Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: ""
- [*] MalScore: 10.0
- [*] File Name: "11-Jun-2019_412ac541.xls"
- [*] File Size: 195584
- [*] File Type: "Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Microsoft Office, Last Saved By: alex, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Dec 19 10:42:12 2018, Last Saved Time/Date: Tue Jun 11 07:29:47 2019, Security: 0"
- [*] SHA256: "71207a001ee28a5c517d7dfc1567825a1f7c23ab17813712d09fbed2b139206d"
- [*] MD5: "b8f728b8a953002ca0652cfc201fca9c"
- [*] SHA1: "bb875476c8a6e1b69b30e356de56b8fe36a381c7"
- [*] SHA512: "9b487cbf5804d852ecc01aa3f7de9da211b8d83f9b2fa1e5630fb30bf3db4c42d44f22f1e0bf8ee4785003a287c8850b36dd38c283561fc896df5942cbfc4109"
- [*] CRC32: "9D3691CA"
- [*] SSDEEP: "3072:3Kpb8rGYrMPelwhKmFV5xtezEnE/TIfAJmYAGfi7CX4EIZyF5W7DAW+a1ivCvLXd:3Kpb8rGYrMPelwhKmFV5xtuEnE/TIYJt"
- [*] Process Execution: [
- "EXCEL.EXE"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Attempts to connect to a dead IP:Port (5 unique times)",
- "Details": [
- {
- "IP": "104.18.24.243:80"
- },
- {
- "IP": "52.109.2.18:443"
- },
- {
- "IP": "65.52.98.231:443"
- },
- {
- "IP": "52.109.2.14:443"
- },
- {
- "IP": "72.21.91.29:80"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
- },
- {
- "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
- },
- {
- "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
- },
- {
- "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
- },
- {
- "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
- },
- {
- "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
- },
- {
- "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
- },
- {
- "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
- },
- {
- "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
- },
- {
- "url": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes"
- }
- ]
- },
- {
- "Description": "The office file has a unconventional code page: ANSI Cyrillic; Cyrillic (Windows)",
- "Details": []
- },
- {
- "Description": "A document file initiated network communications indicative of a potential exploit or payload download",
- "Details": [
- {
- "http_request": "excel.exe_WSASend_\\x16\\x03\\x01\\x00~\\x01\\x00\\x00z\\x03\\x01]\\x01\\xab};\\xe0\\xd3\\xb3\\xb8\\x87\\xa3\\x0e\n\\xb4\\x8e\\xe8\\x00\\xb8\\xb7(v\\xeet\\x99$\\x9c\\\\xa0\\xad\t#^\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x009\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00 \\x00\\x1e\\x00\\x00\\x1broaming.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "excel.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04n\\xafo\\xfe*,q\\xee\\x80r\\xeap\\xe8\\xf26m\\x1b\\xa6\\x1b\\x07\\x9c\\xc1\\x0c'\\xb2(g\\xd23\\x05pq\\xfap\\x91lb&\\xa1\\x84b\\xd0\\x88\\xa4`|\\x90\\x16\\x13a\\xdf\\xbf\\xa3\\x84q\\xd0\\x08;\\xf4d\\xd7\\xa8\\x11c\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xea\\x9bg:\\xbbrg[{\\xd1\\xe1\\xfa\\xc5\\xccz\\x05\\x01,\\x0f\\xa3\\x1c\\x04\\xed\\x95\\xd0\\x96dyj\\x8f\\x17\\xfe\\xf4`\\xb2\\xeb\\xf1\\xcb6\\x8dx\\xef\\x0b\"\\xebn\\xb8r"
- },
- {
- "http_request": "excel.exe_WSASend_get /mfewtzbnmeswstajbgurdgmcgguabbtbl0v27rvz7lbduom%2fnyb45spuewqu5z1zmijhwmys%2bghunoz7oruetfaceai4elabvpzalrznpjlrv1u%3d http/1.1\r\ncache-control: max-age = 89056\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: fri, 22 mar 2019 18:30:24 gmt\r\nif-"
- },
- {
- "http_request": "excel.exe_WSASend_get /mfqwujbqme4wtdajbgurdgmcgguabbrpc1vzt9qvn7bzy3iidtbhla4mkqquwiif1tycsck3fd7%2fhijo5ox%2f%2bn0ce3saagyvv14%2fmepdgh0aaaaabk8%3d http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: sat, 23 mar 2019 17:46:18 gmt\r\nif-none-match: \"dd54d75d468"
- },
- {
- "http_request": "excel.exe_WSASend_\\x17\\x03\\x01\\x01p\\x04\\xd6(`]w|\\xa8a\\x9d\\x9fr\\xf6\\x03\\xe1\\x0e\\xf2aj3\\x14\\xa5\\xb1\\xcb\\x9eo\\xaf\\x8e$e\\x03oo\\xfd\\x01^\\xd5nz\\x89:\n\\x96\\x90:\\x86ilk>\\x8b\\x03v_\\x07s\\x80\\x98|\\xb2c\\xcf\\x1cie\\x03x\\xe4m\\xa5tq\\x11n\\xe2\\x19\\xfc\\x8c\\xcb\\xd8.>\\xb6(\\xe1v\\x92sz\\xcb;[7\ng\\xba\\xbd\\xdd?\\x00\\x1a\\x1bl\\x06x#v\\x82\\x90?\\xec3\\xa4n\\xe9{\\x9ag_i\\xdc\\xa8w\\xcb #\\xff\n\\x1az%\\xc0'?~j\\xe4\\xc5\\x08\\x90\\xe9\\xca\\x8b|\\xe5\\x95\\x8d\\xdca\\xdci(\\xfbw48\\xaf\\xa7\\xbcf\\xd3\\x07k\\xb5\\xb9\\x9f\\xba\\xe6\\xc6$`&\\x08\\xaf\\xa3|i\\xdfx\\xc4)x\\xa2y\\x82\\\\x9f\\x8d\\xc1\\x8f5\\xfa+\\x97\\x9ao9\\x9d\\xc4\\xf3\\x9e\\xb6\\x145;\\x1f\\x884v\\x90\\xaf\\x0bv\tb6j\ry\\xd4\\x1b\\xd9m\\xaa\\xf8\\x91\\x17\\x8b\\xac\\x13n\\x00\\x98-\\xf0d.zg\\x97i\\xc3\\x0c(\\x19w\\xaa\\xd6\\xb5\\xd3\\x12"
- },
- {
- "http_request": "excel.exe_WSASend_\\x17\\x03\\x01\\x02 \\x14\r.\\x1f\\xb1\\xec\\xbfa\\x8am$\\xa6\\x05\\xe4\\xa8in\\xf8!{o$z!\\x07\\x98\\x1fp\\x90\\xc6\\x85\\xdd\\x0bzm\\x95\\xe2\\x05\\xf1\\x9f\\x81f|\\x9c\\xf6\\xe0\\xf5u\\xf4\\x94\\x1a;\\xd0c\\xd4f\\xf3\\xcct\\xd2\\xc6\rw\\xfc<\\x92\\xf6l\\x7f\\xfe?8h\\xd8w\\xe3t3d\\x15\\xd1\\xf9\\xeb\\x1d;\\xf89~(\\xb1\tk\\xec\\xb2\\x97\\xf7\\xa1/&\\x8fm=\\xe3\\x1c'\\x89\\x9af\\xc1\\xae\\xa7\\xb6\\xaf\\xfa\\x17\\xe9\\x8b\\x9f\\x81\\xc3d\\xc8\\xbdv\\xec\\x0c\\x01\\xb1m\\x1e\r\\xeb\\xbb\\x94;\\xe2\\x1b\\xd3`7\\xaag\\x84jp\\xd7\\x8b\\xcd\\x06\\x9dkjr\n/va\\xab\\xban?3\\x97\\xea\\x04.\\xd6\\x18q\\x16g\n.\"\\xc9\\x18\\x1e\\x07\\xa3\\x113'\\x94[\\x1d&\\x81s[f\\xf0u\\x07b\\xa2\n\\x8c\\xce\\xa9\\x88v\\xe9\\xfa\\xb9\\xec\\xf7%\\x03\\xc5\\xd4\\xaf\\x19\\x05\\x1a\\xed\\xa9\\xcd\\x13s\\x03m3\\xf5zm\"k\\x87\\x9du\\xd4\\x99u\\x06\\xc9\\xf9\\xe7\\xc1\\xb7pdz\\x8ay\\x19\\x90\\x13\\xfa\\xd6\\xa8\\xc6"
- },
- {
- "http_request": "excel.exe_WSASend_\\x16\\x03\\x01\\x00z\\x01\\x00\\x00v\\x03\\x01]\\x01\\xab~)\\xc6\\xb1p\\xa9\\xae,6\\xc6k\"\\x04\n\\xde\\xda\\xdfl\\x94\\xf0\\x07\\x97{\\x91\\xe3zu\\xfc\\xc3\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x005\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1c\\x00\\x1a\\x00\\x00\\x17odc.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "excel.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x90\\xce\\x8ftsw\\x85\\x0b;i\\xb0\\xaf\\x15\\xda120\\x87\\xe2@\\x9a\\xa2\\x19\\x98\\x80@\\x11;\\xf5\\xeawn\\x10y\\x91\\x19\\xee\\x11\\x95_\\xb6\\x9bg\\x97\"?\\xed@=\\x17\\x05\\xba\\xbe\\xd9\\xa9\\x1d\\xb0\\xdc\\xa6\\x0cx5p\\xc5\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x8e\\x08\\xba\\xcd\\xc8sx\\xf53\\xdc\\x8bl\\xf09[\\xb7\\xd5\\x1c\\xb4\\x8fi\\x94\\xe3\\xeb\\xabrq\\xc6\\xc7\\xabl\\x13\\x15\\xc7\\x0f\\x93\\xad\\x7f-\\xa1\\xf5\\xe1u\\xadqce\\xf4"
- },
- {
- "http_request": "excel.exe_WSASend_\\x17\\x03\\x01\\x01p\\xe3\\xf0~\\xd8\\xd4\\xcaxvhv\\xda\\xf9\\xbfg{\\x18\\x14b#d\\xde\\xbcf\\xaa\\xdc\"\\x02\\xa7\\xf5\\xe8@u\\xdf\\xe8nd\\xb7\\x7f;\\xb2\\x0cw\\xe7\\x04=\\x9b\\x0b\\xe7z\\xc3\\xed\\x91\\xad\\x8c\\x01uf\\xe5x\\x9a_\\x8f91\\xed-d\\xe5ulo%\\x072\\x92\\xc3\t\\xc1\\x8d\\xb2s\\xe2o\\x17\\x03&\\x85c\\x9a2\\xc0\\xba\\x82\\xd6\\xb1\\xde\\xa2o$\\xd5\\xc4\\xfb\\xac\\xed\\x11]\\x9c\\x8b\\x8b\\xe0~\\x97\\x0b\\xdd\\xe1\\xbf\\xc0\\xf4\\xfc\\x1fc\\xedc\\x96\\x0c\\xec\\x91\\x17&z\\xc7ysu\\xd9\\xd2\\xaf\\x83\\xe0\\x0eb\\xd0\\\\x1e\\xab\\xfa\\x14\\xf6\\xf8f\\x15m\\x9c\\xf6'~e\\x1f\\x9f\\xe6\\xa8\\xcb\\x04\\xf7\\x80d\\x93\\x99`\\xa1&&\\xadshun\\x03\\x86\\x02p\\xdb\\xf8\\xbf\\x8aq_\\xfa\\xde\\xb6\\x89h\\x13\\xf2\\xb5\\xed\\xf3\\x9b\\xbbk\\x14\\x19@\\x0e)\\x84q\\x06\\xe6\\xba\\xeb\\x10 \\x8c\\xa4\\x8f\\xf7\\xab\\x8f\\x8d\\xf5\\xcb\\xb2\\xff\\xe3k\\xd4\\xa6\\x19\\x1cx\\xac\\xed\\xda-\\x98\\xce\\x85#\\x8e\\x17*\\xf9\\x0e\\xfc\\x85:\\xf7\\xb6\\x01\\xaa"
- },
- {
- "http_request": "excel.exe_WSASend_\\x16\\x03\\x01\\x00\\x7f\\x01\\x00\\x00{\\x03\\x01]\\x01\\xab\\x83\\x1f}\\xec\\xdc\\x0fm\\x84\\xa9\\x00\\x12\\xd7\\x1bz\\x15\\xc2\\xc5\\x8e\\x02\\xc6\\xc1[\\xa11\\x187\\xd0\\xde\\x00\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00:\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00!\\x00\\x1f\\x00\\x00\\x1cactivation.sls.microsoft.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "excel.exe_WSASend_\\x16\\x03\\x01\\x01\\x06\\x10\\x00\\x01\\x02\\x01\\x00\\x1b(\\x17[\\xdd\\x9d\\x15\\x19\n\\xb1\\x94\\xd9~\\xf6\\xc4\\xab\\x04:\\xe0h\\x84zs=\\xb3\n\\xaf\\xda\\x88\\x84mv5\\x98\t\\xcffv\\xca\\xb8yp}\\xd7o\\x1a\\xb8\\x18s\n\\xf9\\xd4\\xe3\\xac\\x02jz\\xa7\\x13=\\xde\\x0c\\xbam\\xc7\\xc0<\\xa8\\x9f\\xc1\\xdby\\xd3\\x8e\\xed\\xf4r\\x8b\\xa07&\\xc3.x\\xf1\tu\\xd9},\\xc8\\xc8\\xcc\\xb9\\xa2h\\xe7\\x05u\\xe2\\x8f[\\$j&\\x0c\\x8b\\xe4\\x0c\\x94*r\\x05\\xf4\"\\xbe\\x07uf\\x7f\\xc0)\\xaa\\xcehya\\xe0#\\xd1\\xa2\\xe8\\xf9\\xa2u&<|t\\xbb!%\\x11\\xb0,m\\xe1+\\xc8\\xca=\\xac\"u\\xec@\\xdf\\xe5\\xbax\\xd9\\xcc\\x9a\\x01$\\x92\\xfb\\xe2\\xbd\\xa6\\x05\\xe8\\x16x\\x10t\\x8a\\x98\\x9c+\\x10t8\\xe8\\xe5\\x18\\xe7\\xcc\\xf6&\\xc4\\xdb\\x995)\\xaf\\xf1u\\x82\\xa0m\\x04\\xe0ct\\x92=\\x12\\xf7x\\x14h\\xad\\x98\\xb3\\xd2\\x18\\x13\\xf9\\xa9o\\xd1\\x1a\\x0c%:6\\x85?\\xe4sd>\\x12\\x80\\xbe\\xd6\\x1e\\xc3\rf'\\x14\\xfd"
- },
- {
- "http_request": "excel.exe_WSASend_\\x17\\x03\\x01\\x01`qp?\\xb8/\\x96\\x9e\\x8f\\xb7\\x00\\xe3\\xca\\x87\\y\\x82\\xba\\xd4\\xf8\\xa5u\\xba\\x03!\\x86&9b\\x91\\xaa\\xd6\\xecd\\xed\\x8d\\xf0.\\x89\\xe2f\\xe0\\xc9!\\xd1\\xb0\\xd0\\x8b\\x18\\x93\\x03\\xca\\xdc\\x81z@\\xe54\\xbf\\x16\\x9d\\xca\\x96\\xc6\\xb7\\\\xa2\\xb1\\xf8|\\xa9\\xbd\"g\\x98\\xb6\\x0cb6\\xadnu\\x88\\xb5\\xcd\\x9b\\x0ff3t+[\\xc9\\x04\\xd0\\x90\\x89(p\\x0fr\\x9e\\xac\\xdd\\xd8\\xc4\\x1ejj5\\xdfa\\xb1\\xe7\\x84\\xb1\\x83y\\x01\\xf7\\x91l\\xe5$z\\xc0\\xc6\\xc6x\\xf2\\xa1\\xab\\xb1\\x16\\xdd\\xa5q\\xfb$\\xd2\\xc1,?\\x89\\xe3\\xa7gj\\xd5u\\x89&\\xe4\\x93\\x1f\\xed\\xb8x\\xbe\\x99\\xc1\\x84~\\x97zjwsb\\xce\\xfe\\x1f\\x1f6\\xa5cb\\x85\\x9e\\xb0\\xf6\\xeb\\xb1k\\xad\\xeasu\\xd4g*\\xab\\xb4\\xd4\\xec\\x1a\\xcd\\xe5[\\xce\\x0b1\\x8fb\\xad\\xd5\n\\x04\\xdc$\\x04\\xa1\\x12\n\\x13\\xf4x\\xe6\\xd8\\xaek\\x0cnf\\xf7g\\x01\\xb2\\xdb\\xc8w\\xcd\\x02\\x7f\\x03]\\xdc\\x86\\xc3c\\xb4\\xb5\\x9d\r\\x94,\\xaeo`*\\xf1\\x9a"
- },
- {
- "http_request": "excel.exe_WSASend_\\x17\\x03\\x019p\\x82g\\xc8\\x02\\x17\\x85\\xe8a\\xa9\\xe7\\x15'z\\xb7p\\xd5;\\x08\\xf1#\\xf2\\xc9\\x96\\x93\\xd9\\xfe\\x91\\xf6>\\x02\\xaa\\xcao\\x08p\\x93h~\\xed?\\x07\\xdbj\r(y\\x0e\\xe69\\x92w1k&\\x80\\xa1#\\x10_7\\xc2\\x0e\\xf1\\xb5tb\\xad\\x98\\xe5~\\x90b.\\xe5\\x82\\xac\tf\\xafa\\x19\\xd7\\xe3\\xf5 \\xd0`\\xc0\\xa6@\\xe5\\x80\\xf7\"\\x8a\\x86\\x1b\\x10)t\\xde\\xfa\\x9f\\x17\\x9b\r?wa5>\\xe4le\\xfey-\\xcb\\xc1\\x1dk\\x01t\\x89{\\x97\\xf4|c\\x0f\\x96y\\x1dif\\xd2\\xa9s+@\\\\xfb@\\x85}ug3\\x92\\xd6\\xa4\\xe7\\xfa\\x1f\\xa1l\\xd6\\xfb84r\\x0ea\\xe1}\\xc9@\\x03\\x05\\x14 u\\x8f_l\\xd1\\xdc\\x0bo\\x8c4\\xf2ec\\x12\\xd9\\x84\\x1f\\xe1mp\\x99\\xbal\\xec\\xe0\\xf6\\x959@\\xa9\\xe9\\x06\\xe0\\xc9%\\xf7\\xd2\\xf6\\xd8\\xbd\\xedd\\xbf\\xe7z~\\xab\\xad-`\\x15;\\xac\\xed\\xf5\\xd8$\\xe7`u\\xf1\\x11s\\xe8\\xf3\\x8b\\x86\\xf8\\x8e\\xb2|\\x08\\x1e\\x8esvks\\xbe\\xe5"
- }
- ]
- },
- {
- "Description": "File has been identified by 13 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "Symantec": "Trojan.Mdropper"
- },
- {
- "ESET-NOD32": "a variant of DOC/TrojanDownloader.Agent.AJP"
- },
- {
- "TrendMicro-HouseCall": "Trojan.X97M.DLOADR.JHLZ"
- },
- {
- "Kaspersky": "HEUR:Trojan-Downloader.MSOffice.Agent.gen"
- },
- {
- "Tencent": "Win32.Trojan-downloader.Agent.Pjdn"
- },
- {
- "DrWeb": "Trojan.DownLoader28.48844"
- },
- {
- "TrendMicro": "Trojan.X97M.DLOADR.JHLZ"
- },
- {
- "McAfee-GW-Edition": "Artemis"
- },
- {
- "Avira": "W97M/Dldr.Agent.lyfiz"
- },
- {
- "ZoneAlarm": "HEUR:Trojan-Downloader.MSOffice.Agent.gen"
- },
- {
- "GData": "Generic.Trojan-Downloader.Agent.ALO"
- },
- {
- "Rising": "Downloader.Msiexec/VBA!1.B7A4 (CLASSIC)"
- },
- {
- "Ikarus": "Trojan-Downloader.VBA.Agent"
- }
- ]
- }
- ]
- [*] Started Service: [
- "osppsvc"
- ]
- [*] Executed Commands: []
- [*] Mutexes: [
- "Global\\MTX_MSO_Formal1_S-1-5-21-0000000000-0000000000-0000000000-1000",
- "Global\\MTX_MSO_AdHoc1_S-1-5-21-0000000000-0000000000-0000000000-1000",
- "5CAC3FAB-87F0-4750-984D-D50144543427-VER15",
- "KYIMEShareCachedData.MutexObject.user",
- "KYTransactionServer.MutexObject.user",
- "Global\\552FFA80-3393-423d-8671-7BA046BB5906",
- "Global\\MsoShellExtRegAccess_S-1-5-21-0000000000-0000000000-0000000000-1000"
- ]
- [*] Modified Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\11-Jun-2019_412ac541.xls",
- "C:\\Users\\user\\AppData\\Local\\Temp\\~DF8940FCF47C49C6E8.TMP",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab9FE.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar9FF.tmp"
- ]
- [*] Deleted Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab9FE.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar9FF.tmp",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Schemas\\MS Excel_restart.xml",
- "C:\\Users\\user\\AppData\\Local\\Temp\\CVR2AA.tmp.cvr"
- ]
- [*] Modified Registry Keys: [
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\StartupItems",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\StartupItems\\ztj",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\DocumentRecovery",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\DocumentRecovery\\E8ACFB",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\DocumentRecovery\\E8ACFB\\E8ACFB",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingConfigurableSettings",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastSyncTime",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastWriteTime",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle\\ReviewToken",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\OUTLOOKFiles",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Security\\Trusted Documents",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Security\\Trusted Documents\\LastPurgeTime",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\DocumentRecovery\\E947F9",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\DocumentRecovery\\E947F9\\E947F9",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Place MRU\\Change",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\File MRU\\Change",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Place MRU\\Change\\ChangeId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\File MRU\\Change\\ChangeId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\IMEMIP\\0x0409",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\IMEMIP\\0x0409\\Input",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\IMEMIP\\0x0409\\TargetConverted",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\IMEMIP\\0x0409\\Converted",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\IMEMIP\\0x0409\\TargetNotConverted",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\IMEMIP\\0x0409\\InputError",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\IMEMIP\\0x0409\\FixedConverted",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Common\\Cloud Storage",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ForceCacheRefresh",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OnceSucceeded",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\DefaultFolderRelativePath",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\HideIfEmpty",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\RegularExpression",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\RegularExpression",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Licensing\\107E1A9A03AE4F2BACF70CC519E60E7B",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\ExcelName",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Options",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Options\\Options5",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Options\\OptionFormat",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Options\\Pos",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\ProductFiles",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\MTTF",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\MTTA",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Feedback\\AppUsageData_2"
- ]
- [*] Deleted Registry Keys: [
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\DocumentRecovery\\E8ACFB\\E8ACFB",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\StartupItems\\ztj",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\DocumentRecovery\\E947F9\\E947F9",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\MTTT"
- ]
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.msocsp.com",
- "version": "1.1",
- "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.comodoca.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "www.download.windowsupdate.com",
- "version": "1.1",
- "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.thawte.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.usertrust.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "th.symcd.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/microsoftrootcert.crl",
- "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "redirector.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
- "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-6941\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6942-17545\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=17546-27388\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=27389-37024\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=37025-58152\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=58153-101489\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=101490-189094\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=189095-366029\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=366030-722650\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 2,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=722651-1439529\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1439530-2381103\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2381104-4303151\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=4303152-10134217\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r13---sn-bvvbax-2ime.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=10134218-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "office": {
- "Metadata": {
- "SummaryInformation": {
- "num_words": "None",
- "num_pages": "None",
- "last_saved_by": "alex",
- "creating_application": "Microsoft Excel",
- "author": "Microsoft Office",
- "revision_number": "None",
- "codepage": "1251",
- "title": "None",
- "comments": "None",
- "num_chars": "None",
- "total_edit_time": "None",
- "create_time": "None",
- "template": "None",
- "last_printed": "None",
- "keywords": "None",
- "security": "0",
- "last_saved_time": "None",
- "thumbnail": "None",
- "subject": "None"
- },
- "DocumentSummaryInformation": {
- "codepage_doc": "1251",
- "chars_with_spaces": "None",
- "shared_doc": "False",
- "paragraphs": "None",
- "hidden_slides": "None",
- "mm_clips": "None",
- "category": "None",
- "presentation_target": "None",
- "hlinks_changed": "False",
- "scale_crop": "False",
- "version": "1048576",
- "hlinks": "None",
- "link_base": "None",
- "company": "Microsoft Corporation",
- "unused": "None",
- "dig_sig": "None",
- "content_type": "None",
- "heading_pairs": "None",
- "slides": "None",
- "links_dirty": "False",
- "language": "None",
- "notes": "None",
- "bytes": "None",
- "manager": "None",
- "content_status": "None",
- "doc_version": "None",
- "titles_of_parts": "None",
- "lines": "None"
- },
- "HasMacros": "No",
- "DocumentType": "Excel Workbook"
- }
- }
- }
- [*] Resolved APIs: [
- "mso.dll.#8511",
- "mso.dll.#3723",
- "mso.dll.#2279",
- "mso.dll.#2560",
- "mso.dll.#7826",
- "mso.dll.#5863",
- "shell32.dll.#152",
- "shell32.dll.#18",
- "shell32.dll.#17",
- "mso.dll.#690",
- "mso.dll.#3062",
- "mso.dll.#8529",
- "mpr.dll.WNetGetConnectionA",
- "mpr.dll.WNetAddConnection3W",
- "mso.dll.#94",
- "mso.dll.#3260",
- "mso.dll.#1776",
- "mso.dll.#1073",
- "mso.dll.#1441",
- "mso.dll.#4994",
- "mso.dll.#8218",
- "mso.dll.#6226",
- "mso.dll.#7032",
- "mso.dll.#2824",
- "mso.dll.#8369",
- "mso.dll.#1521",
- "mso.dll.#2652",
- "mso.dll.#1836",
- "mso.dll.#935",
- "mso.dll.#6439",
- "mso.dll.#6859",
- "mso.dll.#5188",
- "user32.dll.GetSysColor",
- "mso.dll.#9736",
- "mso.dll.#7736",
- "mso.dll.#6394",
- "mso.dll.#9234",
- "mso.dll.#2557",
- "mso.dll.#2975",
- "mso.dll.#3598",
- "mso.dll.#6588",
- "msi.dll.#111",
- "mso.dll.#1176",
- "mso.dll.#5965",
- "mso.dll.#9041",
- "mso.dll.#2814",
- "mso.dll.#5377",
- "oleaut32.dll.#2",
- "oleaut32.dll.#6",
- "mso.dll.#1241",
- "bcryptprimitives.dll.GetHashInterface",
- "cryptnet.dll.CertDllVerifyRevocation",
- "sechost.dll.ConvertSidToStringSidW",
- "profapi.dll.#104",
- "mso.dll.#2161",
- "mso.dll.FIsLSCUrl",
- "mso.dll.#7792",
- "mso.dll.#5889",
- "mso.dll.#2422",
- "mso.dll.#5002",
- "sensapi.dll.IsNetworkAlive",
- "rpcrt4.dll.RpcBindingFromStringBindingW",
- "rpcrt4.dll.RpcBindingSetAuthInfoExW",
- "rpcrt4.dll.NdrClientCall2",
- "winhttp.dll.WinHttpOpen",
- "winhttp.dll.WinHttpSetTimeouts",
- "winhttp.dll.WinHttpSetOption",
- "winhttp.dll.WinHttpCrackUrl",
- "winhttp.dll.WinHttpConnect",
- "winhttp.dll.WinHttpOpenRequest",
- "winhttp.dll.WinHttpGetDefaultProxyConfiguration",
- "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
- "winhttp.dll.WinHttpTimeFromSystemTime",
- "winhttp.dll.WinHttpSendRequest",
- "gkexcel.dll.FValidateExcelFile",
- "gkexcel.dll.GkInitHost",
- "mso.dll.#2739",
- "mso.dll.#5709",
- "mso.dll.#5177",
- "mso.dll.#9203",
- "mso.dll.#5061",
- "mso.dll.#9783",
- "winhttp.dll.WinHttpReceiveResponse",
- "winhttp.dll.WinHttpQueryHeaders",
- "shlwapi.dll.StrStrIW",
- "winhttp.dll.WinHttpQueryDataAvailable",
- "winhttp.dll.WinHttpReadData",
- "mso.dll.#7640",
- "user32.dll.SetScrollRange",
- "user32.dll.SetWindowWord",
- "mso.dll.#343",
- "mso.dll.#9636",
- "mso.dll.#2022",
- "mso.dll.#4750",
- "mso.dll.#3747",
- "mso.dll.#2660",
- "shell32.dll.DragAcceptFiles",
- "mso.dll.#1719",
- "user32.dll.ClientToScreen",
- "mso.dll.#81",
- "winhttp.dll.WinHttpCloseHandle",
- "gdi32.dll.GetOutlineTextMetricsW",
- "mso.dll.#7238",
- "mso.dll.#1774",
- "mso.dll.#6452",
- "mso.dll.#5764",
- "ole32.dll.CoGetCallState",
- "ole32.dll.CoGetActivationState",
- "advapi32.dll.RegisterWaitChainCOMCallback",
- "mso.dll.#8140",
- "mso.dll.#3913",
- "user32.dll.PeekMessageA",
- "mso.dll.#356",
- "mso.dll.#1006",
- "mso.dll.#408",
- "mso.dll.#8622",
- "mso.dll.#3449",
- "mso.dll.#3820",
- "mso.dll.#2714",
- "mso.dll.#469",
- "mso.dll.#7974",
- "mso.dll.#2609",
- "oleaut32.dll.#8",
- "cryptnet.dll.I_CryptNetGetConnectivity",
- "cryptnet.dll.CryptRetrieveObjectByUrlW",
- "oleaut32.dll.#9",
- "setupapi.dll.SetupIterateCabinetW",
- "kernel32.dll.RegOpenKeyExW",
- "kernel32.dll.RegCloseKey",
- "cabinet.dll.#20",
- "cabinet.dll.#22",
- "mso.dll.#4872",
- "devrtl.dll.DevRtlGetThreadLogToken",
- "mso.dll.#1780",
- "mso.dll.#3834",
- "mso.dll.#8879",
- "mso.dll.#6949",
- "mso.dll.#5457",
- "mso.dll.#9462",
- "cryptsp.dll.CryptSetHashParam",
- "sechost.dll.OpenSCManagerW",
- "sechost.dll.OpenServiceW",
- "user32.dll.GetScrollRange",
- "sechost.dll.QueryServiceConfigA",
- "sechost.dll.QueryServiceStatus",
- "sechost.dll.CloseServiceHandle",
- "rpcrt4.dll.RpcStringBindingComposeA",
- "rpcrt4.dll.RpcBindingFromStringBindingA",
- "rpcrt4.dll.RpcEpResolveBinding",
- "sechost.dll.LookupAccountSidLocalW",
- "rpcrt4.dll.RpcStringFreeA",
- "rpcrt4.dll.RpcBindingFree",
- "mso.dll.#3380",
- "mso.dll.#4648",
- "mso.dll.#6873",
- "mso.dll.#2052",
- "mso.dll.#7703",
- "mso.dll.#4607",
- "mso.dll.#2751",
- "mso.dll.#1281",
- "gdi32.dll.GetRgnBox",
- "user32.dll.SetScrollPos",
- "oleaut32.dll.#10",
- "mso.dll.#1767",
- "webservices.dll.WsResetHeap",
- "user32.dll.SetFocus",
- "webservices.dll.WsCloseServiceProxy",
- "ws2_32.dll.#3",
- "webservices.dll.WsFreeServiceProxy",
- "ncrypt.dll.SslDecrementProviderReferenceCount",
- "ncrypt.dll.SslFreeObject",
- "user32.dll.IsRectEmpty",
- "user32.dll.CreateCaret",
- "user32.dll.SetCaretPos",
- "user32.dll.GetSystemMetrics",
- "user32.dll.MonitorFromWindow",
- "user32.dll.MonitorFromRect",
- "user32.dll.MonitorFromPoint",
- "user32.dll.EnumDisplayMonitors",
- "user32.dll.GetMonitorInfoA",
- "user32.dll.EnumDisplayDevicesA",
- "user32.dll.SetRect",
- "user32.dll.GetFocus",
- "mso.dll.#2068",
- "gdi32.dll.CreateDIBSection",
- "gdi32.dll.CreateCompatibleDC",
- "gdi32.dll.GetViewportOrgEx",
- "gdi32.dll.SetViewportOrgEx",
- "gdi32.dll.SetGraphicsMode",
- "mso.dll.#339",
- "gdi32.dll.SetBkColor",
- "gdi32.dll.ExtTextOutA",
- "gdi32.dll.PatBlt",
- "mso.dll.#4716",
- "gdi32.dll.ExtTextOutW",
- "user32.dll.BeginPaint",
- "user32.dll.FillRect",
- "mso.dll.#9414",
- "mso.dll.#2538",
- "windowscodecs.dll.WICCreateImagingFactory_Proxy",
- "kernel32.dll.WerRegisterMemoryBlock",
- "gdi32.dll.SetStretchBltMode",
- "gdi32.dll.DeleteDC",
- "mso.dll.#580",
- "user32.dll.IsWindowRedirectedForPrint",
- "gdi32.dll.CreateRectRgnIndirect",
- "user32.dll.GetUpdateRgn",
- "user32.dll.ValidateRect",
- "user32.dll.GetUpdateRect",
- "user32.dll.EndPaint",
- "mso.dll.#2398",
- "user32.dll.GetKeyboardLayout",
- "mso.dll.#1213",
- "mso.dll.#5735",
- "mso.dll.#1335",
- "mso.dll.#6117",
- "mso.dll.#5213",
- "user32.dll.GetWindowTextW",
- "user32.dll.SetWindowTextW",
- "mso.dll.#5152",
- "mso.dll.#5407",
- "user32.dll.BringWindowToTop",
- "mso.dll.#5330",
- "user32.dll.DestroyCaret",
- "mso.dll.#3084",
- "user32.dll.WindowFromDC",
- "winmm.dll.timeGetTime",
- "mso.dll.#1429",
- "mso.dll.#6502",
- "mso.dll.#2566",
- "mso.dll.#6664",
- "mso.dll.#3043",
- "mso.dll.#2340",
- "mso.dll.#6843",
- "mso.dll.#1566",
- "mso.dll.#894",
- "mso.dll.#2786",
- "mso.dll.#9585",
- "mso.dll.#4651",
- "user32.dll.GetDC",
- "user32.dll.ReleaseDC",
- "mso.dll.#1607",
- "mso.dll.#5202",
- "mso.dll.#7320",
- "mso.dll.#5822",
- "mso.dll.#1056",
- "mso.dll.#8136",
- "mso.dll.#7418",
- "mso.dll.#999",
- "mso.dll.#7113",
- "dwmapi.dll.DwmIsCompositionEnabled",
- "d3d10_1.dll.D3D10CreateDevice1",
- "gdi32.dll.D3DKMTOpenAdapterFromGdiDisplayName",
- "gdi32.dll.D3DKMTCloseAdapter",
- "gdi32.dll.D3DKMTQueryAdapterInfo",
- "gdi32.dll.D3DKMTOpenAdapterFromDeviceName",
- "setupapi.dll.SetupDiGetClassDevsW",
- "setupapi.dll.SetupDiEnumDeviceInterfaces",
- "setupapi.dll.SetupDiGetDeviceInterfaceDetailW",
- "setupapi.dll.SetupDiDestroyDeviceInfoList",
- "setupapi.dll.SetupDiGetDevicePropertyW",
- "wintrust.dll.WinVerifyTrust",
- "d3d10warp.dll.D3DKMTOpenAdapterFromGdiDisplayName",
- "d3d10warp.dll.D3DKMTOpenAdapterFromDeviceName",
- "d3d10warp.dll.D3DKMTGetDisplayModeList",
- "d3d10warp.dll.D3DKMTSetVidPnSourceOwner",
- "d3d10warp.dll.D3DKMTSetDisplayMode",
- "d3d10warp.dll.D3DKMTCloseAdapter",
- "d3d10warp.dll.D3DKMTSetGammaRamp",
- "d3d10warp.dll.D3DKMTGetDeviceState",
- "d3d10warp.dll.D3DKMTQueryAdapterInfo",
- "d3d10warp.dll.D3DKMTWaitForVerticalBlankEvent",
- "gdi32.dll.D3DKMTCreateDCFromMemory",
- "gdi32.dll.D3DKMTDestroyDCFromMemory",
- "gdi32.dll.D3DKMTCheckVidPnExclusiveOwnership",
- "gdi32.dll.D3DKMTCheckMonitorPowerState",
- "gdi32.dll.D3DKMTCheckSharedResourceAccess",
- "d3d10_1core.dll.D3D10CoreCreateDevice1",
- "d3d10_1core.dll.D3D10CoreGetSupportedVersions",
- "d3d10_1core.dll.D3D10CoreGetVersion",
- "d3d10warp.dll.D3DKMTCreateAllocation",
- "d3d10warp.dll.D3DKMTQueryResourceInfo",
- "d3d10warp.dll.D3DKMTOpenResource",
- "d3d10warp.dll.D3DKMTDestroyAllocation",
- "d3d10warp.dll.D3DKMTSetAllocationPriority",
- "d3d10warp.dll.D3DKMTQueryAllocationResidency",
- "d3d10warp.dll.D3DKMTCreateDevice",
- "d3d10warp.dll.D3DKMTDestroyDevice",
- "d3d10warp.dll.D3DKMTGetRuntimeData",
- "d3d10warp.dll.D3DKMTLock",
- "d3d10warp.dll.D3DKMTUnlock",
- "d3d10warp.dll.D3DKMTGetMultisampleMethodList",
- "d3d10warp.dll.D3DKMTPresent",
- "d3d10warp.dll.D3DKMTRender",
- "d3d10warp.dll.D3DKMTGetSharedPrimaryHandle",
- "d3d10warp.dll.D3DKMTEscape",
- "d3d10warp.dll.D3DKMTSetContextSchedulingPriority",
- "d3d10warp.dll.D3DKMTGetContextSchedulingPriority",
- "d3d10warp.dll.D3DKMTCreateContext",
- "d3d10warp.dll.D3DKMTDestroyContext",
- "d3d10warp.dll.D3DKMTCreateSynchronizationObject",
- "d3d10warp.dll.D3DKMTDestroySynchronizationObject",
- "d3d10warp.dll.D3DKMTWaitForSynchronizationObject",
- "d3d10warp.dll.D3DKMTSignalSynchronizationObject",
- "d3d10warp.dll.D3DKMTSetDisplayPrivateDriverFormat",
- "d3d10warp.dll.OpenAdapter10_2",
- "d3d10_1core.dll.D3D10CoreRegisterLayers",
- "d3d10warp.dll.#50",
- "dwrite.dll.DWriteCreateFactory",
- "msi.dll.#203",
- "gdi32.dll.GetCurrentObject",
- "gdi32.dll.BitBlt",
- "gdi32.dll.GetClipBox",
- "user32.dll.IntersectRect",
- "gdi32.dll.StretchDIBits",
- "riched20.dll.REExtendedRegisterClass",
- "user32.dll.GetWindowLongW",
- "user32.dll.SetWindowLongW",
- "user32.dll.RegisterWindowMessageA",
- "user32.dll.RegisterClipboardFormatW",
- "user32.dll.GetDoubleClickTime",
- "user32.dll.SetCaretBlinkTime",
- "user32.dll.SystemParametersInfoW",
- "user32.dll.GetKeyboardLayoutList",
- "mso.dll._MsoGetFidUspDll@0",
- "mso.dll._MsoLoadLocalizedLibraryEx@12",
- "usp10.dll.ScriptGetProperties",
- "usp10.dll.ScriptItemize",
- "user32.dll.LoadCursorW",
- "user32.dll.IsWindowVisible",
- "user32.dll.PostMessageW",
- "user32.dll.DefWindowProcW",
- "uxtheme.dll.IsThemeActive",
- "uxtheme.dll.IsAppThemed",
- "uxtheme.dll.OpenThemeData",
- "user32.dll.GetClientRect",
- "user32.dll.IsIconic",
- "user32.dll.GetParent",
- "usp10.dll.ScriptGetCMap",
- "user32.dll.InvalidateRect",
- "user32.dll.HideCaret",
- "user32.dll.ShowCaret",
- "user32.dll.IsWindowUnicode",
- "user32.dll.SendMessageW",
- "user32.dll.NotifyWinEvent",
- "user32.dll.GetWindowTextLengthW",
- "user32.dll.EnableWindow",
- "msctf.dll.SetInputScope",
- "user32.dll.UpdateWindow",
- "user32.dll.GetWindowRgn",
- "gdi32.dll.CreateCompatibleBitmap",
- "gdi32.dll.SaveDC",
- "gdi32.dll.SetPixel",
- "gdi32.dll.GetPixel",
- "gdi32.dll.RestoreDC",
- "imm32.dll.ImmAssociateContext",
- "user32.dll.IsHungAppWindow",
- "user32.dll.GetForegroundWindow",
- "user32.dll.EnumChildWindows",
- "user32.dll.GetClassNameA",
- "user32.dll.GetWindow",
- "gdi32.dll.GetMapMode",
- "gdi32.dll.GetWindowOrgEx",
- "gdi32.dll.SetWindowOrgEx",
- "user32.dll.PtInRect",
- "user32.dll.GetWindowWord",
- "user32.dll.InflateRect",
- "user32.dll.OffsetRect",
- "gdi32.dll.OffsetRgn",
- "gdi32.dll.IntersectClipRect",
- "gdi32.dll.GetClipRgn",
- "mso.dll.#3925",
- "mso.dll.#5127",
- "mso.dll.#3141",
- "mso.dll.#2821",
- "mso.dll.#7026",
- "mso.dll.#3327",
- "shell32.dll.SHAddToRecentDocs",
- "mso.dll.#1010",
- "mso.dll.#6989",
- "mso.dll.#7223",
- "mso.dll.#1682",
- "mso.dll.#7979",
- "mso.dll.#3459",
- "mso.dll.#2041",
- "mso.dll.#7834",
- "mso.dll.#239",
- "user32.dll.GetWindowDC",
- "gdi32.dll.SetLayout",
- "gdi32.dll.RectVisible",
- "gdi32.dll.ExcludeClipRect",
- "gdi32.dll.SelectClipRgn",
- "mso.dll.#1914",
- "advapi32.dll.RegDeleteKeyW",
- "mso.dll.#1338",
- "mso.dll.#6357",
- "mso.dll.#1671",
- "oleaut32.dll.#7",
- "mso.dll.#8263",
- "mso.dll.#9741",
- "ole32.dll.PropVariantClear",
- "mso.dll.#8022",
- "user32.dll.UnionRect",
- "gdi32.dll.SetDIBitsToDevice",
- "mso.dll.#749",
- "mso.dll.#6336",
- "mso.dll.#4791",
- "mso.dll.#8085",
- "advapi32.dll.RegQueryValueW",
- "apphelp.dll.ApphelpCheckShellObject",
- "mso.dll.#5003",
- "user32.dll.RemovePropW",
- "ole32.dll.CoRevokeInitializeSpy",
- "comctl32.dll.#388",
- "mso.dll.#1848",
- "mso.dll.#8970",
- "mso.dll.#6453",
- "mso.dll.#6759",
- "mso.dll.#1443",
- "mso.dll.#3698",
- "mso.dll.#8565",
- "mso.dll.#8373",
- "mso.dll.#5630",
- "mso.dll.#4577",
- "mso.dll.#6163",
- "mso.dll.#552",
- "mso.dll.#8549",
- "mso.dll.#2863",
- "mso.dll.#8756",
- "mso.dll.#2861",
- "mso.dll.#9198",
- "mso.dll.#4481",
- "mso.dll.#1024",
- "mso.dll.#7181",
- "mso.dll.#791",
- "mso.dll.#7173",
- "mso.dll.#1420",
- "mso.dll.#4631",
- "mso.dll.#7001",
- "mso.dll.#9213",
- "mso.dll.#1380",
- "user32.dll.TranslateMessage",
- "mso.dll.#4731",
- "user32.dll.DispatchMessageW",
- "mso.dll.#6900",
- "mso.dll.#6420",
- "user32.dll.WindowFromPoint",
- "user32.dll.SetCapture",
- "user32.dll.ReleaseCapture",
- "oleaut32.dll.#12",
- "user32.dll.GetMessageExtraInfo",
- "user32.dll.GetAsyncKeyState",
- "mso.dll.#1815",
- "mso.dll.#8802",
- "user32.dll.GetKeyState",
- "mso.dll.#424",
- "uiautomationcore.dll.UiaClientsAreListening",
- "user32.dll.GetCapture",
- "user32.dll.LoadImageW",
- "user32.dll.SetCursor",
- "mso.dll.#7766",
- "mso.dll.#1911",
- "ole32.dll.CoCreateInstance",
- "user32.dll.GetClassLongW",
- "msostyle.dll.PIMEShareCreate",
- "user32.dll.LoadStringA",
- "mso.dll.#9500",
- "user32.dll.GetCursorInfo",
- "user32.dll.TrackMouseEvent",
- "user32.dll.GetMessagePos",
- "user32.dll.ScreenToClient",
- "user32.dll.IsWindowEnabled",
- "user32.dll.GetDesktopWindow",
- "user32.dll.FindWindowExW",
- "mso.dll.#2966",
- "mso.dll.#2998",
- "mso.dll.#7836",
- "mso.dll.#3544",
- "user32.dll.GetSystemMenu",
- "mso.dll.#732",
- "user32.dll.EnableMenuItem",
- "mso.dll.#1575",
- "user32.dll.OpenClipboard",
- "user32.dll.IsClipboardFormatAvailable",
- "user32.dll.CloseClipboard",
- "mso.dll.#6305",
- "mso.dll.#6337",
- "mso.dll.#6220",
- "mso.dll.#9693",
- "mso.dll.#1419",
- "mso.dll.#7299",
- "mso.dll.#4702",
- "mso.dll.#287",
- "user32.dll.GetClipboardOwner",
- "advapi32.dll.RegDeleteTreeW",
- "xmllite.dll.CreateXmlReader",
- "user32.dll.IsChild",
- "mso.dll.#8824",
- "mso.dll.#900",
- "mso.dll.#6784",
- "mso.dll.#4795",
- "mso.dll.#5892",
- "mso.dll.#6422",
- "user32.dll.WaitMessage",
- "advapi32.dll.NotifyServiceStatusChangeW",
- "user32.dll.SendNotifyMessageW",
- "advapi32.dll.CryptAcquireContextA",
- "cryptsp.dll.CryptAcquireContextA",
- "advapi32.dll.CryptGenKey",
- "cryptsp.dll.CryptGenKey",
- "advapi32.dll.CryptImportKey",
- "cryptsp.dll.CryptImportKey",
- "advapi32.dll.CryptExportKey",
- "cryptsp.dll.CryptExportKey",
- "advapi32.dll.CryptDestroyKey",
- "cryptsp.dll.CryptDestroyKey",
- "advapi32.dll.CryptCreateHash",
- "cryptsp.dll.CryptCreateHash",
- "advapi32.dll.CryptSetHashParam",
- "advapi32.dll.CryptHashData",
- "cryptsp.dll.CryptHashData",
- "advapi32.dll.CryptGetHashParam",
- "cryptsp.dll.CryptGetHashParam",
- "advapi32.dll.CryptDestroyHash",
- "cryptsp.dll.CryptDestroyHash",
- "msi.dll.#90",
- "user32.dll.RegisterPowerSettingNotification",
- "powrprof.dll.PowerSettingRegisterNotification",
- "user32.dll.GetWindowThreadProcessId",
- "mso.dll.#8837",
- "mso.dll.#1613",
- "mso.dll.#9218",
- "mso.dll.#1455",
- "user32.dll.CreateWindowExW",
- "user32.dll.EnableScrollBar",
- "user32.dll.ShowScrollBar",
- "user32.dll.ShowWindow",
- "user32.dll.SetParent",
- "user32.dll.KillTimer",
- "user32.dll.SetWindowPos",
- "user32.dll.MoveWindow",
- "user32.dll.GetWindowRect",
- "user32.dll.DestroyWindow",
- "gdi32.dll.GetViewportExtEx",
- "gdi32.dll.GetWindowExtEx",
- "gdi32.dll.GetTextCharset",
- "gdi32.dll.GetTextAlign",
- "gdi32.dll.GetLayout",
- "oleaut32.dll.SysAllocString",
- "oleaut32.dll.SysStringLen",
- "oleaut32.dll.SysAllocStringLen",
- "oleaut32.dll.SysFreeString",
- "user32.dll.SetScrollInfo",
- "gdi32.dll.GetFontData",
- "uxtheme.dll.GetThemePartSize",
- "mso.dll.#9018",
- "gdi32.dll.GdiIsMetaPrintDC",
- "msimtf.dll.MsimtfIsWindowFiltered",
- "user32.dll.GetMessageW",
- "user32.dll.MessageBeep",
- "gdi32.dll.SetTextColor",
- "gdi32.dll.SetBkMode",
- "gdi32.dll.SetTextAlign",
- "gdi32.dll.ExtSelectClipRgn",
- "gdi32.dll.GetTextColor",
- "uxtheme.dll.DrawThemeBackground",
- "user32.dll.CallNextHookEx",
- "wininet.dll.InternetGetConnectedState",
- "rasapi32.dll.RasConnectionNotificationW",
- "sechost.dll.NotifyServiceStatusChangeA",
- "cryptsp.dll.CryptAcquireContextW",
- "osppcext.dll.SLActivateProduct",
- "osppcext.dll.SLGetTokenActivationGrants",
- "osppcext.dll.SLGetTokenActivationCertificates",
- "gdi32.dll.GdiFlush",
- "osppcext.dll.SLGenerateTokenActivationChallenge",
- "osppcext.dll.SLSignTokenActivationChallenge",
- "osppcext.dll.SLDepositTokenActivationResponse",
- "osppcext.dll.SLFreeTokenActivationGrants",
- "osppcext.dll.SLFreeTokenActivationCertificates",
- "ole32.dll.CoTaskMemFree",
- "ole32.dll.CoTaskMemAlloc",
- "ole32.dll.CoInitializeEx",
- "ole32.dll.CoUninitialize",
- "mso.dll.#8113",
- "mso.dll.#2833",
- "user32.dll.UnhookWindowsHookEx",
- "mso.dll.#7531",
- "oleaut32.dll.#33",
- "sxs.dll.SxsOleAut32MapReferenceClsidToConfiguredClsid",
- "mso.dll.#6484",
- "mso.dll.#4477",
- "mso.dll.#9374",
- "mso.dll.#8461",
- "mso.dll.#4619",
- "mso.dll.#8202",
- "mso.dll.#888",
- "mso.dll.#8757",
- "mso.dll.#7163",
- "mso.dll.#4456",
- "mso.dll.#6345",
- "user32.dll.RedrawWindow",
- "mso.dll.#1031",
- "mso.dll.#4820",
- "mso.dll.#2766",
- "mso.dll.#2294",
- "mso.dll.#8633",
- "mso.dll.#8158",
- "mso.dll.#5512",
- "mso.dll.#1401",
- "mso.dll.#8472",
- "mso.dll.#8691",
- "mso.dll.#6079",
- "mso.dll.#3425",
- "mso.dll.#6000",
- "mso.dll.#248",
- "mso.dll.#9398",
- "mso.dll.#1442",
- "mso.dll.#4388",
- "mso.dll.#5973",
- "mso.dll.#8747",
- "mso.dll.#420",
- "mso.dll.#186",
- "user32.dll.EnumThreadWindows",
- "user32.dll.EnumWindows",
- "user32.dll.DestroyIcon",
- "mso.dll.#3209",
- "mso.dll.#4083",
- "mso.dll.#292",
- "mso.dll.#795",
- "mso.dll.#8349",
- "mso.dll.#8796",
- "mso.dll.#3930",
- "mso.dll.#9105",
- "mso.dll.#9199",
- "mso.dll.#7948",
- "uxtheme.dll.CloseThemeData",
- "mso.dll.#6277",
- "wtsapi32.dll.WTSUnRegisterSessionNotification",
- "winsta.dll.WinStationUnRegisterConsoleNotification",
- "mso.dll.#831",
- "mso.dll.#121",
- "mso.dll.#884",
- "user32.dll.GetWindowPlacement",
- "mso.dll.#9306",
- "mso.dll.#2468",
- "mso.dll.#815",
- "mso.dll.#6418",
- "mso.dll.#4203",
- "mso.dll.#4284",
- "mso.dll.#2272",
- "mso.dll.#4781",
- "user32.dll.VkKeyScanW",
- "mso.dll.#591",
- "user32.dll.PostQuitMessage",
- "user32.dll.UnregisterClassW",
- "mso.dll.#3338",
- "mso.dll.#3974",
- "mso.dll.#8106",
- "mso.dll.#8876",
- "mso.dll.#4426",
- "oleaut32.dll.#34",
- "mso.dll.#4210",
- "mso.dll.#8316",
- "mso.dll.#187",
- "advapi32.dll.CryptReleaseContext",
- "cryptsp.dll.CryptReleaseContext",
- "mso.dll.#5625",
- "mso.dll.#8586",
- "mso.dll.#8004",
- "mso.dll.#6137",
- "mso.dll.#6078",
- "mso.dll.#7598",
- "advapi32.dll.ConvertSidToStringSidW",
- "msi.dll.DllGetVersion",
- "ws2_32.dll.#116",
- "user32.dll.RemoveClipboardFormatListener",
- "user32.dll.UnregisterPowerSettingNotification",
- "powrprof.dll.PowerSettingUnregisterNotification",
- "shell32.dll.#155",
- "advapi32.dll.EventUnregister",
- "user32.dll.UnregisterClassA",
- "gdiplus.dll.GdiplusShutdown",
- "advapi32.dll.RegDeleteValueW",
- "mso.dll.#2482",
- "mso.dll.#5458",
- "mso.dll.#786",
- "advapi32.dll.UnregisterTraceGuids",
- "comctl32.dll.#321"
- ]
- [*] Static Analysis: {
- "office": {
- "Metadata": {
- "SummaryInformation": {
- "num_words": "None",
- "num_pages": "None",
- "last_saved_by": "alex",
- "creating_application": "Microsoft Excel",
- "author": "Microsoft Office",
- "revision_number": "None",
- "codepage": "1251",
- "title": "None",
- "comments": "None",
- "num_chars": "None",
- "total_edit_time": "None",
- "create_time": "None",
- "template": "None",
- "last_printed": "None",
- "keywords": "None",
- "security": "0",
- "last_saved_time": "None",
- "thumbnail": "None",
- "subject": "None"
- },
- "DocumentSummaryInformation": {
- "codepage_doc": "1251",
- "chars_with_spaces": "None",
- "shared_doc": "False",
- "paragraphs": "None",
- "hidden_slides": "None",
- "mm_clips": "None",
- "category": "None",
- "presentation_target": "None",
- "hlinks_changed": "False",
- "scale_crop": "False",
- "version": "1048576",
- "hlinks": "None",
- "link_base": "None",
- "company": "Microsoft Corporation",
- "unused": "None",
- "dig_sig": "None",
- "content_type": "None",
- "heading_pairs": "None",
- "slides": "None",
- "links_dirty": "False",
- "language": "None",
- "notes": "None",
- "bytes": "None",
- "manager": "None",
- "content_status": "None",
- "doc_version": "None",
- "titles_of_parts": "None",
- "lines": "None"
- },
- "HasMacros": "No",
- "DocumentType": "Excel Workbook"
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement