\\xdb\\xa3\\x03\\x19\\x8b<\\x82<\\xde\\xf2\\xb0\\xcc\\xb0\\x1e \\xe3\\xac`\\x91\\x84;&?#|\\xba\\xe7\\x92n\\xbd\\xd0\\x9d\\xbb\\x7f\\x86xg\\xa4\\xfbf\\xe1cw\\xbfb\\xf4\\xd1\\x82\\xb1\\xa6\\x05\\xe6\\xe8m\\xb4\\xc4zc\\xd5t\\x0f\\x1f\\xc6\\x81\\xb4\\xa6\\xe1\\xf8\\x01\\x99\\xf2\\x8e\\x97\\xd4\\xc4\\x8f\\xca\\xa45 w\\xb0q\\xa2q\\x9a+\\x8e\\x1d\\x00nz\\xc4wf\\x95\\x88*jh\\xf5\\xbe%\\xc6\\xbb\\x1e\\xd5\\xfe\\xae\\xb8\\xca$z\\x86\\xdb8\\x07\\xf6b\\xa9b\\x19t\\x02\\xaez\\xf0\\xb1\\xc4\\xa2\\xb6\\xe3t\\x8a\\x8e\\xf0\t\\xe6<j\\xd7\\xc7\\xb4\\x16m\\xe4\\xd0\\xa9\\xfc\\x80\\xc9x\\xcal\\xa2\\x17m\\x17i\tg3\\x00\\xb44\\xc0\\xda\\x0f\\xc5?\\x10\\xcaz\\x83\\x9e\\xf36\\x9e\\x883\\xe3o\\xa6h>\\xbb\\xf8)_\\x08^6\\xf2u\\x1e\\xf3\\x01\\xa9\\xcc\\x89\\xa5\\x85\\xd6\\x93va;\\x85c`\\x0f\\x1f+\\xdc\\xb8\\x03\\x85\\xe0\\xca6\\xbc%zr\\x18\\xc93\\xfd(\\x18\\x041\\xd6"
572.  
573.  
574. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010~\\xd7\\xb2$\\xb5\\xaf8w\r\\x9c\\x8a\\xcb\\x8fuea\\xe92\\xd7\\xa48\\xde\\x87\\x7f\\xed\\xa9\\xd8\\x7f#\\x05\\xfd\\xb7\\xb0s\\x89\\xdd.\\xdai\\xa9\\x0e\\xdd\\xddl\\xf1>5\\xf3\\xb2\\xb5\\x9d\\x0f\\xee8\\xd4\\xeew\\xef+\\x16\\xe4f\\x13\\x92\\xa5\\x91\\x07\\x8d\\xe5\\xf1\\xb9\\x8b\\xf7\\xdf\\xe9/\\xc9gz\\xc6\\x8f\\xd5\\x02\\xe9\\xcay\\xf6h\\xfe\\xa29+3@mr\\xcd\\x9b\\x92\\xa46\\x12\\x88\\x91\"\\x10\\x95\n\\xcd)\\x01\\xa2q\\x07\\xbfh\\x10=\\x96\\x1b\\x81)\\x0e~^\\xcf\\xf2e\\xa1\\xb0\\xa8\\xd1\\xfb\\xa8\\x07\\x1b\\xd4\\xaa\\x9c\\xe01\\xa3+\\x0e\\x94n\\x1f\\xfd\\x81s\\x1e\\x838\\xbaa\\x8f\\xc1o\\xce\\xf5'i\\x08\\xb7\\x8c\\xc8\\x91\\xdf\\x17\\xc0\\xa2\\xc0\\x1d\\x98f\\\\x7f_\\xc0^\\x91\\xc6\\xdc\\xb0i\\xff\\x9e\\xdb\\x9dv&\\x15\\x1c\\x1d\\x8a\\x0ce\\xad\\xf4guzf\\xe5\\x1f\\xc5\\xff\\x94\\xc7\\xca-\\x04\\xe7\\x97\\xbcy(\nw\\xe6\\xbd\\xe7\\xc4\\x9d\\xe1\\xbb\\xdbx\\x93\\xed\\xb1\\x06\\xbf\\x13i\\xe1_\\x11\\xf3qd\\x83nb\\x1b\\xa2"
575.  
576.  
577. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x0103\\xd3\\xd0o\\xb0\\x9f\\xe3\\xe0\\xadz\\xa0\\xc6\\xef7\\x10\\x17!\\x8bd\\xf1\\x83\\x04\\x92?\\x96)wu6\\xaa\\xcfw\\xf2\\xa6\\xd9+\\xcc\\x1a\\xea\\xf9\\x016\\xcd\\xb7v\\\\xd3`\\xec;\\xe3t\\xce;=a\\x86\\xf5\\xd0\\xc8\\xd7a\\xe1\\x86ua\\xc8\\xed\\xb6\\x8c\\xcad\\x0c\\xe9\\xbd\\xb2\\x8c\\x82\\x90\\x9b\\xb0p=\\x9e\\x00\\xaa\\x11\\xf99\\xd8\\xa1\\x87\\x1b\\xc1\\x8a\\xa9\\xeaz\\xcb\\xca\\xfb\\xd4\\xbc\\xb7\\xd6\\xf8\\x95s\\xf0\\xcd\\xd7\\xd9<\\x1b\\xd9\\xca\\xdd\\xdb\\xbe\\x168\\xeez4\\xdb\\xaep\\xbd\\x05\\x04p7\\x7f0\\xff\\xc6\\xe9@\\x12l\\x1e9\\xcf\\x8e\\x03i\\x97uu\\x99\\xea\\x811\\xef\"\\xdf\\x86\\xbc\\xe6\\x9ay\\xe4\\xab,7,\\x17/\\xbd\\xe6s \\xb5\\xed\\xecn\\xc1\\xdbrip\\xbe4\\x8b\\xd7\\xf7(\\xe6\\xedx\\xe0\\xa9u\\x18\\xb4\\xe3#7\\x7f \\xaf\\x85\\xa4~\\x1e\\xaa\\xfa\\xef\\x17\\xa6'5\\xdc\\xb08i\\x85\\xe5\\xb7\\x84\\xecr\\x89\\x8f!g\\xa8\\xe4\\xdb\\x0eo\\xc98\\x87\\x08\\xf2*9yy\\x11\\\\x07\\xe67\\x0f|"
578.  
579.  
580. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010j\ry\\x1c\\x8ci\\x13\\x9d t5\\x9e\\xdavr\\x9e\\xebu=\\x96\\xf6d\\xab\\xa1\\x8a\\xc4=\\xd9\\x85$\\xbd\\x00\\xb8\\xcb\\x01\\xaf\\x04&g\\x96\\x1e\\xce\\x06n\\xab\\x86\\xf6\\x15ahus6\\x9e-\\x92r\\xa0\\x04m\\xafh\\xde\\xc6\\xf7\\xf5\\xd9h$\\xa2\\xca\\xe5\\x86\\xa9\\x9ea\\xbe\\xb1&w\\x17\\xdfm\\xee\\x10!\\xd8\\xddzlvu!h\\xe4\\xb8\\x14\\x82\\x97\\xf5u)\t\\x08\\xf9\\x07\\xcf\\xd1\\xdb\\x85zgsc0\\x0c\\x13|\\xc3l\\xbd6\\x04\\x9d\\x98_\\xfe\\xd5\\xea\\xd5\\x82bvoz\\x0c^\\xa0\\xfcp\\xe4\\xb3\\x1d\\xee\\x1a\\xc771\\xce/ \\xe8\\x9c\\xe8\\xe2\\x96s\\x8b\\xf7\\x9a\\x9f\\x1b\\xac\\x9e\\x04\\x1d\\xa7\\xfd_\\x98.\\x8e\\x88\\xd2\\xf29ex\\x9d\\x8b\\x1em\\x84\\x9cv\\x89\\xbd\\x9f\\xa2\\x8b\\x16\\x00+\\xc6\\xfa\\x13jfq\\xc4h\\xa3\\xbc\\xe8\\xbb\\xb8\\xd4\\xd3\\xc0\\xdb\\xeb\\xd6\\x87\\xa5\\x1b\\x8e\\x94\\xb2\\x08q-\\xce\\xd4\\x8d\\xa4r\\x84\\xc8\"\\xf5\\x93\\xaa\\x9cs\\x04\\xee\\x0e\\x1bu\\x05j5\\x1c\\xe8;9\\x8e\\xab"
581.  
582.  
583. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x16\\x1br1@k\\x94v\\xe8y\\xb3\\xda\\x94t\\x114\\xa7\\x8b\\x05\\xf1k\\x03\\xde4?\\xfb)\\x07o\\xe3\\xb8\\x04\\xe1\\x1f\\x01\\x16-\\x04hz<\\xd2\\x18\t\\x1aq(\\xd0xp\\xad\\xa8\\x11\\xa2@\\x8a\\xf6\\x03\\xe2\\x10\\x0blv.\\xbe\\x04\\x0e\\x97\\xfd\\x035\\xb9\\xac\\xfc\\xb3\\xc6y\\x07\\xe1\\x00\\xe3f\\xe7m\\x8aj\\xa5\\x9d\\x0b\\x03\\x16%;\\xcc\\xed\\x9f\\x06\\xf6\\xd0\\x90\\xa0\\xfc\\x9f\\xa0ui\\x12\\xf8\\xdd\\xbdg\\x8e\\xd7\\x8e*\\x81\\x92\\xa8\\x07g\\xa8z\\xd6k<\\xdf\\xe7\\xf3\\x90\\x1e\\x07p\\x00\\xac\\xa6\\x1ag\\x0fgmv\\xb4\\xfd\\xea%\\xa2\\xf4`\\xbc\\xcd\\xb7.\\xd8\\xd2xz\\x8e\\x96\\x03>\\xd7\\xc2k\\x7f\\x13\\x1d;\\xc9>\\x13\\xc6\\x11\\x9eo~\"\\xae\\xc4\\xc6\\xe0\\xec\\xb49\\xdd\\xa7s\\x90\\x14\\x94`\\xa5\\xe1\\xb1\\xa9@m(\n\"\\xbc\\x1c\\x0f\\x93\\x83\\x897s\\x85\\xd2\r\\xea#\\x8fs\\xc2\\xff\\x1a\\x81qwi\\xfcd\\x9b\\xd8u\\x81\\x07\\xd0\\x82zh#\\xef\\xfb\\xf6(\\x9c\\x98\\xf9\\x92v\\x98\\xed\\x02j."
584.  
585.  
586. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xc1'\\x0c&1 \\x84\\xac@kh\\x8b\\x043\\xffyk\t\n\\xc5\\xa5\\xa7\\xd5\\xac\\x06d\\xaa\n\\xb8p\\xc2\\xf9\\xeat2i\\xa7\\xad\\x84\\xc0bal\\x966\\x8d`\\x94\\xad\\x9e\\x88,\\xb2u\\xc3 `\\x98\\x91\\xed\\xf1\\x9e\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xac\n_\\x11/\\x85\\x1b\\xd3,\\xb8\\xe8\\xee\\xc3\\xf6m\\xd3\\x9c&\\xa4\\xb7\\x1ab\\xce\\x12\\xc9\\x81\\xe1t\\xa6\\xb4\\xd1\\xab'\\xdd\\xc4(\\xbf\\x1ce\\xe7\\x90\\xdab\\xf1\\x16f"
587.  
588.  
589. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xcc\\xe8\\xca\\xe7\\xee\\m\\xc9\\xa0\\xe7\\xb0\\x88\\x1dm\\xc16\\x0e2a\\xe2\\xe9\\xad\\xa3\\x16p\\xeex\\x0b\\xb4\\xdde\\x82\\xdf\\x0c\\x03\\xcfo\\xa3\\xd1\\xf85\\xef\\xd7\\x10\\xe7\\xe3\\x19\\xdan%\\xd8\\xa9\\xa2\\xb7z\\xb6qa5\\xa9\\xd4\\x01\\xde\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xd2\\xb4\\x05q\\x9e\n\\xe3~_\\xac\\xe6\\xc3v\\x03\\x87\\x96q\\x11)\\x1a\\xa1\\xc5\\x08\\x8d-\\x89/q\\x7f\\xb0`\\xe2\\x9ex(j\\x19\\xdb\\x88*\\xf9h\\xa4\\xae\\xe0ln)"
590.  
591.  
592. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010dy_\\xfa\\xe7_\\x1e\\xf1\\xa8\\xc9\\xf1u2\\xf7\\x90ubb\\x95hv.\\xcd9\\xbf\\x96\\x9c\\x1cj.\\xe2\\x95\\x0fwv$\\x98\\xd9\\x95\\xab\\xb283%\\x81\\xaf\\xd1\\xe7\\xe4\\xe9eq\\x1e\\x8a\\x08.\\x11\\x16wp\\x8dh\\xe4\\xfd\\xfc\\xa1\\xd9\\x11\\x1d\\xe7\\x14\\xc4\\xe8\t;g\\xe0\\x02\\x84\\xe2no b\\xe7\\xb5\\x9d\\xdd\\x02\\x14\\x13\\xc9\\x1ay\\x92\\xa3\\x80\\x11\\xc9\\xeen\\x8a%\\xea\\xbf\\xf1'\\xa4\\xe5\\xa184\\xf5\\x81\\x19\\x9a >ck2\\x876\\xafy\\xa4\r\\x80\\xa6~f\\x06nsck\\xee\\x03\\x8b\\xf1\\x18d\r:ch\\xa3w\\xf3\\x8c=6\\x04\\x94@quu\\xd32|\\\\xb9\\xca\\xdf\\xd0y\\xa3\\x1bo\\x1d`\\x94\\xdf\\xa1a\\xec\\xf9\\x17\\x1c@\\xcfny\\xd9\\xf9>\\x02\\xc6q\\xa8\\x11\\x80;\\xd7\\xbf\\xd9\\x99\\x83v\\x84\\x1c\n\\xde\\x08\\x03p\n+\\xd7\\xfa\\xbb\\x96c\\xe7?\\x19`\\xfdf\\x8b\\x95\\xad\\x13\ry\\xaa\\xaf\\xe1z\\x06\\xa4\\x87\\xf3kf\\xbc~\\xe9\\x1a\\x85\\x8a\\xca:~*\\xa3s\\xc5"
593.  
594.  
595. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04<,\\x9e2o\\x1f\\xc4v\\xa5\\xfd\\x95\\x7f\\xc7\\x1e\\xd7\\xb2q\\\\xb2\\x02lu*\\x85\\xe7\\x02xh\\x12\\xec\\x04\\xe4\\x01\\x9c4k\\xdf\\xa3\\xa3#\\x9d&b0\\xe0g\\xd4\\x7f\\xd8#c\\xb2\\x90\\xe7a\\x0b\\xb2*\\xc6\\x05\\x9bt\\xdb\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xa5\\xcca\\x9a\\xe2\\xc8\\xcb\\x07~\\xb1\\x13\\xba\\xe9c\\xb2t\\xf6`\\xcd\\xbb\\xfa\\x19\\xcc\\xa1\t~\\xb0\\x0b;y\\xd5\\xb5gm*y\\x17\\x84\\x05\\x1f\\x1e\\xf6&\\xc0\\x82%"
596.  
597.  
598. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04o\\xeb\\xb9=\\xaa\\x99\\x07\\xf0\\x1c^\\x8d\\xda\\xfd\\xe8w\\xc14\\xfe\\x97\\xbb,c\\xc4\\xd4\\xdb\\xd93\\x12@4\\x1a\\xfc\\x89\\x85\\xb4\\xe9,@\\x96\\xa0\\x87zb\\xc7*\\x82z\\xba\\xcd\\xe2\tt\\xa6\\x08\\xf2\\xe6\\xe3$\\xbbu\\z\\x13\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x07\\xb9\\x1e\\xc6\\x00\\x02hq\\x08d\\x9f=\\xe9\\x17b\\x16\\x93\\x93 \\xfc\\xb8\\x10?sc\\xfa\\xe8\\xdc 5po\\xb1\\x1c\\xa6x\\xcfom\\xb9\\xee\\xa5\\xb2j\\x95\\x1cx"
599.  
600.  
601. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xd5@\\xac\\x0e\\xb3\\xe1\\xcd\\x1d\\x17\\xd0\\\\x90n7\\xa0`\\x06\\xf0\\x89\\x06\\xd2\\xff\\xf0\\x04v\\xe3\\xc4\\x19\\x930w\\xecc\\x06x\\x9f\\xee\\x00\\xc4\\xaf\\x81\\xe2\\xf0\\xe9p:xr49(\\x98\\xa9\\xde\\xd2<\\xf7\\x96\\x1f\\xcf\\xc2v\\xa9\\xf6\"\\x14\"\\xb7s\\x0bdl\\xe8\\x83\\xb4\\x90\\x10p\\x86\\x1f\\xe7\\xc5\\xab\\xcf\\xc1+\\x1c\\xa2\\xb3\\xb8\\x0e\\x1b\\x9b\\xa2j\\x1a\\x103\\x1eej\\x1c\\x9a\\x8a\\xcfa\\xd1\\x87\\x8bz\\x1c\\xb1\\xab\\xa8)<4\\x99b\\x0e\\xf7\\xd9a7\\x85\\xc7\\xce\\x8d\\x12 q\\xf4\\xach&\\xa6\\xf793\\xea\\xf4\\xbe\\x02\\xa0\\xe9\\xca\\x96\r^\\x03\\x89\\xff\\xcb\\xea\\xe93\\xd6q>h\\xd4xia\\xb3?y,i\\xe8\\xe3\\xc7\\x87\\xe0w#\\x95\\x00\\x85z\\xddr\\x10\\xf1\\xec>3\\xa45\\xb0\\xfe_ \\xc7 k\\xdb#\\x18\\xa5m\\x9ab\\xe9\t\\xe2\\xcce\\x16\\x1c5\\xc1\\xe8\\x95\\xa5k\\x13\\xa8\\x17\\x19\\xaf\\x8b\\x10 \\x80\\xaa\\xb3\\x9b\\x9e\\xf5#\\x1e\\x8f&\\xd8\\xaf\\x1d\n\\x8dt7\\x9e\\xb90`\\xc4\\xe7\\x1a"
602.  
603.  
604. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xc6\\x0e\\xa9+s\\x12v\\xed\\xd5\\xea\\xe6sn|z\\x86d\\xbb-\\xa7\\xf8\\xe2\\xadod\\x86a\\xf0\\xa8\\xe9l\\xfdrx\\x08\\x01\\x87\\x99\\xedt\\xb0\\x81,j\\xa6j9`\\xe2\\xe6g\\xb3\\x8e\\x00\\x00\\xc4\\x81\\x11vu.\\x1c\\xb1\\x1d*n\\xa0\\x85\\xd9\\x94<w\\x18\\xd4\\xe8\\xd8\\xabv\\xc1\\x8c\\xfa\\xaaj5e\\xfe\\x12\\xcfr\\x13k\\x1cd6\\xa9|n\\xbd\\xd1\\x1b\\x9b\\x1f\\x8f\\xab\\x86b\\xf1\\xfd\\x05\\xd6\\xd8h\\xad\\x83t.\\x9a\\x82l9\\x1a\\xfb\\x1c\n\\xf0j\\xa8\\xad\\x83\\xf8\\xado\\x0e4\\xbct\\xcc\\xd3\\xb7.\\x0cg\\xb6j\\x85xz\\x04\\xb2<\\xc2\\x1d\\xb8b\\xa1!(\\x80x\\xd0~)<\\xd48\\xe3\\x8f~:\\x0c\\xad2\\xdf\\xed\\xf4\\x1db\\xb2i5\\xfa\\xa1\\xc3\\xd2\\x00\\xe9\\xbb\\xc4\\xf95\\x807w!\\xa9c\\x91\\x16\\xeadcr\\x1d\n^.t\\xe2n\\x9ewwh\\xa9\\xa0ut\\xbd\\x12&\\xddf6\\xdfz\\xd6\\x17\\xde\\xb4\\xf8\\x9b\\x1a\\x92\\xd3\\xe4\\x90;~\\x02=\\xf8\\xdfh\\xe1"
605.  
606.  
607. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xc8z\\xb1\\xfb\\xbb\\xe1\\xa0\\x8fl\\x1d\\x16g\\x94\\xd3\\x02z\\x88q7\\x1aje\\x84v\\xdc\\xff\\x12\\xa7\\xedo\"\\xef\\xc8a\\xc6=\\xb04l\\xc8^<\\xeb\\x0b\\x10\\xc1w\\xc9h\\xf4\\xa2m-^\\xfab\\xc8d\\xe8\\xf8\\x038\\x96s\\xad\\xb1\\x1b\\x12\\x97\\x8doa\\xa6y5\\xe5\\x907\r\\x91\\xf7\\x88\\x97~7i\\xfd\\xa5\\x9f\\xc1\\xd9\\xe8&5g\\x19r\\x13\\xd3am\\xa3\\xcbc=w\\xc0rd\\xc9\\xa9\\xd9*\\x0f\\x8f\\x7f\\x11a\\x81\\xae\\xbf\\xdb\\xb6\\x17\\xdb\\x92\\xbb\\xdb\\xcc\\x99\\x90\\x927\\xb0\\x8bn\\xed\\x7f\\x96\\xa6\\x84\\xbd\\x9a\\x1f\\x93isa\\xc1x\\x02\\xc6\\\\xe18\\\\xb2\\x1a\\xd87\\x07\\x91n\\xc3\\x03\\xcf\\xf4\\xa1xe\\xcc\\xa0v\\xfa:\\xf5m\\xae\\x80\\xe5\\xa7d\\xef\\xbc\\xf4zzm\\xbe\\xab#\\\\x16\\x18\\xad\\x98z!%\\xe1u\\xe2\\xdc\\xf8;\\xc6i!\\xb1\\xa4\\xc4\\xd6\\xebq?7\\xbc\\x86tn(*\\xef\\x9f\\xdbpb\\xb6\\x7f\\xd8\\xd9h\\xcc\\xfcv\\x0f\\xe7\\x96\\x18\\xf0\\x06\\xc9s\\xe67\\xdc*\\xa8"
608.  
609.  
610. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\r\\x9c\\x0c\\xe5\\x93\\x86\\x1d\\xed,\\x8e|h\\xec\\x9ap3\\xd6\\xd0j\\xde\\x89\\xad \\x83\\x0ek\\xe2\\xd1\\x18\\xb3\\xdbe\\xc0\\xe2\\xbc\\x02\\xb1\\x04t\\xfd\\xdepq\\xd7\\x1a\\xae*\\xc8\\xf5\\xf4`\\xaah5\\xa9\\xc3\\xe1f,\\x10\\x16\\xad\\xe9\\x9a\\x87\\x08\\xe7\\x1a$.\\xcc\\x901h\\xf3j\\xf4'\\xae\\x86a\\x85k<\\xe3\\xb9\\xbf\\xf3\\xdd\\xaad\\xfe\\xb1\\x8b\\x84\\xb7\\x0f\\xedr4\\x89i\\xa5\\xe9\\xb5li\\xe0_\\x18\\x02\\xb6r\\xc8\\xfar\\xc8\\xec\\xb0x\\xe1\\x880!\\xd9\\xbd\\x01\\xff\\xa3\\x1c~\\xa3\\x82\\x08\\x9csx%\\xa3\\x1e\\xd9g\\x02\\xe6\\x95\\x13\\x12\\x1c\\x1f<\\xdd\\x10\\xbf\\xcb\\xe0?\\xd3\\x89q\\x83\\xe70\\xd8\\xcf\\xc2\\x15(\\x89\\x91gz\\xa5q\\xe9k\\xfb\\xd9\"rv\\xaa<qy\\x9cbrk\\xe0r\\xc3\\xb27i\\xe1\\x17\\x17r\\x8e,\\x81\\xb0\\x82\\xb6\\xa3\\xe3\\xd9\\xc1\\x10\\xe1?ck\\xb2t\\xb7\\xffl\\x04q\\x1f\\xa9\\xf6\\xa8~~\\xaf\\x85c\\x8c\\x03-(\\xf3\\x17\\xf1\\x1d6\\x93\\xbb\\xfc\\x90\\xcfku\\xae"
611.  
612.  
613. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe3\\x88g\\xc8\\xaa\\xf6\\xf9\\xf8@\\xdf\\xbd=d~q\\xc5t\\xc5\\xcfh\\xe7z\\xb9l\\xb5\\x80\\xa4\\x7f\\x8b\\xe0w\\xb6wo\\xb5\\xdf\\x1d\\xd3\\x08s \\xd7\\xd7x\\xd2\\x9b\\xf4\\x84\\xc4\\x04\\xc3-\\x93e\\x95h\\x8b\\xa9\\xbe/f*\\xf8\\xcf-\\xa7k\\xf0\\xca\\x8bu\\x9c\t\\x02\\xc9<a\\x8f\\x1b\\xee(\\xf0\\xe8gq&\\xa2\\xcf\\x0f\\x90\\x196m\\x7f\\x8e\\xc5q\\xa7\\xdf\\xf8%\\xb6\\xfbpqn\\x03\\xa5\\xbf@\\x95\\x92\\xf1u>\\xb4\\xac\\xb9\\xa7\\x01\\x87\\xe3\\x97\\xff\\xe3\\x81\\x99l\\x05:rp\\x90\\xb9\\x8e\\xe6\\xb2\\xc6\\x80\\x02\\xb6\\x9e!cf\\xf5euqmz\\xaf\\xae\\xa5\\xfe>\\xff\\xb9\\x9a\\xe9\\x7fxv\\x9f\\xa3\\xcd\\xf2\\xa6\\xcc\\x13\\xa3'\\x1b8\\x89k\\xfd\\xdf\\xf9\\x81\\xfc\\x86'\\xdd\\xb5\\xd2\\xa6q1\\xe6d\\xb9z\\x97=\\xca\\x10o\\xc4\\xf8\\xc6\\xe7\\x06<\\xa9\\x8b\\xab\\x9a\\xf3\\x06\\xc7\\xab|\\x87\\xa4\\xb6x\\x96\\xed\\xa4#\\x03\\xc0\\xa2\\xe9r\\xc1\\xdfy\\xc72\\xbf\\xd2\\xdd\\xbc\\xe2\\x9e\\xcf\\xe1\\xb9\\xbd\\xb1\\xddx\\\\xf6"
614.  
615.  
616. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xf0\\xf5\\xdc\\x92\\xc1_\\x0e\\xec\\x12\\x044\\x1a\\xd2\\xa3z\\x01\\x8dh fbq*\\xcd\\x8d\\xec\\xc0\\xcd\\xb7\\x89kw\\xf8;\\xc4\\x17\\xdd\\xa51\\x02\\x95x>\\xbd\\xb1\\x08\\x0b\\x12c\\x88pl\\xcc\\x8a\\xd9\\xa1r@|:\\xd7\\x97\\xcc\\xf4\\x01)\\xd68\\x19\\xea\\xbb\\x9fuj\\xab`m<\\xd0(\\x05'*\\xa6\\xe9\\x7f\\xb1\\x10\\xe2\\xc3\\xeb\\x1c\\xf1\\x12t\\x97\\xaf\\xe4s\\x1eqy\\xaav\\xda\\xc3\\x061\\x0b\\x87\\x06\\x1e\\x82\\xe7\\x05\\x87\\xac\\xa0\\xb9\\xd5\\x04\\xb6g\\xde\\x8a\\x04\\x1fm\\xb9\\xe55v\\x18\\xcb\\x1b\\xcf\\x89\\xc9\\xc8oo\\xaa\\x00;_\\xab\\x93t*l\\x9c\\xb7\\x00r\\xe4\\xcf\\xb69\\xe4\\x9f\\x90\\xf2\\xe6\\xb8>\\xc2\\xccz\\xc4&i\\xb5n\\xa4o\\x06\\xce\\x8fl\n\\xe7:i\\x7f\\xdb\\xee\\x01\\xf5\\xbe\\x199\\xcc\\x87\\xec\\xba\t8\\xab\\xc2\\xcc\\xa7\\xd5y\\xace\\x99\\xbe\n\\x9e(i)@\\x04y$\\xbbr\\x14\\xdd\\xf2\\x15u\\x115\\xa4\\x1b\\xd6\\xc0\\xd4\\xc23\\xe4\\x02\\xcf\\xceg5\\x8c\\x97\\x14\\xc4 \\xd1k\\xa1\\x8d\\x86"
617.  
618.  
619. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x04\\x8f\\xe6\\xdb^m\\x01\\xa3\\x0eh\\x1f\\xb6\\x84\\xa5\\xce\\x18\\xaavu\\x1b\\xa9\\x9ai\\xe6\\xf1\\xf4\\x01q(\\x12\\xd0\\x9c7a\\xabkp\\x9auu\\xa7ni\\xfeb\\x88\\xce\\x19&\\xcd`oa_\\xe6\\x9b\\xaf\\x13+\"\\xbcu=\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x06\\x81red\\xdd\\x94\\xfd\\xac\\xd0\\xe0\\x9b\\xb4h.\\x12\\x1c\\xd2k\\xb7;+^\\x80\\x16rx\\x89m\\xe20\\x83q\\xd2\\xa3)g\\xfb\\x028|\\xd0\\xcf\\xad\\x9c\\x0f-"
620.  
621.  
622. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x8c\\x05\\xc7\\x0b;bkj|\"\\xb6\\x19\\xfbcb\t\\xea7\\xe8\\xc5\\xc1s0\\xdb\\xff\\\\xccu\\xd6\\x97\\x18\\xde\\xc0\\xfc\\xc3\\x85\\xe68\\x07\\\\x01\\x9f\\x0e'\\xa4s\\xbbfc\\x90\\xa8\\xc0\\xca\\xcd\\xa1z!z\\xd42\\xea5\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000s$f\\xa1\\x9cp\\xc8b^\\xbat\\x86\\xa3\\xfc\\xe0\\xb4\\xa2\\xae\\x94\\x83\\x83\\x00\\xcb\\xe9\\x11g\\xed<4\\x93h.hm\\x15\\xba\n*\\x90t\\xa6;\"\\xa4\\xd6<\\x1d"
623.  
624.  
625. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xe5\\x93\\x0e\\xcf\\xebu\\x90\\xf6\\x1eti\\xd2\\x8d \\x11o>\\x17\na\\xc4f\\xaf\\x92\\x91 \\x06d\\x054\\xb0\\xfc\\xb5gm\\xf8e\\xbeb\\xb0e\\xcd3\\xcc.\\xdd\\xd8v1\\xa7\\xc1\\xbf\\x85\\xfdv39\\xe1\\xd5\\xd4\\x9ae\\x81k\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000!\\xc0\\xe1\\x1c\\x88\\x00\\xa0\\xf4\\xaa\\xfa\\x19c\\xa4r \\xaa\\xda\\xd7q%3p\\xdb<\\x8a\\xdev\n\\x9d*#\\xf4.\\x92\\x04t)u\\xd6q\\xe5\\x15\\xaa\\xb9\\xd44,\\x17"
626.  
627.  
628. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x06j\\x90_g.u\\x80t\\xc5|\\xbbx\\xf92\\x06\\xda\\x03k\\xf9\r.5\\xc8\\xcf\\x11zd\\xda\\xcc1\\xe4:\\x00\\x02\t\\x85\\xe2n\\xd0<\\xbd\\x02escj\\x92^\\xb66x\\xac\\xcalr\r%d\\xd9\\xc7\\xef\\x85f\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x04\\xe6\\xe3mk|y\\xfb\\xb0c\\x12\\x97\\xb5fw\\x85^\\xa2\\xbar\\x8b\\x00s\\xf8\\xea\\xa0\\x0b\\xea\\x0e\\xfb\\x1f\\x9d\\xb2u\\x1ck\\xef~\\xf8\\x1f\\x84\\x95\\x87\\xda\\xbeon"
629.  
630.  
631. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x042co\\xd7h\\x90q\\xcc\\x15\\x19x\\x06\\x11g\\xbb\\x11\\x88jwez\\xbds\\xcd\\xafs\\xa5\\x1f)\\x96an\\x8a\\x01jxa\\xe7\\xeb~9\\x9b\\x92e\\xd3\\x08\\xba\\x0f\\x15\\x94\\xbbja\\xbd<\\x97&mxb\\xe0>\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000gb\\xb8\\x10\\x00\\xf5\\xc4k\\x9c\\x9d\\x8b\\x8f\\x1d\\x93\\xdb\\x94\\x10z\\xf9\\xd9h\\xafq\\xb0\\x07m\\xfag\\xbe\t5\\xf3\\x02\\x08\\xde\\xf9\\xe93cv\\x1a\\x82\\xb3\\x907\\x7fyp"
632.  
633.  
634. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xec\\xb9\\xff\\xa54\\xdb\\xc4\\xf5\\xa6\\xdf\\x82g\\xdbe/\\xa9\\x0e\\x07\\xfb:\\xc0\\xe5\\xf6\\x1d\\x1e\\x07\\xdf\\xd7\\xb5\\xba:v\\xe8\\xf5\\x95\\x8d\\x90\\xe6\\xe3\\x0buf\\x9e@\\xa4\\xc9h\\x0b.\\xc2\\xa9\"\\x93p\\x95ob\\xe3(\\x14\\x05\\xea\\xbc\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x0007\\xf88kl\\xf9\\xc3\\x90*\\x19\\xe4#b\\x0bw\\xa8t\\x02^\\xa37\\x1a\\x1fkq\\x93`\n*\\x94$\\xe7\\x98\\x0c\\x94\\x9f@p<\\x85 \\xd3\\xdd\\xb0\\xc4.\\x19\\x1e"
635.  
636.  
637. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x01\\xe2\\x17\\xf5\\x15\\xdc\\\\x06\\xd26\\x97\\x15\\x15\\x93\\xd8\\x1dl\\\\xbc\\xbe\\xf3\\x10t\\xcdw\\x8bu\\xfd\\x0f\\xb37\\xa5\\xe5w\\x181z\\xebo~\\xd9\\xca\\x1f@\\x04\\xc5\\xd6\t\\xee\\xcb\\x99a>4f\\xa4\\xd0>\\xe7^%\\xf4\\xed2\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xa3\\x10\\xf8\\xd95\\xec\\xd8\\x99\\xcdr\\x14f\\xff\\x02\\x94\\xa2\\xfe\t\\xa9~\\xec\\xa9\\xb2\\xb4\\x1c\\xb8\\x18n\\xba(\\x89\\xc0\\x16x+p\\xed\\xf6fk\\x87n\\x99\\xac\\xe8\\xa38"
638.  
639.  
640. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\r\\xfa,\\xa0\\x13\\xf0\\xb3^\\xd3t\\xcb!is\\xd6\\xf7u\\xfe\\x92\\xfejqy\\x98\\xe6\\xb2io\\xd4\\x95\\x97r5r\\xae\\xbe\\xd2\\x99\\xa3\\x86\\xba\\xa6tkhk\\xbb\\x08\\x861\\xc7vm\\xc0\\xae\\xb9ufm\\xb3sp\\xc8\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xfa\\xdd\\x0b\n\\x92\\x81i96$\\x02\\xbf\\xb3g,\\xfd\\xf1j\\x17\\xc4\\x14\\xae|\\x7f\\xd1\\x8c\\x881d\\x01\\x17\\xef\\x89\\x8c\\x90!\\x84\\x81cy/\\xcci\\xd9\\x98\n\\xf7"
641.  
642.  
643. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04b\\x12\\xcf\\xd3\\x98\\x96xawh\\xd7\\x01xqk\\xa4\\x98\\x8bl&y=\\x85\\xe0\\x94jbt:\\\\xfb\\xc4\\x85\\x8f3;\\xb2\\xa95\\x15=\\xa4|wh\\xe8\\x04\\xef \\xf0l\\xd1\\x12\\xf4\\x1cf\\x06xb\\x10&y\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x0001c\\x8f=\\x90\\x87#\\x8c\\xf4\\@d\\x01gz\\xde\\xcdb9`\\xd9\\xea\\xb1\\xa5\\xf2\\xa1j12<,\\xfb\\x96\\xd2'\\xd9\\x99\\xd6r\\xcc\\xb8\\xba7e\\xf7\\xc8\\xbd"
644.  
645.  
646. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xf8\\x0c\\xaa\"\\x97jn=*f\\xa3\\x9as\\xcf\\xbdy\\x96,b\\xb4\\x9f7k\\xef\\xe7p6\\xbbz\\x84\\xa6\\xb5\\xc9\\xba\\x9d\\xdd\\x8a+\\x92s\\x00d\\xf9^:d\\x80\\x1c\\xe6\\xb0\\x9dbc\\xb4\\xed\\xfdhy\\xf0\\x94\\xfeg\\xd7\\xd2@\\x1adm\\x06^\\xf6\\xf2\\xd1l\\xea\\xc1\\x17fa\\xe6\\xe4\\x0bw\\x80\\x03\\x01\\x1c\\xba\\xe9aw\\xdd7q=\\xa3\\xcc\\xc5.\\xa1*\\xa8\\x05\\xa2\\x1d\\xe9\\xfd\\xcd\\xf0\\xe4\\xb7(\\xee\\xda>o\\xbd\\x9c\\xb2\\xf8\\xf4r\\xf9&\\x84\\x06eay\\xea\\xbf\\x93%\\x9b\\xf1\\xc6\\x87\\xdf\\x91c_'ih\\xb9o\\xdc\\xab\\xe9\\xdd#\\xda\\x0c\\xf3\\x1b\\xe9\\x9c\\x11ev\\xf8\\xa9h\\xe1\\x8f\\x9b\\x83\\x9c\\xcf\\xd7i\\x02\\x0f\\xa1\\xaf\\xb9\\x05\\xb2\\x1c\\xc1\\xcc\\xfd\\xbe\\xfex\\xbb\\x1eh\\xa0<1\\xa5n\\xf9\\x95\\xe66ce\\xef\\x13\\xf0\\xad\\x87p-\\xbb\\x0c\\xe4\\x11d\\xda\\x03\\x12j9\\xe4\\x80c\\xd4o\\xf6\\xe6\\xa6\\x81?jt\\xc0\\xc5\\xcb\\xfdp\\xa8l\\xc5\\x1c&\\xd9%bt\\xcc:\\x18>b"
647.  
648.  
649. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010y\\x14\\xfd\\xfc2\\x11h\\x8f@\\x82\\xaf\\xb9\\xf8!\\xbbcc\\xc0q0\\xd8\\xdf\\x1b&2\\xe15r\\xd2\\x8d\\x06e\\xaf\\xe55\\xad\\xb9\\x9cf$\\xa4\\xec\\x95\\x96\\x10o\\xee?\\x01\n\\xeds)u*\\xee\\xf8\\x13\\xab\\xa0\\xb13a\\xf7\\xd3\\x89#\\x0caq\\xa6_%q\\xfc\\x0b\\x1a\\xba_\t\\xe9ft:\\xd3-\\x12\\xe2b\\xf6\\xe3\\xf80\\xb0\\x9a'|\\x11\\xd7\\xce\\x8b%\\x89\\xcb\\xe1\\xa4\\xff\\xa0\\xaf9\\x82\\xb7;5z^\\xce;dz\\x06o\\xca_\\xde$)>f\\x96\\xcb\\x0f\\x05;\\x83\\x10\\xf9o\\x9c\\\\xff\\xe3hd\\x8ai\\xef\\x9a\\xc5\\xbb\\xa1\\x11\\x92gp\\x12\\xba\\xbb\\xb4\\x9dd\\xe1\r\\xd0\\x86\\x83\\x18\\xc8\\x18\\xba\\xee\\xfa\\x19\\xcd\\xf4\\xc3,+\\xa5\\xf6\n\\xcd\\xc8\\x13~)\\xb5\\x91\\xbc\\xfd\\xc7\\xbb\\x1a\\xb2ns\\xdb\\x03\\xa9\\x0b\\x19\\xb6\\xd1\\xc8mttf\\xb3\\x0c\\xcc\\xdfq\\xe6y\\x7fz\\xf6\\x96p\\xc6hj\\xd3\\x99c\\xeb\\xbb\\x990\\xa7\\xb9\\x97\\xf3\\xacae\\x08\\xd9\\xaa%l\\xe0z\\xc1b\\x1e\\x9d2|\\xf5"
650.  
651.  
652. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe1\\xd0\\x9e\\xff\\x0c\\xae&\\xeexz\\x08\\xa5\\x84\\xc7\\x80\\x02\\x18\\xf4=\\xad\\xafwg:\\x16o!,\\xc3\\xe9\\x81\\x86\\xbc\\xcfvk4\\xe0\\xa8\\xf4q\\x1d\\xc6\\xac\\x16'\\xa1\\xd1/q\\x8a\\xa1u\\xd4\\x80\\xa0\\xe5\\x9a0\\xe0\\xf2\\xb0\\x9d\\x85<u\\xc7\\x01\\xd1\\x88\\x91o\\xb7\\xf0l\\x93la):6\\xf4xi\\x06\\xb2f(q\\x85\\xb3o\\xc6\\xef\\x14\\xc6*\nj\\x14th\\xa5>h&p\\x81\\x87l\\xd2\\x9b\\xd7\\x8a&\\xf0fx\\xb8g\\xf2\\xff\\xfe\\xae\\xdd\\x84\\xe7\\x91\\xa7\\xec\\xfd\\x8ab\\xe2:~(\\xf0_\\xc3w\\x0f\\x07l\\x8e\\xd3\\x00,\\x88%\\xe4\\xe3\\x18\\xceeg\\xb6\\xee\\xdb\\x86\\x9e\n`i\\xcb\\xd6r*\\xbbu*z\\xec\\x05n3\\xc6\\xd7\\xb8\\x16\\xc4\\x8a\\x8a\\-5b\\xef\\x989:\\xd3\\xcb\\xcc\\xb7\\x9b\\xe6\\x1e\\xd1\\xc9&m\\xea\\xbaiy\\xef\\xf63\\xc1\\xfe\\xdb\\xd7s!\\x1f\\x1c<s\\xfcc\\xe9\\xb6\\x10@\\xa3\\xec3g\\xcafn!\\xbb\\x8a;\\x96 \\xf5\\xa9\\x99\\x17\\xe6d|"
653.  
654.  
655. "http_request": "winword.exe_WSASend_>\\x00\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01/ra\\xa0\\xd6\\x13c\\xb1\\xfeq\\x8e\\x85\\x94\\x1c\\x9cp\\x84>\\xe2|\\xcb\\xf4kn\\x83\\xd7\\x04\\xcfq\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
656.  
657.  
658. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010@\\xa4\\xf6\\xd7\\xd3\\xc6ak\\xddhh\\xb2\\xac\\xe8\\xc7\\xb87\\x94`\\x9a,\\x1c\\xcfq\\x06m\\xd2\\x16\\x01\\xfb\\xbd>4\\xa7\\x88'\r\\xca!\\xcco\\xd2\\x94xzb+e\\x15h?-\\xf9\\x88\\x08\\xa9\\xe1\\xae|\\x9b\\xc2i\\x0f\\x7f\\xfev_\\xcc\\x13q\\x0b:\\x080\\x82\\xf7\\xa5\\x96\\xaa\\xf1\"'\\x7f\\xe2\\xc3\\xfen\\x07v\\xd4\\x87\\xd2\r\\xdf\\x0f\\x87\\xdf\\xd0^\\xda\\xfc\t\\xearj$\\xf6\\x9b:\\xfff\\xb2\\x8b>\\x89\\xf92\ry\\x98\\xe6\\xbdd\\x18\\xc6\\xd5\\xba\\xba\\x05\\xfc\\x82\\xf3\\x84\\x01\\x11~\\xdb\\xd8nr\\x13\\x05\\xfesr\\xb8\\xe3\\xac\\x98+\\xe8\\xa5a\\x01\\x08&es\\xf0\\\\xc4~e\\x1e\\xb9\\xa3\\xc8.\\x8e\\xbc\\x81\\x015\\x84\\x1e\\xc7\\xf9\\xcc\\xc1\\xd1h\\xd5\\xf5\\xab\\x8fsl\\x1d\\xfec@\\x11\tlh\\xb25\t\\xf6wm\\x85\\x84\\x00\\xbaz\\x19\\xfa\\xd0\\xaf\\xa5\\xeay\\x07e\\xcf\\xbf\\xd16b\\xe9f;\\x85>\\x01\\x14\\xf8\\xaan\\xcb^\\x0f\\xb71\t\\x12\\x16\\xf5\\xd2yb\\xd5g\\x14e\\xb3"
659.  
660.  
661. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xbfy\\x02em\t\n\\xdf.c\\xc8&\\x0b\\x05\\x80\\xb1\\x1d\\xdfw\\xf3\\xa4\\x0ef+\\xf1s\\x12w\\xeeu8\\x8b\\xa2&\\xfb\\x07\\xb0w\\xdd\\x105\r\\x83\\x1ew\\xaa\\xc3g\\xca\\xf9pq\\xc5\\xfbo\\xe2#\\xfe\\x91\\xcaxm\\x1d\\xa3$^\\xe4\\x8c.na\\xb0rv+6x\\xed\\xa0\\xca*\\x9a\\xc5\\x13~\\xef^\\xfa\\x01\\xda(&m\\xc6>\nc\\xed\\xd2\\x8ci6h\\xb7\\xc6\\xeb\\x0cl\\x7f\\xa4\\x80\\x9f\\x13r\\xc9\\x1f\\xa2\"e\\x13\\x0c\\xc0\\xd7\\xb5\\x83\\xa9\\x9d\\x1c\\x88n\\xa9l?\\xbc\\x14a\\xb73+\\xad\\xea\\xf0\\x07\\x0c\\x0e\\xbd\\x91j\\xbd\\x8c\\xa8$\\x9b.\\xa4\\x15hh\\xac;\\xb0\\xbb/\\x91\n\\xd3m\\x8cf\\xd4\\x85\\xd1\\x83\\x98vi\\xebh\\x1c\\xeb\\xd6a\\xda\\xfe\\xa7\\xa3\\xb3\\xff\\x17\\xf5\\xf6\\xefa;dj\\x91?\\xfb\\xc4\\xca7\\x7f\\xe1\\xbd\\xf1\\x8et\\x90\\x1eq\\x96\\x00\\xc1\\x83gr\\xc9\\x90\\x85\\xb0i\\xe6\\x07&\\x11\\x7f\\x04\\xbe_\\xdb\\xfb\\x0b~<\ti9p9cl\\x88\\xc0's\\xde"
662.  
663.  
664. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\"\\x96\\xc8\\xf7\\x8a\\xf8\\x02\\xfajk\\x08=\\xacx\\xb7j\\x05\\x8c\\x8e\\xbf7|\\xcf\\xfc\\xe4$\\x99\\xeb\\x04p\\x8f!\\xda\\x9d$q\\xfc\\xac#o\\xaf-\\xccd\\xa0n\\x12\\xd2\\x0b\\xfa\\xda\\xbf*\\xcf\\x95\\x12h%\\xa7\\x02t\\\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x84\\x15<l\\x9e\\xab\\xd3\\x7f\\xec\\xaap\\xbcf\\xf5\\xae.0b\\xc0eu\\xcf\\x98\\xb42l\\x8b\"\\xe1\\x86\\xaa$\\xee\\xe9b\\x05\\x99\\x0f\\xd2#j\\x90\\x80\\xad\\x1c0\\x92\\xec"
665.  
666.  
667. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x7fz\\x14\\xcc%g\\xdcu\\xa448\\x9b\\x19\\x1a\\xcc\\x184\\x93\\x9d\\x10\\x01\\x14yg%<\\xc7\\xa1\\xe4b\\x1e\\x9b\\xe4\\x9d(\\xe6!\\x9c\\x8ev\\xa6p:u|a(\\xa2\\x96n\\x1c9\\xce\\x01\\xce\\xb0\\xc4\\xa2\\xd4\\xe9~\\xfc(w\\xe2\\xb0\\xd8:pw\\xb7\\x18g\\x98\\xbe-\\x93n\\x95\\xcb\\x85\\x8e\\x13b\\xd6\\xb4$v\\xdd\\xf3\\0\\x10.\\x8a7\\xccy\\xcd7\\xf4\\x1c\\xa8z\\x96\\xe4)\\xbc\\x8b\\x1c\\xa2\\x83\\xea\\x99\\xc8\\xa9\\xd6\\x02o\\x059\\xb7j\\xdffh\\xb0ru\\xd8\\xf2\\xb1\\xba\\xefad\\xbb\\x9a-s\\x91by\\xae5\\xfa\\x04\\xde\\x17\\xb4$w\\xa7_\\xa9\\x99\\x1e\\xc56\\x86\\x16\\x86\\x8b\\x82f\\x01\\xc7\\xc5yt\\x03>6)\\xf8\\xb6\\xb7\\xbee\\x14\\xb6\\xc8\\x1ac\\x0f>\\x1d\\x0ec\\xa1\\xb3\\x86\\x9c!f\\x97r\\x99\\x9bm\\x16#\\x87\r\\xf7\\xed\\xe9.\\xf4\\x8d/\\xbaa\\xd6a\\x870\\xcd\\x19 \\xc5\\x9c\\xa7^\\x85k\\x17\\x88\\x95\\xd9\\x86\\x97\\x0b\\xbf\\xb8c\\xfd\\x10\\xc2w\\xd7\\xeeiz\\xdb>\\xd1\\xb3\\xa9"
668.  
669.  
670. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xf0p\\xe0\\xdf\\xac\\x9d\\x14|\\x89\\x8d\\xe8\\xc8\\xeeb(ht\\xc9\\x9f\\xcc:\\xd2p\\xca\\x9b\\xa9\\xe2e\\x0bbk\\x85\\x0b-`\\xca\\x03\\xc4\\xe8=@\\x1a\\x8a\\x8a\\x85_m#\\xfe\\x8eb\\xd2\\x1b\\xae\\x86l\\x88\\xec\\x16\\xcc\\x93=\\x96\\x9ej\\xc3f;4<<\\xccxmw\\\\xd3\\x96\\xe1\\xe1\\xe7ks\\xfa\\x8fx\rq\\xf3\\xcf+\\x93i\\xb4\\x88\\xde\\x01j\\xc2\\xbc\\xf0\\x92\\x02\\xd2-p\\xe4ojw/\\xc8%\\xf4\\x16\r;\\x1e\\xac\\xffq\\x9b\\x88\\xc3\\xb3* \\x8dz\\xacy\\xc3\\x19\\xd8\\xf4@\\x856\\x9d\\xb1 \\xffq\\xf14\\xce\\x1a\\xa6\\xec\\x1f\\x9b?`\\x96\\xbc\\xec?\\xcd\\x01y\\xac\\x17\\xca\\xffo,\\x9d\\xf0\\xb9$1\\xb4q\\x88\\xc9\\xecr\\x98\\x9a\\x12>k\\x17\\x8crz^\\xb8\\x94\\xea\\x1b`\\x90\n\\x81\\xa8\t\\xfb_\\x17\\xd8\\xc5\\xbd\\x8a\\x8ac\\xc3\\x8e\\xe0\\xa9\\xb4\\xdaq\\xa3d\\x08m/k2\\x82\\xa0o\\x08\\xd0\\xe8\\x8fw\\xa3\\x94\\xa3\\xc5\\xd9\\x1f9\\x17e\\xa0r^\\xe9\\xef\\x9c\\xc6yf0\\xf7\\xc4"
671.  
672.  
673. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb9\\x90\\xf6\\xa0\\xac)x\\x8f\\x1a\\x80\\x06\\x97\\xfa\\xa3\t\\xa6\\x10\\x97r\\x93\\xae\\xe6gv\\xbf\\xf0)\\xb9\\x9dc\\x0b\\xbb\\x85,\\xae\t\\xaa\\xa5\\xaf\\xf0.!-\\xc7\\xd3\\x8dp~\\x89\\xb8\\xf7\\x19\\xa1\\xa0m\\x03\\xe6\\xb1\\x98u\\x82\\x1c\\xd2k3\\xf32\\xe0\\xbd\\xa4\\x80\\x06\\x90c\\xad\\xf1\\xa9\\x8e~b\\xd0\\xce/\\x06\\xec<\\xb6ln\\xe8d\\xdcf\\xa8ym\\xcfd\\xd2f\\xd7n\\xc2\\xd8;w\\x7f\\xc0\\xec\\x06\\xcdl\\xf3-=\\xc1\\xd4\\x98l\\xba\\x89\\xd1\\x99\\xc4v\\xf3\\xa4q\\xc3\\xa2\\x14\\xf2\\x83\\xf3\\x136#6\\xdc\\xae\\x13a\\x1d\\x92*n!\\xf4\\x08e\\xf8\\xc29s\\xc8\\x9fe\r\\x8fz\\xcdqk\\x03hz-#\\x15,\\xf3\\xbbt;\\xacch$t\\x00\\xc0c5\\xed2f\\x1b\\x95\\xae\\xf8\\x91\\x14\\x8d\\x8f_\\x04\\xd2dg\\xacn\\x90w\\x9eb3\\xd6i\\x8c\\xa3\\xc1\\x17\\xf4^-d7d\\xc6\\xbf6'\\x82b\\x83\\x10\\xf4\\xa0~\\xc5xo\\xdd\\xe1>\\xab\\xcb\t\\xc0\\x14\\xdey\\xf1\\x95\\xfb\\x9c"
674.  
675.  
676. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x143\\xa0r\\x17\\x03\\xe3o!\\x90'\\x8d\\x0bwm2\\xe2\\xcc\\x8co\\xef0\\xa7\\xbf\\xd5\\xe5b\\xb1m1\\x9c\\xe2\\x16\t\\xee$\\x8eg\\xc4\\xcb\\xda\\x02\n:\\xac<\\xd9j\\xbb\\x87\\xfb\\xb3\\xca\\xf5*\\xa5 \\xe6\\xae\\xe2\\x10\\x19\\x8a\\xe8;w1'\\x8b\\x8fg\\xf46\\xac\\x07*,cg\\xb3\\x02\\xf3\\xb6-\\x7f\\xed*\\xdd\\x94\\xd6\\xcaq\\xd6c\\x12\\xb7\\xdbg\\x02lj\\x9b\\xa0.6e\"\\xbbs\\xfc\\x9d\\x9a\\x87\\x95\\x17\\x19!s\\xab&\\x17\\x0c<%pb\\xf6*\\xa3 \\xcf\\xe2&v\\xbb\"\\xcb\\xca\\x85\\x85\\xd4\\x10\\x9d\\xa4\\x90\\x12h\\x88$\\xb9\\x0cv'\\xef\\xa6\\x9e,\\xd9\\xf6\\xb8\\xfe\\x9d!\\xb8\\xd51\\xe8\\x8d\\xa4a\\x9e\\x06\\xeey\\x83\\xfc\t4\\xdf\\x80\\xc9d7\\x8a\\xd3\\xc5\\x81\\x07h\\x17\\xbd(\\x96,:\\xbe\\x00 \\xe9\\x9a.+\\xe7\\x92\\xbf\\xe6@\\xb4\\xf0 \\x15\r\\x87\\xe6\\xe8^9\\x0f\\x17\\x13l\\xd8s\\xdf7\\xc4n\\xea\\xa8\\xcb\\xa9\\x105\\x121&\\xa4\\xb6\\xfb\\xbb\\xa6*\\xc2\\x9b\\x97w\\xa4\\x04"
677.  
678.  
679. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xf5n\\xb4\\x80\t5&\\xea\\x14\\x1c\\xebp\\x00x\\x15\\x17b\\xe5\\xae\\x15\\xd1\\x830\\x93\\xf6\\xf4\\x88f\\.k\\xa2\\xd4\\xa09a\\xf8<f\\xc6\\xcc\\x80\\xf6\\xf0\\x07\\xbb\\x10jf\\x93\\xe7\\xc3b\\x01v\\xcd\\x81\\x1e\\xc3c\\x93\t\\xda\\x91m\\xa2\\xa7\\x1d\\x94\\xe6\\xcc\\x1f\\xc8\\xf6u4\\x96\\xec9\\xab\\x87t\\x9d4\\xaf\\xa8k\\xdf\\x9dr%\\x981\\xe7\\xee\\xf5\\x99\\xee\\xb4\\x0ch\\xf4\\xa3\\x80pg:c\\xfe\\x7f\\xd6\\xadx\\xfc\\x90\\x12\\x0f(\\xd0f\\xe3\"\\x16\\xb9\"\\x17\\x98\\x92\\x82\\x00\\xc2\\xe76\\x8a\\x1e\\x93\\xc3\\x16f\\xd2\\xcf\\x1a)vu\\xda\\x073\\xe7$?\\xb6\\x8e\\xa28\\xcee\\xe1\\xcf\\x03d\\x81o\\xa3\\xdd)0ya\\xcb\\xb7\\xc3\\x1cm\\xf0\\xb8f\\xbe\\xb6_\\xbcg\\xbfr\\xe0u\\x1c\\x17\\xdb\\xd7`4\\xe7\\xaa&/q\\xea\\xd7)<si\\xfe\\xd4#\\xe0ub_\\xed<\\xcc\\x17\\x13'\\xd2k\\xa4\\xa2\\xa7\\x1c\\xf6\\xfemsn\n\\xe5\\xf9\\x13\"\\xc9\\xce\\x88g?\\xe9ud\\xb1p.\\xa4qv"
680.  
681.  
682. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010(&\\xbf\\xc0z\\xe2;be\\xce\\xf5\\xcbl\\x08u\\xdc6\\x90\\x87\\xf2\\xd7\\x95\\x01\\x9a\\xec\\x17/\\x86\\x99\\xe7k\\xd7\\xfbvz\\xdc\\xc4\\xb1\\x9f\",d\\x93\\xa8*b\\xc6\\xa5\\xaf\\x18\\x00\\xf7\\x0c\\xd7\\xd8\\xf2\\xa4\\xd3sgdpiy\\xf8:\\xd0x2\\xe0\\x064o\\x94\\xc9\\x1bq\\xf3\\x85vgm6\\xc6i\\xb5vv\\x8e\\x1bx\\x9cw:$\\xcew!:+\\x8b\\x07\\xd5\\x98\\x04\\x9f\\xc0\\x1e\\xa4~\\x0c\\xa0s\\x16y\\x9fwc\\xc6\\xb19\\x8f,y9\\xaelh9,\\xcf\\xbb\\xb6h\\xf9\\x0f\\xb2lz\\xe5\\x84\\x1c\\x19\\x0c\\xda%\\xd0\\xab\\xb9\\xf6?=\\xd9\\xcd@\\xe1\\xb9\\xed~\\xf2_kzt=\\x89\\xf1\\xd8\\xe8\\xc1\\xf7\\xbc\\x92\\xcb@o\\xc6\\xdc\\xf7\\xb4w\\x08$u\\x98d\\xef\\x81\\xb0\\xca\\xa3\\x1d\\xb3h7\\xa8\\xab\\xf5\\xa7\\x0f\\xdfc\\x820sr'\\xd3\\x1c\\xbc\\xbb0\\xdf9\\x86\\xd5\\x97\\x00\\x03\\xb2\\x10\\xed\\xffq\\x04.\\x93`\\xed\\xfe\"\\xa2\\x98jl\\x83o\\xbcidav"
683.  
684.  
685. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x1c3\\xa4^,\\x0e\\x81\\\\xcf\\xfaq\\xb7\\xad\\xbf\\x18kx\\xd4<\\x19\\xc4v\\x9c)q u\\xf5\\x07b3v\\xd8i\\x06x\\x043\\xd6ghr\\xea\\xc7,\\xdf\\xe6\\xbe\\\\x9b\\x80t\\xbd\\xea\\xf8\r\\x1eh\\xc8|!\\xb2\\xd7\\xec4\\xc1\\xfeq\\x89\\xffv\\xda\\xaa_81\\xce\\xe3:\t\\x10\\x93\\x0c\\xfa\\xa6\\xd4\\x87:\\xb6\\xa3e\\x06\\x03z\\xe6\\x01eotv\\xc7\\x0f\\xb3q\\xc6\\x07\\xa2\\xb2o0\\xcf;6`a\\xa5r\\xc9\\x8e5\\xe0i\\x10\\x04\\xee\\xe1\\x178=\\x90\\x94\\xa4 \\xb2\\x97g\\x9e\\x80\\xabt\\xe8\\xb6nw\\xc1\\x0f:\\xec\\xe0\\x94\\xfc\\xcd7\\xac\\x14\\xb6\\x9d\\xcd\\x99\\x1dw\\x80\\x9a\\\\x14\\x1e\\x0fa/,\\\\xa3y\\x0e\\xab\\xa0\\xe2\\x94\\xed\\x19,\\xd4\\xee-\\xd81\\xa5w\\xc2\\x8d)\\xb4\\xaf\\xfdj)l\\x15\\xd6\n\\xf3\\xdf\\x18hs\\xac\\xf6\\x92\\xca\\xcb\\xe86\\x11e\\xd0\\xd3\\xc4\\xa6\\xe2\\xcc\\x02\\xef\\xb2\\xe9hs\\x15w\\xe5u \\xbat\\x88\\xa2.\\x03.!\\xd3\\xd8+\\xad\\x94"
686.  
687.  
688. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xa80^\\xc5\\x08c\\xf6\\xdew\\xc4ni\\xd9\\xbf\\xa5v\\xa25w\\xddt\\x01h\\x03z\\x08n\\xc8\\xbb@\\x17z\\xfdv\\xaa,\\xae\\xbd\\x9e\\xd9t\\xa8<kjlt\\x14\\xf3l\\xbb5\\xf3\\xe2\\xc7\\x92\"\\x85\\x11\\xfa\\xe5\\x90\\x8b\\xde\\xf3\\x06\\xd2\\xca<%\\xa1m\\xf5\\xba\\x1f\\xe7|%\\xc3\\xec\\xe4\\x8a\\x9e\\x87\\x7f-k\\xbbh\\xd3\\xee\\xf0x\\x8ap\\xf8\\xb7\\xcdjqje@\\x19\\xae\\xce\\xb4q\\x8c\\xce\\xb0\\xac7\\x91\\xa5\\x91\\xff\\x94\\xe6\\x19\\xb3\\x1c\\xec=\\xf1\\x83\\xe1\\x9c\\xaf\\xdb\\x85\\xc2\\xc2\\x0fs\\xda#\\xe1\\x1a\\x12,\\xe2\\xd15\\xf8\\x01\\xe5\\x1a\\x9f\\xf92\\xb5=\\x15\\xedk\\xa10\\xeb\\xbf\\x82\\x10\\x94\\xfe\\xbb\\xcd\\x17\\xd9yr\\xca\\xfe\\x95\\xcd\\x1b\\xd2\\xf9\\xdei\\xbe\\xd4\\xb4\\xbbb\\x87\\xcavvy<\\x11;%\\xdb\\xa1\\xb4j\\xe6v\\xc8\\x01&\\xf4\\x8cg9\\xf2g\\xd7\\x14\\x0c0\\xc1z\\xc3,\\xa3\\x03\\xd1\\xdc+=\\x8e\\xee\\xbd\\xe0s\\x85dn\\xa9\\x14\\xf1a2\\xe38q\\xae\\x1c\\x96\\x18\\xea6\\x9f\\xb0\\x97+\\xaa"
689.  
690.  
691. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xf3\\x80x\\x94\\x8f8m2v0r\\xa5k\\x8e\\xe3\\xca\\x90\\x00\\x9chy\\xd9_\\x83\\xd9xsg\\xa2\\xd6\\xf8<\\x10!\\x00ca\\xc50\\x846y\\xde\\xff8\\x1e\\x04r\\x06t\\x1a\\xb7\\xbdh+\\xaa\\xf8\\xcaf\\xe6\n\\xe0\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x14o\\x933u\\xe3\th\\xf1\\xd3u\\xb5d\\xc0\\x8f\\x89\\xef\\xb9\\xa1\\x99\\xa7'\\xa7\\xdc)\\xe4\\x86n\\xe4v\\x93\\xd7\\xack\\x12\\x9ba\\xdayg\\xf3wqa\\x84\\xda\\x99\n"
692.  
693.  
694. "http_request": "winword.exe_WSASend_get /pki/crl/products/microsoftrootcert.crl http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: thu, 07 mar 2019 06:00:16 gmt\r\nuser-agent: microsoft-cryptoapi/6.1\r\nhost: crl.microsoft.com\r\n\r\n"
695.  
696.  
697. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x7fwd\\x17\\x9dpy\\xc2\\x84\\xa8\\x1a\\x1f\\xd0\\xe6\\x93\\xc1c\t-\\xd3\\x02v@\\xb4|\\xbao\\x14\\x86j\\x86\\x8d+kvi\\x0c\\x80\\xde7\\x92\\x0b\"\\x9a\\xf6\\xe1\\xa5\\xca\\xc3\\xfb\\xe4$\\x8d\\xdd\\xa9\\xb8h'\\z=\\xdc\\x15\\xa8?r6.\t=\"\\x1do\\x9e\\x86etz\\x0e\\x15\\xd3\\xd7\\x11f\\xceg\\xab\\xef\\x9b\\xa9v\\xd7\\x10\\x99zj\\xee\\xd2r(tu\\xcc\\xdcm\\xcd\\x8f\\xda\\x00#\\x97\\xb0\\x9e8\\x9c\\xcf\\x02\\x91xy.3\\x98d\\xe1av'\\x00$x\\x85\\x9e?\\xd7\\xec\\xf4\\x15$qr\\xdd\\xf3\\xa7_\\xbc\\x80\\xe0\\xc5\\x8e\\x03\\xdbn(z\\xef\\xbe\\xa1\\x99\\xf8v\\xa7t\\x17\\xd4*\\xd7-\\xda\r@_\\x1b \\x93\\x18i\\x15\\xae=\\xcd\\x1b\\x84^\\xd9c\\xae\\x0e\\xc7im\\x84\\x19\\xa1\\xa2\\xb0\\x05\\x80\\x8f>|\\x90%\\x1c\\xb5\\xd74\\xb4\\x9ez\\xb1\\xf0\\xd6\\xd7\\xcc\\x8e\\x03\\xb6\\x14\\xfb\\xc8\\xb7\\xe3\\xa5\\x1d\\xcf\\xfb\\x1b\\xbf\\xa4$\\xfa4\\xcd\\xb2(q\\xaf.zr\\xca_$\\x93\\xae"
698.  
699.  
700. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x7f\\x01\\x00\\x00\\x03\\x01/r\\x83x`\r\\xae\\x10u\\xf7bx\\x9e\\xf7k\\xbd\\xe2\\xe3k\\x1d\\x91?\\x01\\x02\\x14\\xfe\\xc5\\x92\\x94\\xfa\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00:\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00!\\x00\\x1f\\x00\\x00\\x1cactivation.sls.microsoft.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
701.  
702.  
703. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x01\\x06\\x10\\x00\\x01\\x02\\x01\\x00|\\xcd\\xc3de\\xc9\\x81\\xf9$\\x9e\\xa4\\xd7u\\x07\\xb4\\x05\\xf0\\xf0i\\xcd\\xc0#\\xbd\\xca\\x8f\\x96\\xda\\xa1\\xff\\xb6b\\x0b\\xbbf\\x11\\x07r\\xe7\\xbc\\xeas\\x93?b\\xbf\\xd02u\\x9bu)j\\xf1,\\xb3\\xc5d\t#\\xb8\\x85\\xc4\\xd6\\x10*\\xc2z\\xf5\\xd9\\x8d\r3\\xe9\\xef\\x1a\\xd4\\x85bq\\xd8\\xb6\\x91\\x8c\\xfe\\x81\\xc0\\xdd\\x1f\\x0c\\xc8\\x93\\xcb;\\x9bp\\xa3\\x83\\xff\\xa3o\\x84k\\xd8=%ac\\x84\\x19\\x85#\\xc4x\\xb1b\\xda\\xac\\xdb\\xc9\\x9a\\xe0\\xb6\\x8e-cx\\x86\\xde\\x828/i\\xf7>\\x8az\\xf7\\x87\\xf2\\x02x\\xa4\\xac\\xdd0m\\x86\\xe2ps\\xb1e\\xb4\\\\xa4\\xee\"!\\xdc\\xcez\\xecd\\x8d)\\x11g\nr\\x13w;\\xb1oa\\xa7\\x1b\\xafo\\xfb\"\\x82\\xb2\\xf0\\xfa\\xec\\x0b^\\x8a0\\x1c-\\x024\\xf9%rh\\xf4\tl=\\xf4\\xcb=\\xab\\x08cm\\x92:\\x1d\\xd2!\\xd4d_h\\x87\\xedzl\\xb0|\\x0c\\xf2\\x01cw\\xdd\\xc2\\xc7m$\\x8d\\xa9\\xd0\\xbb\\xe9t\\x8da\\x05"
704.  
705.  
706. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01`\\xea\\x1ag\\xbf\\x0be8i\\xe3l\\xa8x`<\\xbcq\\xeb^f\\xf0\\xe5%\\xb6\\xd3\\xb2=\\xc1~dj<\\x8e\\xf15\\xf2t\\xe1-3a\\xa8 \\xa9\\xf1*\\xe2><\\x1d\\xeaal+h!b9\\xbdw\\x89j\\x1fq\\x915o$d\\x8f\\xa7\\x19\\x7ff?\\x8d\\xf4w'a\\x93qp\\x9d\\x9e\\xc1\\x8c7\\x14\\xb1\\xd3@\\xab\\xaf\\x88\\xed(o)\\xdf\\x03\\x8b\\xafam\\xba3\\x18\\x18\\xachb\\xcc\\x9d\\x90\\x9e\\xf1\\b\\x1d\\xa2\\xe3r\\x9b\\xbap\\x16\\x1d\\xb1\\xb3(>pq\\x88%\\x04\\xbe\\x0b(\\xc0\\xcc4\\x98\\x9f\\x11\\xb8cc\\xdd\\xec)\\xce\\xbd\\x11a\\\\xd5mz\\xb7\"\\xa5d\\x06\\xf2\\x85\\xb0\\xc2\\x03\\xc0\\xa5y:\\xa1\\xd3\\\\xd4\\x86\\xa8:hj\\\\x93\\x8ff\\xe1h\\x1b\\x95\\xea\\xe1\\xb5\\xcd\\x97\\x15\\xb5\\xeb\\xd2.ah\\xec\\x88\\x95w\\xa3\\x8as\\xcd\\xc3\\x8a\\xe2!:\\x91\\xbd\\x8em\\x18\\x1e\\xee\\x81l\\xe6q!\\xafd.\\xc9\\xde\\xee\\xa2\\xb8t\\xd5\\xee\\xc5\\x87q\\x87\\x84\\xa0m\\xd3\\xd4\t"
707.  
708.  
709. "http_request": "winword.exe_WSASend_\\x17\\x03\\x019p\\x04\\x0fg\\x115\\xb5\\xb3\\xbflkw\\xebg\\x1c7\\x8a\\xf5\\xf0\\xde\\xc7\\xf2e\\xca\\xc3\\x93\\xea\\xaa2\\x97\\x199\\x1e:\\xce\\xbdm\\xd2\\xda%\\x15yu\\x07\\xa8l\\xb0\\xa5\\x98l\\x88\\xc9\\x95\\x05^\\xe8y\\xa5\\x95\\x97\\xc3\\x86\\x97\\xa8\\xb2\\xe5\\xf0\\x1a\\xba\\x11\\x12-\\xdd0k!u\\x0f(\\x1e\\xb2\\d\\xa38r\\xa0\\xee\\x97\\xce\\x89\\x07\\xeb\\xa65\\xe6)i\\xebo3\\xcc\\x02\\x9e\\xf5xj=\\xf3\\xde\" \\x96\\x88\\xaf\\xd7\\x03\\xac\\xfc\\xd1|\\x97\\xc0t\\xa3\\xfe\\x0b\\x18\\xc5\\xaf\\x9c\\x86ik\\x91\\x15\\xeci\\xe6\\x05\\x03\\xdb\\x93\\xba\\xa0\\xe5\\xd4\\x99!g\\xe9:\\xbes\\x12\\xf2\\x08\\x1c\\xc6je\\x08bvr\\xbfg\\xff\\x15\\x14+\\xf4\\x15\\x14\\xc6.\\xaf\\x8a\\xfd\\x81r\\x1a\\x0cfm?\\xe0\\xd8\\xe3\\x8dnv\\xa5\\xe1\\x1b\\xe37(l\\\\x83y^t\\x8aj\\xbe\\x04?\\xa7\\xc5\\xa3q\\xa1cy\\xc6\\x03\\xee\\x97w\\xf9$\\xed\\xf1\\x17r\\xe2$\\x91ci\\xf0\\xca\\x96/b\\x92~\\xebw\\x8b\\xeax"
710.  
711.  
712.  
713.  
714. "Description": "Likely Malicious Office Document DL/Write EXE to disk",
715. "Details":
716.  
717. "office_dl_write_exe": "winword.exe_InternetCrackUrlW_http://danmaxexpress.com/ssl/u.exe"
718.  
719.  
720. "office_dl_write_exe": "winword.exe_HttpOpenRequestW_/ssl/u.exe"
721.  
722.  
723. "office_dl_write_exe": "winword.exe_InternetReadFile"
724.  
725.  
726. "office_dl_write_exe": "winword.exe_NtWriteFile_C:\\Users\\user\\AppData\\Roaming\\u.exe"
727.  
728.  
729. "office_dl_write_exe": "winword.exe_InternetCrackUrlW_http://danmaxexpress.com/ssl/u.exe"
730.  
731.  
732. "office_dl_write_exe": "winword.exe_HttpOpenRequestW_/ssl/u.exe"
733.  
734.  
735. "office_dl_write_exe": "winword.exe_InternetReadFile"
736.  
737.  
738. "office_dl_write_exe": "winword.exe_NtWriteFile_C:\\Users\\user\\AppData\\Roaming\\u.exe"
739.  
740.  
741. "office_dl_write_exe": "winword.exe_InternetCrackUrlW_http://danmaxexpress.com/ssl/u.exe"
742.  
743.  
744. "office_dl_write_exe": "winword.exe_HttpOpenRequestW_/ssl/u.exe"
745.  
746.  
747. "office_dl_write_exe": "winword.exe_InternetReadFile"
748.  
749.  
750. "office_dl_write_exe": "winword.exe_NtWriteFile_C:\\Users\\user\\AppData\\Roaming\\u.exe"
751.  
752.  
753.  
754.  
755. "Description": "Creates a hidden or system file",
756. "Details":
757.  
758. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\~WRL0001.tmp"
759.  
760.  
761. "file": "C:\\Users\\user\\AppData\\Local\\Temp\\~WRL0003.tmp"
762.  
763.  
764.  
765.  
766. "Description": "File has been identified by 27 Antiviruses on VirusTotal as malicious",
767. "Details":
768.  
769. "MicroWorld-eScan": "VB:Trojan.Agent.EALP"
770.  
771.  
772. "FireEye": "VB:Trojan.Agent.EALP"
773.  
774.  
775. "CAT-QuickHeal": "Exp.RTF.CVE-2017-8570.A"
776.  
777.  
778. "McAfee": "Exploit-CVE2017-8570.d"
779.  
780.  
781. "Symantec": "ISB.Downloader!gen60"
782.  
783.  
784. "ESET-NOD32": "VBS/TrojanDownloader.Agent.RPV"
785.  
786.  
787. "TrendMicro-HouseCall": "Trojan.W97M.CVE20178570.SM"
788.  
789.  
790. "Kaspersky": "HEUR:Exploit.MSOffice.CVE-2017-8570.a"
791.  
792.  
793. "BitDefender": "VB:Trojan.Agent.EALP"
794.  
795.  
796. "NANO-Antivirus": "Trojan.Script.Vbs-heuristic.druvzi"
797.  
798.  
799. "Rising": "Exploit.CVE-2017-8570!1.AFC6 (CLASSIC)"
800.  
801.  
802. "Ad-Aware": "VB:Trojan.Agent.EALP"
803.  
804.  
805. "Sophos": "Exp/20178570-G"
806.  
807.  
808. "TrendMicro": "Trojan.W97M.CVE20178570.SM"
809.  
810.  
811. "Emsisoft": "VB:Trojan.Agent.EALP (B)"
812.  
813.  
814. "Ikarus": "Exploit.CVE-2017-8570"
815.  
816.  
817. "Cyren": "JS/Downldr.QN!Eldorado"
818.  
819.  
820. "Fortinet": "VBS/Agent.JURO!tr.dldr"
821.  
822.  
823. "Arcabit": "VB:Trojan.Agent.EALP"
824.  
825.  
826. "ZoneAlarm": "HEUR:Exploit.MSOffice.Generic"
827.  
828.  
829. "Microsoft": "Trojan:Win32/Sonbokli.A!cl"
830.  
831.  
832. "ALYac": "VB:Trojan.Agent.EALP"
833.  
834.  
835. "MAX": "malware (ai score=83)"
836.  
837.  
838. "Zoner": "Probably RTFObfuscationD"
839.  
840.  
841. "Tencent": "Vbs.Trojan-downloader.Agent.Pjxg"
842.  
843.  
844. "GData": "VB:Trojan.Agent.EALP"
845.  
846.  
847. "Qihoo-360": "susp.rtf.objupdate.gen"
848.  
849.  
850.  
851.  
852. "Description": "Clamav Hits in Target/Dropped/SuriExtracted",
853. "Details":
854.  
855. "dropped": "clamav:Rtf.Exploit.CVE_2017_0199-6231737-0, sha256:284360c44fae016d3c21387420746d70f13dccec6e09807953e338a66c334eaf , guest_paths:C:\\Users\\user\\AppData\\Local\\Temp\\RTF_beb86a6171a5311949c82f451b8eb934.doc, type:Rich Text Format data, version 1, unknown character set"
856.  
857.  
858.  
859.  
860. "Description": "Drops a binary and executes it",
861. "Details":
862.  
863. "binary": "C:\\Users\\user\\AppData\\Roaming\\u.exe"
864.  
865.  
866.  
867.  
868. "Description": "Martian Subprocess Started By Office Process",
869. "Details":
870.  
871. "office_martian": "c:\\users\\user\\appdata\\roaming\\u.exe"
872.  
873.  
874. "office_martian": "c:\\users\\user\\appdata\\roaming\\u.exe"
875.  
876.  
877. "office_martian": "c:\\users\\user\\appdata\\roaming\\u.exe"
878.  
879.  
880.  
881.  
882. "Description": "Created network traffic indicative of malicious activity",
883. "Details":
884.  
885. "signature": "ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile"
886.  
887.  
888. "signature": "ET CURRENT_EVENTS Possible Malicious Macro DL EXE Feb 2016"
889.  
890.  
891. "signature": "ET TROJAN Single char EXE direct download likely trojan (multiple families)"
892.  
893.  
894.  
895.  
896.  
897. * Started Service:
898. "osppsvc"
899.  
900.  
901. * Mutexes:
902. "Local\\2BF388D5-6F8C-40A0-A7EE-996D005C4E14_Office15",
903. "Local\\!IETld!Mutex",
904. "Global\\MTX_MSO_Formal1_S-1-5-21-0000000000-0000000000-0000000000-1000",
905. "Global\\MTX_MSO_AdHoc1_S-1-5-21-0000000000-0000000000-0000000000-1000",
906. "5CAC3FAB-87F0-4750-984D-D50144543427-VER15",
907. "CicLoadWinStaWinSta0",
908. "Local\\MSCTF.CtfMonitorInstMutexDefault1",
909. "Local\\F99C425F-9135-43ed-BD7D-396DE488DC53",
910. "Global\\MsoShellExtRegAccess_S-1-5-21-0000000000-0000000000-0000000000-1000",
911. "Global\\552FFA80-3393-423d-8671-7BA046BB5906",
912. "Local\\WinSpl64To32Mutex_1a6d6_0_3000"
913.  
914.  
915. * Modified Files:
916. "C:\\Users\\user\\AppData\\Local\\Temp\\RTF_beb86a6171a5311949c82f451b8eb934.doc",
917. "C:\\Users\\user\\AppData\\Local\\Temp\\~$F_beb86a6171a5311949c82f451b8eb934.doc",
918. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\15.0\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=10",
919. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRF56461B2C-A4E4-4604-ADC8-6F14020C399F.tmp",
920. "C:\\Users\\user\\AppData\\Local\\Temp\\Abctfhghghghghg.sct",
921. "\\??\\PIPE\\srvsvc",
922. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\S4VH3RFR\\u1.exe",
923. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
924. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
925. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
926. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
927. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab302B.tmp",
928. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar302C.tmp",
929. "C:\\Users\\user\\AppData\\Roaming\\u.exe",
930. "\\Device\\NamedPipe",
931. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS91C73612-58A0-4CEF-B1F6-D29B25F3B1D9.tmp",
932. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS4DECC029-669B-4CAA-A49E-E2FE839A30ED.tmp",
933. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.MSO\\D77E8FEC.png",
934. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\AutoRecovery save of RTF_beb86a6171a5311949c82f451b8eb934.asd",
935. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC",
936. "C:\\Users\\user\\AppData\\Local\\Temp\\cab543F.tmp",
937. "C:\\Users\\user\\AppData\\Local\\Temp\\cab547F.tmp",
938. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5480.tmp",
939. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5490.tmp",
940. "C:\\Users\\user\\AppData\\Local\\Temp\\cab54B1.tmp",
941. "C:\\Users\\user\\AppData\\Local\\Temp\\cab550F.tmp",
942. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5510.tmp",
943. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5521.tmp",
944. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5522.tmp",
945. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5542.tmp",
946. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5591.tmp",
947. "C:\\Users\\user\\AppData\\Local\\Temp\\cab55A2.tmp",
948. "C:\\Users\\user\\AppData\\Local\\Temp\\cab55A3.tmp",
949. "C:\\Users\\user\\AppData\\Local\\Temp\\cab55B4.tmp",
950. "C:\\Users\\user\\AppData\\Local\\Temp\\cab55F3.tmp",
951. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5652.tmp",
952. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5683.tmp",
953. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5684.tmp",
954. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5672.tmp",
955. "C:\\Users\\user\\AppData\\Local\\Temp\\cab56B4.tmp",
956. "C:\\Users\\user\\AppData\\Local\\Temp\\cab56C4.tmp",
957. "C:\\Users\\user\\AppData\\Local\\Temp\\cab56D5.tmp",
958. "C:\\Users\\user\\AppData\\Local\\Temp\\cab56E5.tmp",
959. "C:\\Users\\user\\AppData\\Local\\Temp\\cab56E6.tmp",
960. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5784.tmp",
961. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD",
962. "C:\\Users\\user\\AppData\\Local\\Temp\\cab58AE.tmp",
963. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD",
964. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5AC2.tmp",
965. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\~WRD0000.tmp",
966. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab5B30.tmp",
967. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76",
968. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar5B31.tmp",
969. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21",
970. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21",
971. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5B90.tmp\\ThemePictureGrid.glox",
972. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5BC0.tmp\\gb.xsl",
973. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5B90.tmp\\Content.inf",
974. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\UProof\\ExcludeDictionaryEN0409.lex",
975. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5BC0.tmp\\Content.inf",
976. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5C0F.tmp\\Banded.thmx",
977. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5C4E.tmp\\Element design set.dotx",
978. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328986fn=Theme Picture Grid.glox",
979. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851218fn=gb.xsl",
980. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5C4F.tmp\\BracketList.glox",
981. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5C0F.tmp\\content.inf",
982. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5C4E.tmp\\Content.inf",
983. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5D5A.tmp",
984. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5C4F.tmp\\Content.inf",
985. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03090430fn=Banded.thmx",
986. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5E38.tmp",
987. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Building Blocks\\1033\\TM03998158fn=Element.dotx",
988. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5D6B.tmp\\ConvergingText.glox",
989. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328893fn=BracketList.glox",
990. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5D6D.tmp\\Equations.dotx",
991. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5D6B.tmp\\Content.inf",
992. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F04.tmp\\content.inf",
993. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F15.tmp\\ieee2006officeonline.xsl",
994. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5D6D.tmp\\Content.inf",
995. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5FE5.tmp",
996. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F44.tmp\\content.inf",
997. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F04.tmp\\Frame.thmx",
998. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F45.tmp\\chicago.xsl",
999. "C:\\Users\\user\\AppData\\Local\\Temp\\cab60B4.tmp",
1000. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F15.tmp\\Content.inf",
1001. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5FB5.tmp\\APASixthEditionOfficeOnline.xsl",
1002. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F45.tmp\\Content.inf",
1003. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD60A3.tmp\\TabList.glox",
1004. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F44.tmp\\Metropolitan.thmx",
1005. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5FB4.tmp\\CircleProcess.glox",
1006. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD60A3.tmp\\Content.inf",
1007. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328916fn=Converging Text.glox",
1008. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6015.tmp\\PictureFrame.glox",
1009. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457475fn=Frame.thmx",
1010. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851217fn=chicago.xsl",
1011. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6180.tmp\\Crop.thmx",
1012. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6035.tmp\\HexagonRadial.glox",
1013. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Building Blocks\\1033\\TM01840907fn=Equations.dotx",
1014. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5FB5.tmp\\Content.inf",
1015. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328972fn=Tab List.glox",
1016. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851222fn=ieee2006officeonline.xsl",
1017. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD61BF.tmp\\RadialPictureList.glox",
1018. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457491fn=Metropolitan.thmx",
1019. "C:\\Users\\user\\AppData\\Local\\Temp\\cab63C9.tmp",
1020. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5FB4.tmp\\Content.inf",
1021. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6200.tmp\\ThemePictureAccent.glox",
1022. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6035.tmp\\Content.inf",
1023. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD61D0.tmp\\gostname.xsl",
1024. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6180.tmp\\Content.inf",
1025. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6015.tmp\\Content.inf",
1026. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD630B.tmp\\iso690nmerical.xsl",
1027. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851216fn=apasixtheditionofficeonline.xsl",
1028. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD630C.tmp\\gosttitle.xsl",
1029. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD61BF.tmp\\Content.inf",
1030. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD63B8.tmp\\Basis.thmx",
1031. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6200.tmp\\Content.inf",
1032. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328908fn=Circle Process.glox",
1033. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD63DA.tmp\\ThemePictureAlternatingAccent.glox",
1034. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM10001105fn=Crop.thmx",
1035. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD61D0.tmp\\Content.inf",
1036. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD630B.tmp\\Content.inf",
1037. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328919fn=Hexagon Radial.glox",
1038. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328932fn=Picture Frame.glox",
1039. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD630C.tmp\\Content.inf",
1040. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD64A6.tmp\\Text Sidebar (Annual Report Red and Black design).docx",
1041. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD63B8.tmp\\content.inf",
1042. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328940fn=Radial Picture List.glox",
1043. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6554.tmp\\iso690.xsl",
1044. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6505.tmp\\content.inf",
1045. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD63DA.tmp\\Content.inf",
1046. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328975fn=Theme Picture Accent.glox",
1047. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851219fn=gostname.xsl",
1048. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457444fn=Basis.thmx",
1049. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD64A6.tmp\\Content.inf",
1050. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851224fn=iso690nmerical.xsl",
1051. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851220fn=gosttitle.xsl",
1052. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6505.tmp\\View.thmx",
1053. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6554.tmp\\Content.inf",
1054. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851223fn=iso690.xsl",
1055. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Building Blocks\\1033\\TM02835233fn=Text Sidebar (Annual Report Red and Black design).docx",
1056. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6A95.tmp\\InterconnectedBlockProcess.glox",
1057. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6A94.tmp\\rings.glox",
1058. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328983fn=Theme Picture Alternating Accent.glox",
1059. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6A95.tmp\\Content.inf",
1060. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457515fn=View.thmx",
1061. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6A94.tmp\\Content.inf",
1062. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6B71.tmp\\VaryingWidthList.glox",
1063. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328925fn=Interconnected Block Process.glox",
1064. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6B71.tmp\\Content.inf",
1065. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328998fn=Rings.glox",
1066. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328990fn=Varying Width List.glox",
1067. "C:\\Users\\user\\AppData\\Local\\Temp\\cab6D18.tmp",
1068. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D48.tmp\\Headlines.thmx",
1069. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D48.tmp\\Content.inf",
1070. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM10001103fn=Headlines.thmx",
1071. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\~WRL0001.tmp",
1072. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF30749614CDE35AE9.TMP",
1073. "C:\\Users\\user\\AppData\\Local\\Temp\\cab7141.tmp",
1074. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab719F.tmp",
1075. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar71A0.tmp",
1076. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7366.tmp\\content.inf",
1077. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7366.tmp\\Savon.thmx",
1078. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457510fn=Savon.thmx",
1079. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD74B0.tmp\\harvardanglia2008officeonline.xsl",
1080. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD74B0.tmp\\Content.inf",
1081. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851221fn=harvardanglia2008officeonline.xsl",
1082. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD757C.tmp\\pictureorgchart.glox",
1083. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD757C.tmp\\Content.inf",
1084. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328935fn=Picture Organization Chart.glox",
1085. "C:\\Users\\user\\AppData\\Local\\Temp\\cab7E76.tmp",
1086. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab7F51.tmp",
1087. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar7F52.tmp",
1088. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD804D.tmp\\content.inf",
1089. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD804D.tmp\\Wood_Type.thmx",
1090. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03090434fn=Wood Type.thmx",
1091. "C:\\Users\\user\\AppData\\Local\\Temp\\cab881E.tmp",
1092. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8948.tmp\\Circuit.thmx",
1093. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8948.tmp\\content.inf",
1094. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033919fn=Circuit.thmx",
1095. "C:\\Users\\user\\AppData\\Local\\Temp\\cab8C66.tmp",
1096. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8D03.tmp\\content.inf",
1097. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8D03.tmp\\Slate.thmx",
1098. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033929fn=Slate.thmx",
1099. "C:\\Users\\user\\AppData\\Local\\Temp\\cab9234.tmp",
1100. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD932F.tmp\\content.inf",
1101. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD932F.tmp\\Mesh.thmx",
1102. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457485fn=Mesh.thmx",
1103. "C:\\Users\\user\\AppData\\Local\\Temp\\cab9F85.tmp",
1104. "C:\\Users\\user\\AppData\\Local\\Temp\\CabA041.tmp",
1105. "C:\\Users\\user\\AppData\\Local\\Temp\\TarA042.tmp",
1106. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDA0A1.tmp\\Insight design set.dotx",
1107. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDA0A1.tmp\\Content.inf",
1108. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Building Blocks\\1033\\TM03998159fn=Insight.dotx",
1109. "C:\\Users\\user\\AppData\\Local\\Temp\\~WRD0002.tmp",
1110. "C:\\Users\\user\\AppData\\Local\\Temp\\~WRL0003.tmp"
1111.  
1112.  
1113. * Deleted Files:
1114. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab302B.tmp",
1115. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar302C.tmp",
1116. "C:\\Users\\user\\AppData\\Roaming\\u.exe",
1117. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.MSO\\D77E8FEC.png",
1118. "C:\\Users\\user\\AppData\\OICE_15_974FA576_32C1D314_3DB3\\",
1119. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Schemas\\MS Word_restart.xml",
1120. "C:\\Users\\user\\AppData\\Local\\Temp\\Abctfhghghghghg.sct",
1121. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\",
1122. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM04033917fn=Berlin.eftx",
1123. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM04033937fn=Vapor Trail.eftx",
1124. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM04033921fn=Damask.eftx",
1125. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM04033925fn=Droplet.eftx",
1126. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM03457464fn=Dividend.eftx",
1127. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM04033927fn=Main Event.eftx",
1128. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM04033917fn=Berlin.xml",
1129. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM04033937fn=Vapor Trail.xml",
1130. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM04033917fn=Berlin.xml",
1131. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM04033927fn=Main Event.xml",
1132. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM04033925fn=Droplet.xml",
1133. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM03457464fn=Dividend.xml",
1134. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM04033927fn=Main Event.xml",
1135. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM04033937fn=Vapor Trail.xml",
1136. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM04033925fn=Droplet.xml",
1137. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM04033921fn=Damask.xml",
1138. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM03457464fn=Dividend.xml",
1139. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM04033921fn=Damask.xml",
1140. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5B90.tmp",
1141. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5BC0.tmp",
1142. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab5B30.tmp",
1143. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5C0F.tmp",
1144. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar5B31.tmp",
1145. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5C4E.tmp",
1146. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5C4F.tmp",
1147. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5B90.tmp\\ThemePictureGrid.glox",
1148. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5BC0.tmp\\gb.xsl",
1149. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5672.tmp",
1150. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5C0F.tmp\\Banded.thmx",
1151. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5D6B.tmp",
1152. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5C4E.tmp\\Element design set.dotx",
1153. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5C4F.tmp\\BracketList.glox",
1154. "C:\\Users\\user\\AppData\\Local\\Temp\\cab547F.tmp",
1155. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5D6D.tmp",
1156. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5AC2.tmp",
1157. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F04.tmp",
1158. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F15.tmp",
1159. "C:\\Users\\user\\AppData\\Local\\Temp\\cab58AE.tmp",
1160. "C:\\Users\\user\\AppData\\Local\\Temp\\cab54B1.tmp",
1161. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F44.tmp",
1162. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F45.tmp",
1163. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5FB4.tmp",
1164. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5FB5.tmp",
1165. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6015.tmp",
1166. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6035.tmp",
1167. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD60A3.tmp",
1168. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5D6B.tmp\\ConvergingText.glox",
1169. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F04.tmp\\Frame.thmx",
1170. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6180.tmp",
1171. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F45.tmp\\chicago.xsl",
1172. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD61BF.tmp",
1173. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5D6D.tmp\\Equations.dotx",
1174. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD60A3.tmp\\TabList.glox",
1175. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F15.tmp\\ieee2006officeonline.xsl",
1176. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F44.tmp\\Metropolitan.thmx",
1177. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6200.tmp",
1178. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD61D0.tmp",
1179. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD630C.tmp",
1180. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD630B.tmp",
1181. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5FB5.tmp\\APASixthEditionOfficeOnline.xsl",
1182. "C:\\Users\\user\\AppData\\Local\\Temp\\cab56B4.tmp",
1183. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD63B8.tmp",
1184. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5510.tmp",
1185. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5E38.tmp",
1186. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5FB4.tmp\\CircleProcess.glox",
1187. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD63DA.tmp",
1188. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6180.tmp\\Crop.thmx",
1189. "C:\\Users\\user\\AppData\\Local\\Temp\\cab543F.tmp",
1190. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6035.tmp\\HexagonRadial.glox",
1191. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6015.tmp\\PictureFrame.glox",
1192. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5683.tmp",
1193. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD64A6.tmp",
1194. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5522.tmp",
1195. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5D5A.tmp",
1196. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD61BF.tmp\\RadialPictureList.glox",
1197. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6505.tmp",
1198. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6554.tmp",
1199. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6200.tmp\\ThemePictureAccent.glox",
1200. "C:\\Users\\user\\AppData\\Local\\Temp\\cab550F.tmp",
1201. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD61D0.tmp\\gostname.xsl",
1202. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD63B8.tmp\\Basis.thmx",
1203. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM03457503fn=Quotable.eftx",
1204. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM10001106fn=Badge.eftx",
1205. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD630B.tmp\\iso690nmerical.xsl",
1206. "C:\\Users\\user\\AppData\\Local\\Temp\\cab55A3.tmp",
1207. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD630C.tmp\\gosttitle.xsl",
1208. "C:\\Users\\user\\AppData\\Local\\Temp\\cab60B4.tmp",
1209. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5784.tmp",
1210. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5652.tmp",
1211. "C:\\Users\\user\\AppData\\Local\\Temp\\cab56E6.tmp",
1212. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM03457503fn=Quotable.xml",
1213. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM10001106fn=Badge.xml",
1214. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5684.tmp",
1215. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5521.tmp",
1216. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5FE5.tmp",
1217. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM03457503fn=Quotable.xml",
1218. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM10001106fn=Badge.xml",
1219. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5591.tmp",
1220. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6554.tmp\\iso690.xsl",
1221. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD64A6.tmp\\Text Sidebar (Annual Report Red and Black design).docx",
1222. "C:\\Users\\user\\AppData\\Local\\Temp\\cab55B4.tmp",
1223. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6A95.tmp",
1224. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6A94.tmp",
1225. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM03457496fn=Parallax.eftx",
1226. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM10001104fn=Feathered.eftx",
1227. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD63DA.tmp\\ThemePictureAlternatingAccent.glox",
1228. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6505.tmp\\View.thmx",
1229. "C:\\Users\\user\\AppData\\Local\\Temp\\cab55A2.tmp",
1230. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM03457496fn=Parallax.xml",
1231. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5480.tmp",
1232. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM10001104fn=Feathered.xml",
1233. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6B71.tmp",
1234. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM03457496fn=Parallax.xml",
1235. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM10001104fn=Feathered.xml",
1236. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6A95.tmp\\InterconnectedBlockProcess.glox",
1237. "C:\\Users\\user\\AppData\\Local\\Temp\\cab56D5.tmp",
1238. "C:\\Users\\user\\AppData\\Local\\Temp\\cab63C9.tmp",
1239. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6A94.tmp\\rings.glox",
1240. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6B71.tmp\\VaryingWidthList.glox",
1241. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5542.tmp",
1242. "C:\\Users\\user\\AppData\\Local\\Temp\\cab56E5.tmp",
1243. "C:\\Users\\user\\AppData\\Local\\Temp\\cab55F3.tmp",
1244. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D48.tmp",
1245. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D48.tmp\\Headlines.thmx",
1246. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\AutoRecovery save of RTF_beb86a6171a5311949c82f451b8eb934.asd",
1247. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\~WRD0000.tmp",
1248. "C:\\Users\\user\\AppData\\Local\\Temp\\cab6D18.tmp",
1249. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\~WRL0001.tmp",
1250. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab719F.tmp",
1251. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar71A0.tmp",
1252. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7366.tmp",
1253. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7366.tmp\\Savon.thmx",
1254. "C:\\Users\\user\\AppData\\Local\\Temp\\cab7141.tmp",
1255. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD74B0.tmp",
1256. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD74B0.tmp\\harvardanglia2008officeonline.xsl",
1257. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD757C.tmp",
1258. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5490.tmp",
1259. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD757C.tmp\\pictureorgchart.glox",
1260. "C:\\Users\\user\\AppData\\Local\\Temp\\cab56C4.tmp",
1261. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab7F51.tmp",
1262. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar7F52.tmp",
1263. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD804D.tmp",
1264. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD804D.tmp\\Wood_Type.thmx",
1265. "C:\\Users\\user\\AppData\\Local\\Temp\\cab7E76.tmp",
1266. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8948.tmp",
1267. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8948.tmp\\Circuit.thmx",
1268. "C:\\Users\\user\\AppData\\Local\\Temp\\cab881E.tmp",
1269. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8D03.tmp",
1270. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8D03.tmp\\Slate.thmx",
1271. "C:\\Users\\user\\AppData\\Local\\Temp\\cab8C66.tmp",
1272. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD932F.tmp",
1273. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD932F.tmp\\Mesh.thmx",
1274. "C:\\Users\\user\\AppData\\Local\\Temp\\cab9234.tmp",
1275. "C:\\Users\\user\\AppData\\Local\\Temp\\CabA041.tmp",
1276. "C:\\Users\\user\\AppData\\Local\\Temp\\TarA042.tmp",
1277. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDA0A1.tmp",
1278. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDA0A1.tmp\\Insight design set.dotx",
1279. "C:\\Users\\user\\AppData\\Local\\Temp\\cab9F85.tmp",
1280. "C:\\Users\\user\\AppData\\Local\\Temp\\~WRL0003.tmp",
1281. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS4DECC029-669B-4CAA-A49E-E2FE839A30ED.tmp",
1282. "C:\\Users\\user\\AppData\\Local\\Temp\\~$F_beb86a6171a5311949c82f451b8eb934.doc"
1283.  
1284.  
1285. * Modified Registry Keys:
1286. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\y8<",
1287. "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\LanguageList",
1288. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache",
1289. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\RemoteClearDate",
1290. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1",
1291. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\Last",
1292. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0",
1293. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\FilePath",
1294. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\StartDate",
1295. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\EndDate",
1296. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\Properties",
1297. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\Url",
1298. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\LastClean",
1299. "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\@%SystemRoot%\\system32\\packager.dll,-2000",
1300. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingConfigurableSettings",
1301. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastSyncTime",
1302. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastWriteTime",
1303. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109E60090400000000000F01FEC\\Usage\\GraphicsFiltersPNGFilesIntl_1033",
1304. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\ProductFiles",
1305. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle",
1306. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle\\ReviewToken",
1307. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
1308. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
1309. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109E60090400000000000F01FEC\\Usage\\ProductNonBootFilesIntl_1033",
1310. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\OUTLOOKFiles",
1311. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Common\\Cloud Storage",
1312. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ForceCacheRefresh",
1313. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OnceSucceeded",
1314. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
1315. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate",
1316. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT",
1317. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Capabilities",
1318. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ConnectMechanism",
1319. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsManaged",
1320. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsRemovable",
1321. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceOwner",
1322. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SortOrder",
1323. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SupportsMultiple",
1324. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\CapabilitiesMetadata",
1325. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Description",
1326. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Name",
1327. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceId",
1328. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceUrl",
1329. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata",
1330. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\KeyTip",
1331. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\Type",
1332. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails",
1333. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url16x16",
1334. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url32x32",
1335. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url48x48",
1336. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP",
1337. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Capabilities",
1338. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ConnectMechanism",
1339. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsManaged",
1340. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsRemovable",
1341. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceOwner",
1342. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SortOrder",
1343. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SupportsMultiple",
1344. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\CapabilitiesMetadata",
1345. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Description",
1346. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Name",
1347. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceId",
1348. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceUrl",
1349. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata",
1350. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\KeyTip",
1351. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\Type",
1352. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails",
1353. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
1354. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
1355. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
1356. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT",
1357. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Capabilities",
1358. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ConnectMechanism",
1359. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsManaged",
1360. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsRemovable",
1361. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceOwner",
1362. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SortOrder",
1363. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SupportsMultiple",
1364. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\CapabilitiesMetadata",
1365. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Description",
1366. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Name",
1367. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceId",
1368. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceUrl",
1369. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata",
1370. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\KeyTip",
1371. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\Type",
1372. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails",
1373. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url16x16",
1374. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url32x32",
1375. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url48x48",
1376. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP",
1377. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Capabilities",
1378. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ConnectMechanism",
1379. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsManaged",
1380. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsRemovable",
1381. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceOwner",
1382. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SortOrder",
1383. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SupportsMultiple",
1384. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\CapabilitiesMetadata",
1385. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Description",
1386. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Name",
1387. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceId",
1388. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceUrl",
1389. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata",
1390. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\KeyTip",
1391. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\Type",
1392. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails",
1393. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
1394. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
1395. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
1396. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED",
1397. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Capabilities",
1398. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ConnectMechanism",
1399. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsManaged",
1400. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsRemovable",
1401. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceOwner",
1402. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SortOrder",
1403. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SupportsMultiple",
1404. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\CapabilitiesMetadata",
1405. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Description",
1406. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Name",
1407. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceId",
1408. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceUrl",
1409. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata",
1410. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\KeyTip",
1411. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\Type",
1412. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT",
1413. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Capabilities",
1414. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ConnectMechanism",
1415. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsManaged",
1416. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsRemovable",
1417. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceOwner",
1418. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SortOrder",
1419. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SupportsMultiple",
1420. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\CapabilitiesMetadata",
1421. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Description",
1422. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Name",
1423. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceId",
1424. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceUrl",
1425. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata",
1426. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\DefaultFolderRelativePath",
1427. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\KeyTip",
1428. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\Type",
1429. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails",
1430. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url16x16",
1431. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url32x32",
1432. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url48x48",
1433. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP",
1434. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Capabilities",
1435. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ConnectMechanism",
1436. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsManaged",
1437. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsRemovable",
1438. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceOwner",
1439. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SortOrder",
1440. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SupportsMultiple",
1441. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\CapabilitiesMetadata",
1442. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Description",
1443. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Name",
1444. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceId",
1445. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceUrl",
1446. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata",
1447. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\KeyTip",
1448. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\Type",
1449. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails",
1450. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
1451. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
1452. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
1453. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER",
1454. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Capabilities",
1455. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ConnectMechanism",
1456. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsManaged",
1457. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsRemovable",
1458. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceOwner",
1459. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SortOrder",
1460. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SupportsMultiple",
1461. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\CapabilitiesMetadata",
1462. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Description",
1463. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Name",
1464. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceId",
1465. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceUrl",
1466. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata",
1467. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\HideIfEmpty",
1468. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\KeyTip",
1469. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\Type",
1470. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails",
1471. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url16x16",
1472. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url32x32",
1473. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url48x48",
1474. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE",
1475. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Capabilities",
1476. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ConnectMechanism",
1477. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsManaged",
1478. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsRemovable",
1479. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceOwner",
1480. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SortOrder",
1481. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SupportsMultiple",
1482. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\CapabilitiesMetadata",
1483. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Description",
1484. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Name",
1485. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceId",
1486. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceUrl",
1487. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata",
1488. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
1489. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
1490. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\KeyTip",
1491. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\RegularExpression",
1492. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\Type",
1493. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails",
1494. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url16x16",
1495. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url32x32",
1496. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url48x48",
1497. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT",
1498. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Capabilities",
1499. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ConnectMechanism",
1500. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsManaged",
1501. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsRemovable",
1502. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceOwner",
1503. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SortOrder",
1504. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SupportsMultiple",
1505. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Description",
1506. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Name",
1507. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceId",
1508. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceUrl",
1509. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails",
1510. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url16x16",
1511. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url32x32",
1512. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url48x48",
1513. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE",
1514. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Capabilities",
1515. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ConnectMechanism",
1516. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsManaged",
1517. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsRemovable",
1518. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceOwner",
1519. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SortOrder",
1520. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SupportsMultiple",
1521. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Description",
1522. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Name",
1523. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceId",
1524. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceUrl",
1525. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails",
1526. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url16x16",
1527. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url32x32",
1528. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url48x48",
1529. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE",
1530. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Capabilities",
1531. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ConnectMechanism",
1532. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsManaged",
1533. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsRemovable",
1534. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceOwner",
1535. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SortOrder",
1536. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SupportsMultiple",
1537. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\CapabilitiesMetadata",
1538. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Description",
1539. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Name",
1540. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceId",
1541. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceUrl",
1542. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata",
1543. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
1544. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
1545. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\KeyTip",
1546. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\RegularExpression",
1547. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\Type",
1548. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails",
1549. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url16x16",
1550. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url32x32",
1551. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url48x48",
1552. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Security\\Trusted Documents\\LastPurgeTime",
1553. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery",
1554. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\11413E1",
1555. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\11413E1\\11413E1",
1556. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\General\\LastAutoSavePurgeTime",
1557. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109F100A0C00000000000F01FEC\\Usage\\SpellingAndGrammarFiles_3082",
1558. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109F100C0400000000000F01FEC\\Usage\\SpellingAndGrammarFiles_1036",
1559. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109F10090400000000000F01FEC\\Usage\\SpellingAndGrammarFiles_1033",
1560. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03090434",
1561. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457503",
1562. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033917",
1563. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457510",
1564. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001105",
1565. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033919",
1566. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457464",
1567. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457475",
1568. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033925",
1569. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033927",
1570. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457485",
1571. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033937",
1572. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001106",
1573. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033921",
1574. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457444",
1575. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03090430",
1576. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457515",
1577. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457496",
1578. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033929",
1579. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457491",
1580. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001103",
1581. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001104",
1582. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328935",
1583. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328972",
1584. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328990",
1585. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328951",
1586. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328986",
1587. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328975",
1588. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328998",
1589. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328983",
1590. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328932",
1591. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328908",
1592. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328884",
1593. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328940",
1594. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328925",
1595. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328919",
1596. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328916",
1597. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM02835233",
1598. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM01840907",
1599. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851221",
1600. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851217",
1601. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851224",
1602. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851223",
1603. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851226",
1604. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851225",
1605. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851227",
1606. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851220",
1607. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851219",
1608. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851216",
1609. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851222",
1610. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851218",
1611. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM03998159",
1612. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM03998158",
1613. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328905",
1614. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328893",
1615. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Licensing\\09D07EFC505F4D9CBFD5ACE3217F6654",
1616. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\11413E1\\126FDED",
1617. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\NextUpdate",
1618. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\LastUpdate",
1619. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\NextUpdate",
1620. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\LastUpdate",
1621. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Arial Unicode MS",
1622. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Batang",
1623. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@BatangChe",
1624. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@DFKai-SB",
1625. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Dotum",
1626. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@DotumChe",
1627. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@FangSong",
1628. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Gulim",
1629. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@GulimChe",
1630. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Gungsuh",
1631. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@GungsuhChe",
1632. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@KaiTi",
1633. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Malgun Gothic",
1634. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Meiryo",
1635. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Meiryo UI",
1636. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft JhengHei",
1637. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft JhengHei UI",
1638. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft YaHei",
1639. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft YaHei UI",
1640. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU",
1641. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU_HKSCS",
1642. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU_HKSCS-ExtB",
1643. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU-ExtB",
1644. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS Gothic",
1645. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS Mincho",
1646. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS PGothic",
1647. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS PMincho",
1648. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS UI Gothic",
1649. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@NSimSun",
1650. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@PMingLiU",
1651. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@PMingLiU-ExtB",
1652. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@SimHei",
1653. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@SimSun",
1654. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@SimSun-ExtB",
1655. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Agency FB",
1656. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Aharoni",
1657. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Algerian",
1658. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Andalus",
1659. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Angsana New",
1660. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\AngsanaUPC",
1661. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Aparajita",
1662. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arabic Typesetting",
1663. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial",
1664. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Black",
1665. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Narrow",
1666. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Rounded MT Bold",
1667. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Unicode MS",
1668. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Baskerville Old Face",
1669. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Batang",
1670. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\BatangChe",
1671. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bauhaus 93",
1672. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bell MT",
1673. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Berlin Sans FB",
1674. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Berlin Sans FB Demi",
1675. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bernard MT Condensed",
1676. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Blackadder ITC",
1677. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT",
1678. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT Black",
1679. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT Condensed",
1680. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT Poster Compressed",
1681. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Book Antiqua",
1682. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bookman Old Style",
1683. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bookshelf Symbol 7",
1684. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bradley Hand ITC",
1685. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Britannic Bold",
1686. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Broadway",
1687. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Browallia New",
1688. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\BrowalliaUPC",
1689. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Brush Script MT",
1690. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Calibri",
1691. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Calibri Light",
1692. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Californian FB",
1693. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Calisto MT",
1694. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cambria",
1695. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cambria Math",
1696. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Candara",
1697. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Castellar",
1698. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Centaur",
1699. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Century",
1700. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Century Gothic",
1701. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Century Schoolbook",
1702. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Chiller",
1703. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Colonna MT",
1704. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Comic Sans MS",
1705. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Consolas",
1706. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Constantia",
1707. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cooper Black",
1708. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Copperplate Gothic Bold",
1709. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Copperplate Gothic Light",
1710. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Corbel",
1711. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cordia New",
1712. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\CordiaUPC",
1713. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Courier New",
1714. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Curlz MT",
1715. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DaunPenh",
1716. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\David",
1717. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DFKai-SB",
1718. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DilleniaUPC",
1719. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DokChampa",
1720. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Dotum",
1721. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DotumChe",
1722. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Ebrima",
1723. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Edwardian Script ITC",
1724. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Elephant",
1725. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Engravers MT",
1726. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Bold ITC",
1727. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Demi ITC",
1728. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Light ITC",
1729. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Medium ITC",
1730. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Estrangelo Edessa",
1731. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\EucrosiaUPC",
1732. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Euphemia",
1733. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\FangSong",
1734. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Felix Titling",
1735. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Footlight MT Light",
1736. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Forte",
1737. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Book",
1738. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Demi",
1739. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Demi Cond",
1740. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Heavy",
1741. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Medium",
1742. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Medium Cond",
1743. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\FrankRuehl",
1744. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\FreesiaUPC",
1745. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Freestyle Script",
1746. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\French Script MT",
1747. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gabriola",
1748. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gadugi",
1749. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Garamond",
1750. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gautami",
1751. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Georgia",
1752. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gigi",
1753. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans MT",
1754. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans MT Condensed",
1755. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans MT Ext Condensed Bold",
1756. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans Ultra Bold",
1757. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans Ultra Bold Condensed",
1758. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gisha",
1759. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gloucester MT Extra Condensed",
1760. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Goudy Old Style",
1761. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Goudy Stout",
1762. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gulim",
1763. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\GulimChe",
1764. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gungsuh",
1765. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\GungsuhChe",
1766. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Haettenschweiler",
1767. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Harlow Solid Italic",
1768. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Harrington",
1769. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\High Tower Text",
1770. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Impact",
1771. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Imprint MT Shadow",
1772. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Informal Roman",
1773. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\IrisUPC",
1774. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Iskoola Pota",
1775. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\JasmineUPC",
1776. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Jokerman",
1777. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Juice ITC",
1778. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\KaiTi",
1779. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kalinga",
1780. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kartika",
1781. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Khmer UI",
1782. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\KodchiangUPC",
1783. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kokila",
1784. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kristen ITC",
1785. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kunstler Script",
1786. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lao UI",
1787. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Latha",
1788. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Leelawadee",
1789. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Levenim MT",
1790. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\LilyUPC",
1791. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Bright",
1792. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Calligraphy",
1793. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Console",
1794. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Fax",
1795. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Handwriting",
1796. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Sans",
1797. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Sans Typewriter",
1798. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Sans Unicode",
1799. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Magneto",
1800. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Maiandra GD",
1801. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Malgun Gothic",
1802. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Mangal",
1803. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Marlett",
1804. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Matura MT Script Capitals",
1805. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Meiryo",
1806. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Meiryo UI",
1807. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Himalaya",
1808. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft JhengHei",
1809. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft JhengHei UI",
1810. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft New Tai Lue",
1811. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft PhagsPa",
1812. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Sans Serif",
1813. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Tai Le",
1814. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Uighur",
1815. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft YaHei",
1816. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft YaHei UI",
1817. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Yi Baiti",
1818. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU",
1819. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU_HKSCS",
1820. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU_HKSCS-ExtB",
1821. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU-ExtB",
1822. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Miriam",
1823. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Miriam Fixed",
1824. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Mistral",
1825. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Modern No. 20",
1826. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Mongolian Baiti",
1827. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Monotype Corsiva",
1828. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MoolBoran",
1829. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Gothic",
1830. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Mincho",
1831. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Outlook",
1832. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS PGothic",
1833. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS PMincho",
1834. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Reference Sans Serif",
1835. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Reference Specialty",
1836. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS UI Gothic",
1837. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MT Extra",
1838. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MV Boli",
1839. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Narkisim",
1840. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Niagara Engraved",
1841. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Niagara Solid",
1842. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Nirmala UI",
1843. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\NSimSun",
1844. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Nyala",
1845. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\OCR A Extended",
1846. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Old English Text MT",
1847. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Onyx",
1848. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Palace Script MT",
1849. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Palatino Linotype",
1850. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Papyrus",
1851. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Parchment",
1852. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Perpetua",
1853. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Perpetua Titling MT",
1854. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Plantagenet Cherokee",
1855. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Playbill",
1856. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\PMingLiU",
1857. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\PMingLiU-ExtB",
1858. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Poor Richard",
1859. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Pristina",
1860. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Raavi",
1861. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rage Italic",
1862. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Ravie",
1863. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rockwell",
1864. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rockwell Condensed",
1865. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rockwell Extra Bold",
1866. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rod",
1867. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Sakkal Majalla",
1868. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Script MT Bold",
1869. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe Print",
1870. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe Script",
1871. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI",
1872. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Light",
1873. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Semibold",
1874. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Semilight",
1875. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Symbol",
1876. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Shonar Bangla",
1877. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Showcard Gothic",
1878. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Shruti",
1879. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\SimHei",
1880. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Simplified Arabic",
1881. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Simplified Arabic Fixed",
1882. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\SimSun",
1883. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\SimSun-ExtB",
1884. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Snap ITC",
1885. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Stencil",
1886. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Sylfaen",
1887. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Symbol",
1888. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tahoma",
1889. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tempus Sans ITC",
1890. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Times New Roman",
1891. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Traditional Arabic",
1892. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Trebuchet MS",
1893. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tunga",
1894. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tw Cen MT",
1895. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tw Cen MT Condensed",
1896. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tw Cen MT Condensed Extra Bold",
1897. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Utsaah",
1898. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vani",
1899. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Verdana",
1900. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vijaya",
1901. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Viner Hand ITC",
1902. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vivaldi",
1903. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vladimir Script",
1904. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vrinda",
1905. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Webdings",
1906. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wide Latin",
1907. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wingdings",
1908. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wingdings 2",
1909. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wingdings 3",
1910. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\NextUpdate",
1911. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\LastUpdate",
1912. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Toolbars\\Settings\\Microsoft Word",
1913. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\NextUpdate",
1914. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\LastUpdate",
1915. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations",
1916. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0",
1917. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0\\File Path",
1918. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0\\Datetime",
1919. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0\\Position",
1920. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\MTTF",
1921. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\MTTA",
1922. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Feedback\\AppUsageData_1",
1923. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\MTTT"
1924.  
1925.  
1926. * Deleted Registry Keys:
1927. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
1928. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
1929. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
1930. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate",
1931. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\y8<",
1932. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\/z:",
1933. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033917",
1934. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033937",
1935. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033921",
1936. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851226",
1937. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457464",
1938. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851227",
1939. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033927",
1940. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328951",
1941. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033925",
1942. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328884",
1943. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851225",
1944. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328905",
1945. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457503",
1946. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001106",
1947. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001104",
1948. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457496",
1949. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\11413E1\\126FDED",
1950. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\11413E1\\11413E1",
1951. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\MTTT"
1952.  
1953.  
1954. * DNS Communications:
1955.  
1956. "type": "A",
1957. "request": "danmaxexpress.com",
1958. "answers":
1959.  
1960. "data": "108.170.57.54",
1961. "type": "A"
1962.  
1963.  
1964.  
1965.  
1966.  
1967. * Domains:
1968.  
1969. "ip": "108.170.57.54",
1970. "domain": "danmaxexpress.com"
1971.  
1972.  
1973.  
1974. * Network Communication - ICMP:
1975.  
1976. * Network Communication - HTTP:
1977.  
1978. "count": 1,
1979. "body": "",
1980. "uri": "http://danmaxexpress.com/ssl/u.exe",
1981. "user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)",
1982. "method": "GET",
1983. "host": "danmaxexpress.com",
1984. "version": "1.1",
1985. "path": "/ssl/u.exe",
1986. "data": "GET /ssl/u.exe HTTP/1.1\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)\r\nHost: danmaxexpress.com\r\nConnection: Keep-Alive\r\n\r\n",
1987. "port": 80
1988.  
1989.  
1990. "count": 1,
1991. "body": "",
1992. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
1993. "user-agent": "Microsoft-CryptoAPI/6.1",
1994. "method": "GET",
1995. "host": "ocsp.digicert.com",
1996. "version": "1.1",
1997. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
1998. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
1999. "port": 80
2000.  
2001.  
2002. "count": 1,
2003. "body": "",
2004. "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
2005. "user-agent": "Microsoft-CryptoAPI/6.1",
2006. "method": "GET",
2007. "host": "ocsp.msocsp.com",
2008. "version": "1.1",
2009. "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
2010. "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
2011. "port": 80
2012.  
2013.  
2014. "count": 10,
2015. "body": "",
2016. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
2017. "user-agent": "Microsoft-CryptoAPI/6.1",
2018. "method": "GET",
2019. "host": "crl.microsoft.com",
2020. "version": "1.1",
2021. "path": "/pki/crl/products/microsoftrootcert.crl",
2022. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
2023. "port": 80
2024.  
2025.  
2026. "count": 3,
2027. "body": "",
2028. "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
2029. "user-agent": "Microsoft-CryptoAPI/6.1",
2030. "method": "GET",
2031. "host": "crl.microsoft.com",
2032. "version": "1.1",
2033. "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
2034. "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
2035. "port": 80
2036.  
2037.  
2038. "count": 2,
2039. "body": "",
2040. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
2041. "user-agent": "Microsoft-CryptoAPI/6.1",
2042. "method": "GET",
2043. "host": "crl.microsoft.com",
2044. "version": "1.1",
2045. "path": "/pki/crl/products/microsoftrootcert.crl",
2046. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 22 May 2019 05:00:43 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
2047. "port": 80
2048.  
2049.  
2050.  
2051. * Network Communication - SMTP:
2052.  
2053. * Network Communication - Hosts:
2054.  
2055. * Network Communication - IRC: