11-Jun-2019_412ac541_xls.json

1.  
2. [*] MalFamily: ""
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "11-Jun-2019_412ac541.xls"
7. [*] File Size: 195584
8. [*] File Type: "Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Microsoft Office, Last Saved By: alex, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Dec 19 10:42:12 2018, Last Saved Time/Date: Tue Jun 11 07:29:47 2019, Security: 0"
9. [*] SHA256: "71207a001ee28a5c517d7dfc1567825a1f7c23ab17813712d09fbed2b139206d"
10. [*] MD5: "b8f728b8a953002ca0652cfc201fca9c"
11. [*] SHA1: "bb875476c8a6e1b69b30e356de56b8fe36a381c7"
12. [*] SHA512: "9b487cbf5804d852ecc01aa3f7de9da211b8d83f9b2fa1e5630fb30bf3db4c42d44f22f1e0bf8ee4785003a287c8850b36dd38c283561fc896df5942cbfc4109"
13. [*] CRC32: "9D3691CA"
14. [*] SSDEEP: "3072:3Kpb8rGYrMPelwhKmFV5xtezEnE/TIfAJmYAGfi7CX4EIZyF5W7DAW+a1ivCvLXd:3Kpb8rGYrMPelwhKmFV5xtuEnE/TIYJt"
15.  
16. [*] Process Execution: [
17. "EXCEL.EXE"
18. ]
19.  
20. [*] Signatures Detected: [
21. {
22. "Description": "Attempts to connect to a dead IP:Port (5 unique times)",
23. "Details": [
24. {
25. "IP": "104.18.24.243:80"
26. },
27. {
28. "IP": "52.109.2.18:443"
29. },
30. {
31. "IP": "65.52.98.231:443"
32. },
33. {
34. "IP": "52.109.2.14:443"
35. },
36. {
37. "IP": "72.21.91.29:80"
38. }
39. ]
40. },
41. {
42. "Description": "Performs some HTTP requests",
43. "Details": [
44. {
45. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
46. },
47. {
48. "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
49. },
50. {
51. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
52. },
53. {
54. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
55. },
56. {
57. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
58. },
59. {
60. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
61. },
62. {
63. "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
64. },
65. {
66. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
67. },
68. {
69. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
70. },
71. {
72. "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
73. },
74. {
75. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
76. },
77. {
78. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
79. },
80. {
81. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
82. },
83. {
84. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
85. },
86. {
87. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
88. },
89. {
90. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
91. },
92. {
93. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
94. },
95. {
96. "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
97. },
98. {
99. "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
100. },
101. {
102. "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
103. },
104. {
105. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
106. },
107. {
108. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
109. },
110. {
111. "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
112. },
113. {
114. "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
115. },
116. {
117. "url": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes"
118. }
119. ]
120. },
121. {
122. "Description": "The office file has a unconventional code page: ANSI Cyrillic; Cyrillic (Windows)",
123. "Details": []
124. },
125. {
126. "Description": "A document file initiated network communications indicative of a potential exploit or payload download",
127. "Details": [
128. {
129. "http_request": "excel.exe_WSASend_\\x16\\x03\\x01\\x00~\\x01\\x00\\x00z\\x03\\x01]\\x01\\xab};\\xe0\\xd3\\xb3\\xb8\\x87\\xa3\\x0e\n\\xb4\\x8e\\xe8\\x00\\xb8\\xb7(v\\xeet\\x99$\\x9c\\\\xa0\\xad\t#^\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x009\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00 \\x00\\x1e\\x00\\x00\\x1broaming.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
130. },
131. {
132. "http_request": "excel.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04n\\xafo\\xfe*,q\\xee\\x80r\\xeap\\xe8\\xf26m\\x1b\\xa6\\x1b\\x07\\x9c\\xc1\\x0c'\\xb2(g\\xd23\\x05pq\\xfap\\x91lb&\\xa1\\x84b\\xd0\\x88\\xa4`|\\x90\\x16\\x13a\\xdf\\xbf\\xa3\\x84q\\xd0\\x08;\\xf4d\\xd7\\xa8\\x11c\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xea\\x9bg:\\xbbrg[{\\xd1\\xe1\\xfa\\xc5\\xccz\\x05\\x01,\\x0f\\xa3\\x1c\\x04\\xed\\x95\\xd0\\x96dyj\\x8f\\x17\\xfe\\xf4`\\xb2\\xeb\\xf1\\xcb6\\x8dx\\xef\\x0b\"\\xebn\\xb8r"
133. },
134. {
135. "http_request": "excel.exe_WSASend_get /mfewtzbnmeswstajbgurdgmcgguabbtbl0v27rvz7lbduom%2fnyb45spuewqu5z1zmijhwmys%2bghunoz7oruetfaceai4elabvpzalrznpjlrv1u%3d http/1.1\r\ncache-control: max-age = 89056\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: fri, 22 mar 2019 18:30:24 gmt\r\nif-"
136. },
137. {
138. "http_request": "excel.exe_WSASend_get /mfqwujbqme4wtdajbgurdgmcgguabbrpc1vzt9qvn7bzy3iidtbhla4mkqquwiif1tycsck3fd7%2fhijo5ox%2f%2bn0ce3saagyvv14%2fmepdgh0aaaaabk8%3d http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: sat, 23 mar 2019 17:46:18 gmt\r\nif-none-match: \"dd54d75d468"
139. },
140. {
141. "http_request": "excel.exe_WSASend_\\x17\\x03\\x01\\x01p\\x04\\xd6(`]w|\\xa8a\\x9d\\x9fr\\xf6\\x03\\xe1\\x0e\\xf2aj3\\x14\\xa5\\xb1\\xcb\\x9eo\\xaf\\x8e$e\\x03oo\\xfd\\x01^\\xd5nz\\x89:\n\\x96\\x90:\\x86ilk>\\x8b\\x03v_\\x07s\\x80\\x98|\\xb2c\\xcf\\x1cie\\x03x\\xe4m\\xa5tq\\x11n\\xe2\\x19\\xfc\\x8c\\xcb\\xd8.>\\xb6(\\xe1v\\x92sz\\xcb;[7\ng\\xba\\xbd\\xdd?\\x00\\x1a\\x1bl\\x06x#v\\x82\\x90?\\xec3\\xa4n\\xe9{\\x9ag_i\\xdc\\xa8w\\xcb #\\xff\n\\x1az%\\xc0'?~j\\xe4\\xc5\\x08\\x90\\xe9\\xca\\x8b|\\xe5\\x95\\x8d\\xdca\\xdci(\\xfbw48\\xaf\\xa7\\xbcf\\xd3\\x07k\\xb5\\xb9\\x9f\\xba\\xe6\\xc6$`&\\x08\\xaf\\xa3|i\\xdfx\\xc4)x\\xa2y\\x82\\\\x9f\\x8d\\xc1\\x8f5\\xfa+\\x97\\x9ao9\\x9d\\xc4\\xf3\\x9e\\xb6\\x145;\\x1f\\x884v\\x90\\xaf\\x0bv\tb6j\ry\\xd4\\x1b\\xd9m\\xaa\\xf8\\x91\\x17\\x8b\\xac\\x13n\\x00\\x98-\\xf0d.zg\\x97i\\xc3\\x0c(\\x19w\\xaa\\xd6\\xb5\\xd3\\x12"
142. },
143. {
144. "http_request": "excel.exe_WSASend_\\x17\\x03\\x01\\x02 \\x14\r.\\x1f\\xb1\\xec\\xbfa\\x8am$\\xa6\\x05\\xe4\\xa8in\\xf8!{o$z!\\x07\\x98\\x1fp\\x90\\xc6\\x85\\xdd\\x0bzm\\x95\\xe2\\x05\\xf1\\x9f\\x81f|\\x9c\\xf6\\xe0\\xf5u\\xf4\\x94\\x1a;\\xd0c\\xd4f\\xf3\\xcct\\xd2\\xc6\rw\\xfc<\\x92\\xf6l\\x7f\\xfe?8h\\xd8w\\xe3t3d\\x15\\xd1\\xf9\\xeb\\x1d;\\xf89~(\\xb1\tk\\xec\\xb2\\x97\\xf7\\xa1/&\\x8fm=\\xe3\\x1c'\\x89\\x9af\\xc1\\xae\\xa7\\xb6\\xaf\\xfa\\x17\\xe9\\x8b\\x9f\\x81\\xc3d\\xc8\\xbdv\\xec\\x0c\\x01\\xb1m\\x1e\r\\xeb\\xbb\\x94;\\xe2\\x1b\\xd3`7\\xaag\\x84jp\\xd7\\x8b\\xcd\\x06\\x9dkjr\n/va\\xab\\xban?3\\x97\\xea\\x04.\\xd6\\x18q\\x16g\n.\"\\xc9\\x18\\x1e\\x07\\xa3\\x113'\\x94[\\x1d&\\x81s[f\\xf0u\\x07b\\xa2\n\\x8c\\xce\\xa9\\x88v\\xe9\\xfa\\xb9\\xec\\xf7%\\x03\\xc5\\xd4\\xaf\\x19\\x05\\x1a\\xed\\xa9\\xcd\\x13s\\x03m3\\xf5zm\"k\\x87\\x9du\\xd4\\x99u\\x06\\xc9\\xf9\\xe7\\xc1\\xb7pdz\\x8ay\\x19\\x90\\x13\\xfa\\xd6\\xa8\\xc6"
145. },
146. {
147. "http_request": "excel.exe_WSASend_\\x16\\x03\\x01\\x00z\\x01\\x00\\x00v\\x03\\x01]\\x01\\xab~)\\xc6\\xb1p\\xa9\\xae,6\\xc6k\"\\x04\n\\xde\\xda\\xdfl\\x94\\xf0\\x07\\x97{\\x91\\xe3zu\\xfc\\xc3\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x005\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1c\\x00\\x1a\\x00\\x00\\x17odc.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
148. },
149. {
150. "http_request": "excel.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x90\\xce\\x8ftsw\\x85\\x0b;i\\xb0\\xaf\\x15\\xda120\\x87\\xe2@\\x9a\\xa2\\x19\\x98\\x80@\\x11;\\xf5\\xeawn\\x10y\\x91\\x19\\xee\\x11\\x95_\\xb6\\x9bg\\x97\"?\\xed@=\\x17\\x05\\xba\\xbe\\xd9\\xa9\\x1d\\xb0\\xdc\\xa6\\x0cx5p\\xc5\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x8e\\x08\\xba\\xcd\\xc8sx\\xf53\\xdc\\x8bl\\xf09[\\xb7\\xd5\\x1c\\xb4\\x8fi\\x94\\xe3\\xeb\\xabrq\\xc6\\xc7\\xabl\\x13\\x15\\xc7\\x0f\\x93\\xad\\x7f-\\xa1\\xf5\\xe1u\\xadqce\\xf4"
151. },
152. {
153. "http_request": "excel.exe_WSASend_\\x17\\x03\\x01\\x01p\\xe3\\xf0~\\xd8\\xd4\\xcaxvhv\\xda\\xf9\\xbfg{\\x18\\x14b#d\\xde\\xbcf\\xaa\\xdc\"\\x02\\xa7\\xf5\\xe8@u\\xdf\\xe8nd\\xb7\\x7f;\\xb2\\x0cw\\xe7\\x04=\\x9b\\x0b\\xe7z\\xc3\\xed\\x91\\xad\\x8c\\x01uf\\xe5x\\x9a_\\x8f91\\xed-d\\xe5ulo%\\x072\\x92\\xc3\t\\xc1\\x8d\\xb2s\\xe2o\\x17\\x03&\\x85c\\x9a2\\xc0\\xba\\x82\\xd6\\xb1\\xde\\xa2o$\\xd5\\xc4\\xfb\\xac\\xed\\x11]\\x9c\\x8b\\x8b\\xe0~\\x97\\x0b\\xdd\\xe1\\xbf\\xc0\\xf4\\xfc\\x1fc\\xedc\\x96\\x0c\\xec\\x91\\x17&z\\xc7ysu\\xd9\\xd2\\xaf\\x83\\xe0\\x0eb\\xd0\\\\x1e\\xab\\xfa\\x14\\xf6\\xf8f\\x15m\\x9c\\xf6'~e\\x1f\\x9f\\xe6\\xa8\\xcb\\x04\\xf7\\x80d\\x93\\x99`\\xa1&&\\xadshun\\x03\\x86\\x02p\\xdb\\xf8\\xbf\\x8aq_\\xfa\\xde\\xb6\\x89h\\x13\\xf2\\xb5\\xed\\xf3\\x9b\\xbbk\\x14\\x19@\\x0e)\\x84q\\x06\\xe6\\xba\\xeb\\x10 \\x8c\\xa4\\x8f\\xf7\\xab\\x8f\\x8d\\xf5\\xcb\\xb2\\xff\\xe3k\\xd4\\xa6\\x19\\x1cx\\xac\\xed\\xda-\\x98\\xce\\x85#\\x8e\\x17*\\xf9\\x0e\\xfc\\x85:\\xf7\\xb6\\x01\\xaa"
154. },
155. {
156. "http_request": "excel.exe_WSASend_\\x16\\x03\\x01\\x00\\x7f\\x01\\x00\\x00{\\x03\\x01]\\x01\\xab\\x83\\x1f}\\xec\\xdc\\x0fm\\x84\\xa9\\x00\\x12\\xd7\\x1bz\\x15\\xc2\\xc5\\x8e\\x02\\xc6\\xc1[\\xa11\\x187\\xd0\\xde\\x00\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00:\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00!\\x00\\x1f\\x00\\x00\\x1cactivation.sls.microsoft.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
157. },
158. {
159. "http_request": "excel.exe_WSASend_\\x16\\x03\\x01\\x01\\x06\\x10\\x00\\x01\\x02\\x01\\x00\\x1b(\\x17[\\xdd\\x9d\\x15\\x19\n\\xb1\\x94\\xd9~\\xf6\\xc4\\xab\\x04:\\xe0h\\x84zs=\\xb3\n\\xaf\\xda\\x88\\x84mv5\\x98\t\\xcffv\\xca\\xb8yp}\\xd7o\\x1a\\xb8\\x18s\n\\xf9\\xd4\\xe3\\xac\\x02jz\\xa7\\x13=\\xde\\x0c\\xbam\\xc7\\xc0<\\xa8\\x9f\\xc1\\xdby\\xd3\\x8e\\xed\\xf4r\\x8b\\xa07&\\xc3.x\\xf1\tu\\xd9},\\xc8\\xc8\\xcc\\xb9\\xa2h\\xe7\\x05u\\xe2\\x8f[\\$j&\\x0c\\x8b\\xe4\\x0c\\x94*r\\x05\\xf4\"\\xbe\\x07uf\\x7f\\xc0)\\xaa\\xcehya\\xe0#\\xd1\\xa2\\xe8\\xf9\\xa2u&<|t\\xbb!%\\x11\\xb0,m\\xe1+\\xc8\\xca=\\xac\"u\\xec@\\xdf\\xe5\\xbax\\xd9\\xcc\\x9a\\x01$\\x92\\xfb\\xe2\\xbd\\xa6\\x05\\xe8\\x16x\\x10t\\x8a\\x98\\x9c+\\x10t8\\xe8\\xe5\\x18\\xe7\\xcc\\xf6&\\xc4\\xdb\\x995)\\xaf\\xf1u\\x82\\xa0m\\x04\\xe0ct\\x92=\\x12\\xf7x\\x14h\\xad\\x98\\xb3\\xd2\\x18\\x13\\xf9\\xa9o\\xd1\\x1a\\x0c%:6\\x85?\\xe4sd>\\x12\\x80\\xbe\\xd6\\x1e\\xc3\rf'\\x14\\xfd"
160. },
161. {
162. "http_request": "excel.exe_WSASend_\\x17\\x03\\x01\\x01`qp?\\xb8/\\x96\\x9e\\x8f\\xb7\\x00\\xe3\\xca\\x87\\y\\x82\\xba\\xd4\\xf8\\xa5u\\xba\\x03!\\x86&9b\\x91\\xaa\\xd6\\xecd\\xed\\x8d\\xf0.\\x89\\xe2f\\xe0\\xc9!\\xd1\\xb0\\xd0\\x8b\\x18\\x93\\x03\\xca\\xdc\\x81z@\\xe54\\xbf\\x16\\x9d\\xca\\x96\\xc6\\xb7\\\\xa2\\xb1\\xf8|\\xa9\\xbd\"g\\x98\\xb6\\x0cb6\\xadnu\\x88\\xb5\\xcd\\x9b\\x0ff3t+[\\xc9\\x04\\xd0\\x90\\x89(p\\x0fr\\x9e\\xac\\xdd\\xd8\\xc4\\x1ejj5\\xdfa\\xb1\\xe7\\x84\\xb1\\x83y\\x01\\xf7\\x91l\\xe5$z\\xc0\\xc6\\xc6x\\xf2\\xa1\\xab\\xb1\\x16\\xdd\\xa5q\\xfb$\\xd2\\xc1,?\\x89\\xe3\\xa7gj\\xd5u\\x89&\\xe4\\x93\\x1f\\xed\\xb8x\\xbe\\x99\\xc1\\x84~\\x97zjwsb\\xce\\xfe\\x1f\\x1f6\\xa5cb\\x85\\x9e\\xb0\\xf6\\xeb\\xb1k\\xad\\xeasu\\xd4g*\\xab\\xb4\\xd4\\xec\\x1a\\xcd\\xe5[\\xce\\x0b1\\x8fb\\xad\\xd5\n\\x04\\xdc$\\x04\\xa1\\x12\n\\x13\\xf4x\\xe6\\xd8\\xaek\\x0cnf\\xf7g\\x01\\xb2\\xdb\\xc8w\\xcd\\x02\\x7f\\x03]\\xdc\\x86\\xc3c\\xb4\\xb5\\x9d\r\\x94,\\xaeo`*\\xf1\\x9a"
163. },
164. {
165. "http_request": "excel.exe_WSASend_\\x17\\x03\\x019p\\x82g\\xc8\\x02\\x17\\x85\\xe8a\\xa9\\xe7\\x15'z\\xb7p\\xd5;\\x08\\xf1#\\xf2\\xc9\\x96\\x93\\xd9\\xfe\\x91\\xf6>\\x02\\xaa\\xcao\\x08p\\x93h~\\xed?\\x07\\xdbj\r(y\\x0e\\xe69\\x92w1k&\\x80\\xa1#\\x10_7\\xc2\\x0e\\xf1\\xb5tb\\xad\\x98\\xe5~\\x90b.\\xe5\\x82\\xac\tf\\xafa\\x19\\xd7\\xe3\\xf5 \\xd0`\\xc0\\xa6@\\xe5\\x80\\xf7\"\\x8a\\x86\\x1b\\x10)t\\xde\\xfa\\x9f\\x17\\x9b\r?wa5>\\xe4le\\xfey-\\xcb\\xc1\\x1dk\\x01t\\x89{\\x97\\xf4|c\\x0f\\x96y\\x1dif\\xd2\\xa9s+@\\\\xfb@\\x85}ug3\\x92\\xd6\\xa4\\xe7\\xfa\\x1f\\xa1l\\xd6\\xfb84r\\x0ea\\xe1}\\xc9@\\x03\\x05\\x14 u\\x8f_l\\xd1\\xdc\\x0bo\\x8c4\\xf2ec\\x12\\xd9\\x84\\x1f\\xe1mp\\x99\\xbal\\xec\\xe0\\xf6\\x959@\\xa9\\xe9\\x06\\xe0\\xc9%\\xf7\\xd2\\xf6\\xd8\\xbd\\xedd\\xbf\\xe7z~\\xab\\xad-`\\x15;\\xac\\xed\\xf5\\xd8$\\xe7`u\\xf1\\x11s\\xe8\\xf3\\x8b\\x86\\xf8\\x8e\\xb2|\\x08\\x1e\\x8esvks\\xbe\\xe5"
166. }
167. ]
168. },
169. {
170. "Description": "File has been identified by 13 Antiviruses on VirusTotal as malicious",
171. "Details": [
172. {
173. "Symantec": "Trojan.Mdropper"
174. },
175. {
176. "ESET-NOD32": "a variant of DOC/TrojanDownloader.Agent.AJP"
177. },
178. {
179. "TrendMicro-HouseCall": "Trojan.X97M.DLOADR.JHLZ"
180. },
181. {
182. "Kaspersky": "HEUR:Trojan-Downloader.MSOffice.Agent.gen"
183. },
184. {
185. "Tencent": "Win32.Trojan-downloader.Agent.Pjdn"
186. },
187. {
188. "DrWeb": "Trojan.DownLoader28.48844"
189. },
190. {
191. "TrendMicro": "Trojan.X97M.DLOADR.JHLZ"
192. },
193. {
194. "McAfee-GW-Edition": "Artemis"
195. },
196. {
197. "Avira": "W97M/Dldr.Agent.lyfiz"
198. },
199. {
200. "ZoneAlarm": "HEUR:Trojan-Downloader.MSOffice.Agent.gen"
201. },
202. {
203. "GData": "Generic.Trojan-Downloader.Agent.ALO"
204. },
205. {
206. "Rising": "Downloader.Msiexec/VBA!1.B7A4 (CLASSIC)"
207. },
208. {
209. "Ikarus": "Trojan-Downloader.VBA.Agent"
210. }
211. ]
212. }
213. ]
214.  
215. [*] Started Service: [
216. "osppsvc"
217. ]
218.  
219. [*] Executed Commands: []
220.  
221. [*] Mutexes: [
222. "Global\\MTX_MSO_Formal1_S-1-5-21-0000000000-0000000000-0000000000-1000",
223. "Global\\MTX_MSO_AdHoc1_S-1-5-21-0000000000-0000000000-0000000000-1000",
224. "5CAC3FAB-87F0-4750-984D-D50144543427-VER15",
225. "KYIMEShareCachedData.MutexObject.user",
226. "KYTransactionServer.MutexObject.user",
227. "Global\\552FFA80-3393-423d-8671-7BA046BB5906",
228. "Global\\MsoShellExtRegAccess_S-1-5-21-0000000000-0000000000-0000000000-1000"
229. ]
230.  
231. [*] Modified Files: [
232. "C:\\Users\\user\\AppData\\Local\\Temp\\11-Jun-2019_412ac541.xls",
233. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF8940FCF47C49C6E8.TMP",
234. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
235. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
236. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
237. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
238. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab9FE.tmp",
239. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar9FF.tmp"
240. ]
241.  
242. [*] Deleted Files: [
243. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab9FE.tmp",
244. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar9FF.tmp",
245. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Schemas\\MS Excel_restart.xml",
246. "C:\\Users\\user\\AppData\\Local\\Temp\\CVR2AA.tmp.cvr"
247. ]
248.  
249. [*] Modified Registry Keys: [
250. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\StartupItems",
251. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\StartupItems\\ztj",
252. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\DocumentRecovery",
253. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\DocumentRecovery\\E8ACFB",
254. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\DocumentRecovery\\E8ACFB\\E8ACFB",
255. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingConfigurableSettings",
256. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastSyncTime",
257. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastWriteTime",
258. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle",
259. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle\\ReviewToken",
260. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\OUTLOOKFiles",
261. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Security\\Trusted Documents",
262. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Security\\Trusted Documents\\LastPurgeTime",
263. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\DocumentRecovery\\E947F9",
264. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\DocumentRecovery\\E947F9\\E947F9",
265. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
266. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
267. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Place MRU\\Change",
268. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\File MRU\\Change",
269. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Place MRU\\Change\\ChangeId",
270. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\File MRU\\Change\\ChangeId",
271. "HKEY_CURRENT_USER\\Software\\Microsoft\\IMEMIP\\0x0409",
272. "HKEY_CURRENT_USER\\Software\\Microsoft\\IMEMIP\\0x0409\\Input",
273. "HKEY_CURRENT_USER\\Software\\Microsoft\\IMEMIP\\0x0409\\TargetConverted",
274. "HKEY_CURRENT_USER\\Software\\Microsoft\\IMEMIP\\0x0409\\Converted",
275. "HKEY_CURRENT_USER\\Software\\Microsoft\\IMEMIP\\0x0409\\TargetNotConverted",
276. "HKEY_CURRENT_USER\\Software\\Microsoft\\IMEMIP\\0x0409\\InputError",
277. "HKEY_CURRENT_USER\\Software\\Microsoft\\IMEMIP\\0x0409\\FixedConverted",
278. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Common\\Cloud Storage",
279. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ForceCacheRefresh",
280. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OnceSucceeded",
281. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
282. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate",
283. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT",
284. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Capabilities",
285. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ConnectMechanism",
286. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsManaged",
287. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsRemovable",
288. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceOwner",
289. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SortOrder",
290. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SupportsMultiple",
291. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\CapabilitiesMetadata",
292. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Description",
293. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Name",
294. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceId",
295. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceUrl",
296. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata",
297. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\KeyTip",
298. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\Type",
299. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails",
300. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url16x16",
301. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url32x32",
302. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url48x48",
303. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP",
304. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Capabilities",
305. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ConnectMechanism",
306. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsManaged",
307. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsRemovable",
308. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceOwner",
309. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SortOrder",
310. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SupportsMultiple",
311. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\CapabilitiesMetadata",
312. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Description",
313. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Name",
314. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceId",
315. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceUrl",
316. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata",
317. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\KeyTip",
318. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\Type",
319. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails",
320. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
321. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
322. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
323. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT",
324. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Capabilities",
325. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ConnectMechanism",
326. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsManaged",
327. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsRemovable",
328. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceOwner",
329. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SortOrder",
330. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SupportsMultiple",
331. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\CapabilitiesMetadata",
332. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Description",
333. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Name",
334. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceId",
335. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceUrl",
336. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata",
337. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\KeyTip",
338. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\Type",
339. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails",
340. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url16x16",
341. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url32x32",
342. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url48x48",
343. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP",
344. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Capabilities",
345. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ConnectMechanism",
346. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsManaged",
347. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsRemovable",
348. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceOwner",
349. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SortOrder",
350. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SupportsMultiple",
351. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\CapabilitiesMetadata",
352. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Description",
353. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Name",
354. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceId",
355. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceUrl",
356. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata",
357. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\KeyTip",
358. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\Type",
359. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails",
360. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
361. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
362. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
363. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED",
364. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Capabilities",
365. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ConnectMechanism",
366. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsManaged",
367. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsRemovable",
368. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceOwner",
369. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SortOrder",
370. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SupportsMultiple",
371. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\CapabilitiesMetadata",
372. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Description",
373. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Name",
374. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceId",
375. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceUrl",
376. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata",
377. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\KeyTip",
378. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\Type",
379. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT",
380. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Capabilities",
381. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ConnectMechanism",
382. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsManaged",
383. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsRemovable",
384. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceOwner",
385. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SortOrder",
386. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SupportsMultiple",
387. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\CapabilitiesMetadata",
388. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Description",
389. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Name",
390. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceId",
391. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceUrl",
392. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata",
393. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\DefaultFolderRelativePath",
394. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\KeyTip",
395. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\Type",
396. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails",
397. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url16x16",
398. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url32x32",
399. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url48x48",
400. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP",
401. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Capabilities",
402. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ConnectMechanism",
403. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsManaged",
404. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsRemovable",
405. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceOwner",
406. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SortOrder",
407. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SupportsMultiple",
408. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\CapabilitiesMetadata",
409. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Description",
410. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Name",
411. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceId",
412. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceUrl",
413. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata",
414. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\KeyTip",
415. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\Type",
416. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails",
417. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
418. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
419. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
420. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER",
421. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Capabilities",
422. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ConnectMechanism",
423. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsManaged",
424. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsRemovable",
425. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceOwner",
426. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SortOrder",
427. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SupportsMultiple",
428. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\CapabilitiesMetadata",
429. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Description",
430. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Name",
431. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceId",
432. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceUrl",
433. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata",
434. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\HideIfEmpty",
435. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\KeyTip",
436. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\Type",
437. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails",
438. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url16x16",
439. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url32x32",
440. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url48x48",
441. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE",
442. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Capabilities",
443. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ConnectMechanism",
444. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsManaged",
445. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsRemovable",
446. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceOwner",
447. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SortOrder",
448. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SupportsMultiple",
449. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\CapabilitiesMetadata",
450. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Description",
451. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Name",
452. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceId",
453. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceUrl",
454. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata",
455. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
456. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
457. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\KeyTip",
458. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\RegularExpression",
459. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\Type",
460. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails",
461. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url16x16",
462. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url32x32",
463. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url48x48",
464. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT",
465. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Capabilities",
466. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ConnectMechanism",
467. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsManaged",
468. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsRemovable",
469. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceOwner",
470. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SortOrder",
471. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SupportsMultiple",
472. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Description",
473. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Name",
474. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceId",
475. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceUrl",
476. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails",
477. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url16x16",
478. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url32x32",
479. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url48x48",
480. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE",
481. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Capabilities",
482. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ConnectMechanism",
483. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsManaged",
484. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsRemovable",
485. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceOwner",
486. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SortOrder",
487. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SupportsMultiple",
488. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Description",
489. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Name",
490. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceId",
491. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceUrl",
492. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails",
493. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url16x16",
494. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url32x32",
495. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url48x48",
496. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE",
497. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Capabilities",
498. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ConnectMechanism",
499. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsManaged",
500. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsRemovable",
501. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceOwner",
502. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SortOrder",
503. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SupportsMultiple",
504. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\CapabilitiesMetadata",
505. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Description",
506. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Name",
507. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceId",
508. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceUrl",
509. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata",
510. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
511. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
512. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\KeyTip",
513. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\RegularExpression",
514. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\Type",
515. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails",
516. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url16x16",
517. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url32x32",
518. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url48x48",
519. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Licensing\\107E1A9A03AE4F2BACF70CC519E60E7B",
520. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\ExcelName",
521. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Options",
522. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Options\\Options5",
523. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Options\\OptionFormat",
524. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Options\\Pos",
525. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\ProductFiles",
526. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\MTTF",
527. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\MTTA",
528. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Feedback\\AppUsageData_2"
529. ]
530.  
531. [*] Deleted Registry Keys: [
532. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\DocumentRecovery\\E8ACFB\\E8ACFB",
533. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\StartupItems\\ztj",
534. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
535. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
536. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
537. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate",
538. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\Resiliency\\DocumentRecovery\\E947F9\\E947F9",
539. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Excel\\MTTT"
540. ]
541.  
542. [*] DNS Communications: []
543.  
544. [*] Domains: []
545.  
546. [*] Network Communication - ICMP: []
547.  
548. [*] Network Communication - HTTP: [
549. {
550. "count": 1,
551. "body": "",
552. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
553. "user-agent": "Microsoft-CryptoAPI/6.1",
554. "method": "GET",
555. "host": "ocsp.digicert.com",
556. "version": "1.1",
557. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
558. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
559. "port": 80
560. },
561. {
562. "count": 1,
563. "body": "",
564. "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
565. "user-agent": "Microsoft-CryptoAPI/6.1",
566. "method": "GET",
567. "host": "ocsp.msocsp.com",
568. "version": "1.1",
569. "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
570. "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
571. "port": 80
572. },
573. {
574. "count": 1,
575. "body": "",
576. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
577. "user-agent": "Microsoft-CryptoAPI/6.1",
578. "method": "GET",
579. "host": "ocsp.digicert.com",
580. "version": "1.1",
581. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
582. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
583. "port": 80
584. },
585. {
586. "count": 1,
587. "body": "",
588. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
589. "user-agent": "Microsoft-CryptoAPI/6.1",
590. "method": "GET",
591. "host": "ocsp.digicert.com",
592. "version": "1.1",
593. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
594. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
595. "port": 80
596. },
597. {
598. "count": 1,
599. "body": "",
600. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
601. "user-agent": "Microsoft-CryptoAPI/6.1",
602. "method": "GET",
603. "host": "ocsp.digicert.com",
604. "version": "1.1",
605. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
606. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
607. "port": 80
608. },
609. {
610. "count": 1,
611. "body": "",
612. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
613. "user-agent": "Microsoft-CryptoAPI/6.1",
614. "method": "GET",
615. "host": "ocsp.pki.goog",
616. "version": "1.1",
617. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
618. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
619. "port": 80
620. },
621. {
622. "count": 1,
623. "body": "",
624. "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
625. "user-agent": "Microsoft-CryptoAPI/6.1",
626. "method": "GET",
627. "host": "crl.microsoft.com",
628. "version": "1.1",
629. "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
630. "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
631. "port": 80
632. },
633. {
634. "count": 1,
635. "body": "",
636. "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
637. "user-agent": "Microsoft-CryptoAPI/6.1",
638. "method": "GET",
639. "host": "ocsp.comodoca.com",
640. "version": "1.1",
641. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
642. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
643. "port": 80
644. },
645. {
646. "count": 1,
647. "body": "",
648. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
649. "user-agent": "Microsoft-CryptoAPI/6.1",
650. "method": "GET",
651. "host": "ocsp.pki.goog",
652. "version": "1.1",
653. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
654. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
655. "port": 80
656. },
657. {
658. "count": 1,
659. "body": "",
660. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
661. "user-agent": "Microsoft-CryptoAPI/6.1",
662. "method": "GET",
663. "host": "ocsp.digicert.com",
664. "version": "1.1",
665. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
666. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
667. "port": 80
668. },
669. {
670. "count": 1,
671. "body": "",
672. "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
673. "user-agent": "Microsoft-CryptoAPI/6.1",
674. "method": "GET",
675. "host": "www.download.windowsupdate.com",
676. "version": "1.1",
677. "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
678. "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
679. "port": 80
680. },
681. {
682. "count": 1,
683. "body": "",
684. "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
685. "user-agent": "Microsoft-CryptoAPI/6.1",
686. "method": "GET",
687. "host": "crl.microsoft.com",
688. "version": "1.1",
689. "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
690. "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
691. "port": 80
692. },
693. {
694. "count": 1,
695. "body": "",
696. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
697. "user-agent": "Microsoft-CryptoAPI/6.1",
698. "method": "GET",
699. "host": "ocsp.digicert.com",
700. "version": "1.1",
701. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
702. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
703. "port": 80
704. },
705. {
706. "count": 1,
707. "body": "",
708. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
709. "user-agent": "Microsoft-CryptoAPI/6.1",
710. "method": "GET",
711. "host": "ocsp.digicert.com",
712. "version": "1.1",
713. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
714. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
715. "port": 80
716. },
717. {
718. "count": 1,
719. "body": "",
720. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
721. "user-agent": "Microsoft-CryptoAPI/6.1",
722. "method": "GET",
723. "host": "ocsp.digicert.com",
724. "version": "1.1",
725. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
726. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
727. "port": 80
728. },
729. {
730. "count": 1,
731. "body": "",
732. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
733. "user-agent": "Microsoft-CryptoAPI/6.1",
734. "method": "GET",
735. "host": "ocsp.pki.goog",
736. "version": "1.1",
737. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
738. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
739. "port": 80
740. },
741. {
742. "count": 1,
743. "body": "",
744. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
745. "user-agent": "Microsoft-CryptoAPI/6.1",
746. "method": "GET",
747. "host": "ocsp.pki.goog",
748. "version": "1.1",
749. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
750. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
751. "port": 80
752. },
753. {
754. "count": 1,
755. "body": "",
756. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
757. "user-agent": "Microsoft-CryptoAPI/6.1",
758. "method": "GET",
759. "host": "ocsp.digicert.com",
760. "version": "1.1",
761. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
762. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
763. "port": 80
764. },
765. {
766. "count": 1,
767. "body": "",
768. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
769. "user-agent": "Microsoft-CryptoAPI/6.1",
770. "method": "GET",
771. "host": "ocsp.pki.goog",
772. "version": "1.1",
773. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
774. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
775. "port": 80
776. },
777. {
778. "count": 1,
779. "body": "",
780. "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
781. "user-agent": "Microsoft-CryptoAPI/6.1",
782. "method": "GET",
783. "host": "ocsp.thawte.com",
784. "version": "1.1",
785. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
786. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
787. "port": 80
788. },
789. {
790. "count": 1,
791. "body": "",
792. "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
793. "user-agent": "Microsoft-CryptoAPI/6.1",
794. "method": "GET",
795. "host": "ocsp.usertrust.com",
796. "version": "1.1",
797. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
798. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
799. "port": 80
800. },
801. {
802. "count": 1,
803. "body": "",
804. "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
805. "user-agent": "Microsoft-CryptoAPI/6.1",
806. "method": "GET",
807. "host": "th.symcd.com",
808. "version": "1.1",
809. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
810. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
811. "port": 80
812. },
813. {
814. "count": 1,
815. "body": "",
816. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
817. "user-agent": "Microsoft-CryptoAPI/6.1",
818. "method": "GET",
819. "host": "ocsp.digicert.com",
820. "version": "1.1",
821. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
822. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
823. "port": 80
824. },
825. {
826. "count": 1,
827. "body": "",
828. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
829. "user-agent": "Microsoft-CryptoAPI/6.1",
830. "method": "GET",
831. "host": "ocsp.digicert.com",
832. "version": "1.1",
833. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
834. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
835. "port": 80
836. },
837. {
838. "count": 1,
839. "body": "",
840. "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
841. "user-agent": "Microsoft-CryptoAPI/6.1",
842. "method": "GET",
843. "host": "ocsp.pki.goog",
844. "version": "1.1",
845. "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
846. "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
847. "port": 80
848. },
849. {
850. "count": 1,
851. "body": "",
852. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
853. "user-agent": "Microsoft-CryptoAPI/6.1",
854. "method": "GET",
855. "host": "crl.microsoft.com",
856. "version": "1.1",
857. "path": "/pki/crl/products/microsoftrootcert.crl",
858. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
859. "port": 80
860. },
861. {
862. "count": 1,
863. "body": "",
864. "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
865. "user-agent": "Microsoft BITS/7.5",
866. "method": "HEAD",
867. "host": "redirector.gvt1.com",
868. "version": "1.1",
869. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
870. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
871. "port": 80
872. },
873. {
874. "count": 1,
875. "body": "",
876. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
877. "user-agent": "Microsoft BITS/7.5",
878. "method": "HEAD",
879. "host": "r13---sn-bvvbax-2ime.gvt1.com",
880. "version": "1.1",
881. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
882. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
883. "port": 80
884. },
885. {
886. "count": 1,
887. "body": "",
888. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
889. "user-agent": "Microsoft BITS/7.5",
890. "method": "GET",
891. "host": "r13---sn-bvvbax-2ime.gvt1.com",
892. "version": "1.1",
893. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
894. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-6941\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
895. "port": 80
896. },
897. {
898. "count": 1,
899. "body": "",
900. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
901. "user-agent": "Microsoft BITS/7.5",
902. "method": "GET",
903. "host": "r13---sn-bvvbax-2ime.gvt1.com",
904. "version": "1.1",
905. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
906. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6942-17545\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
907. "port": 80
908. },
909. {
910. "count": 1,
911. "body": "",
912. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
913. "user-agent": "Microsoft BITS/7.5",
914. "method": "GET",
915. "host": "r13---sn-bvvbax-2ime.gvt1.com",
916. "version": "1.1",
917. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
918. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=17546-27388\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
919. "port": 80
920. },
921. {
922. "count": 1,
923. "body": "",
924. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
925. "user-agent": "Microsoft BITS/7.5",
926. "method": "GET",
927. "host": "r13---sn-bvvbax-2ime.gvt1.com",
928. "version": "1.1",
929. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
930. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=27389-37024\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
931. "port": 80
932. },
933. {
934. "count": 1,
935. "body": "",
936. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
937. "user-agent": "Microsoft BITS/7.5",
938. "method": "GET",
939. "host": "r13---sn-bvvbax-2ime.gvt1.com",
940. "version": "1.1",
941. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
942. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=37025-58152\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
943. "port": 80
944. },
945. {
946. "count": 1,
947. "body": "",
948. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
949. "user-agent": "Microsoft BITS/7.5",
950. "method": "GET",
951. "host": "r13---sn-bvvbax-2ime.gvt1.com",
952. "version": "1.1",
953. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
954. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=58153-101489\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
955. "port": 80
956. },
957. {
958. "count": 1,
959. "body": "",
960. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
961. "user-agent": "Microsoft BITS/7.5",
962. "method": "GET",
963. "host": "r13---sn-bvvbax-2ime.gvt1.com",
964. "version": "1.1",
965. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
966. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=101490-189094\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
967. "port": 80
968. },
969. {
970. "count": 1,
971. "body": "",
972. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
973. "user-agent": "Microsoft BITS/7.5",
974. "method": "GET",
975. "host": "r13---sn-bvvbax-2ime.gvt1.com",
976. "version": "1.1",
977. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
978. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=189095-366029\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
979. "port": 80
980. },
981. {
982. "count": 1,
983. "body": "",
984. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
985. "user-agent": "Microsoft BITS/7.5",
986. "method": "GET",
987. "host": "r13---sn-bvvbax-2ime.gvt1.com",
988. "version": "1.1",
989. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
990. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=366030-722650\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
991. "port": 80
992. },
993. {
994. "count": 2,
995. "body": "",
996. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
997. "user-agent": "Microsoft BITS/7.5",
998. "method": "GET",
999. "host": "r13---sn-bvvbax-2ime.gvt1.com",
1000. "version": "1.1",
1001. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
1002. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=722651-1439529\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
1003. "port": 80
1004. },
1005. {
1006. "count": 1,
1007. "body": "",
1008. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
1009. "user-agent": "Microsoft BITS/7.5",
1010. "method": "GET",
1011. "host": "r13---sn-bvvbax-2ime.gvt1.com",
1012. "version": "1.1",
1013. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
1014. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1439530-2381103\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
1015. "port": 80
1016. },
1017. {
1018. "count": 1,
1019. "body": "",
1020. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
1021. "user-agent": "Microsoft BITS/7.5",
1022. "method": "GET",
1023. "host": "r13---sn-bvvbax-2ime.gvt1.com",
1024. "version": "1.1",
1025. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
1026. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2381104-4303151\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
1027. "port": 80
1028. },
1029. {
1030. "count": 1,
1031. "body": "",
1032. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
1033. "user-agent": "Microsoft BITS/7.5",
1034. "method": "GET",
1035. "host": "r13---sn-bvvbax-2ime.gvt1.com",
1036. "version": "1.1",
1037. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
1038. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=4303152-10134217\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
1039. "port": 80
1040. },
1041. {
1042. "count": 1,
1043. "body": "",
1044. "uri": "http://r13---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
1045. "user-agent": "Microsoft BITS/7.5",
1046. "method": "GET",
1047. "host": "r13---sn-bvvbax-2ime.gvt1.com",
1048. "version": "1.1",
1049. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes",
1050. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560390509&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=10134218-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r13---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
1051. "port": 80
1052. }
1053. ]
1054.  
1055. [*] Network Communication - SMTP: []
1056.  
1057. [*] Network Communication - Hosts: []
1058.  
1059. [*] Network Communication - IRC: []
1060.  
1061. [*] Static Analysis: {
1062. "office": {
1063. "Metadata": {
1064. "SummaryInformation": {
1065. "num_words": "None",
1066. "num_pages": "None",
1067. "last_saved_by": "alex",
1068. "creating_application": "Microsoft Excel",
1069. "author": "Microsoft Office",
1070. "revision_number": "None",
1071. "codepage": "1251",
1072. "title": "None",
1073. "comments": "None",
1074. "num_chars": "None",
1075. "total_edit_time": "None",
1076. "create_time": "None",
1077. "template": "None",
1078. "last_printed": "None",
1079. "keywords": "None",
1080. "security": "0",
1081. "last_saved_time": "None",
1082. "thumbnail": "None",
1083. "subject": "None"
1084. },
1085. "DocumentSummaryInformation": {
1086. "codepage_doc": "1251",
1087. "chars_with_spaces": "None",
1088. "shared_doc": "False",
1089. "paragraphs": "None",
1090. "hidden_slides": "None",
1091. "mm_clips": "None",
1092. "category": "None",
1093. "presentation_target": "None",
1094. "hlinks_changed": "False",
1095. "scale_crop": "False",
1096. "version": "1048576",
1097. "hlinks": "None",
1098. "link_base": "None",
1099. "company": "Microsoft Corporation",
1100. "unused": "None",
1101. "dig_sig": "None",
1102. "content_type": "None",
1103. "heading_pairs": "None",
1104. "slides": "None",
1105. "links_dirty": "False",
1106. "language": "None",
1107. "notes": "None",
1108. "bytes": "None",
1109. "manager": "None",
1110. "content_status": "None",
1111. "doc_version": "None",
1112. "titles_of_parts": "None",
1113. "lines": "None"
1114. },
1115. "HasMacros": "No",
1116. "DocumentType": "Excel Workbook"
1117. }
1118. }
1119. }
1120.  
1121. [*] Resolved APIs: [
1122. "mso.dll.#8511",
1123. "mso.dll.#3723",
1124. "mso.dll.#2279",
1125. "mso.dll.#2560",
1126. "mso.dll.#7826",
1127. "mso.dll.#5863",
1128. "shell32.dll.#152",
1129. "shell32.dll.#18",
1130. "shell32.dll.#17",
1131. "mso.dll.#690",
1132. "mso.dll.#3062",
1133. "mso.dll.#8529",
1134. "mpr.dll.WNetGetConnectionA",
1135. "mpr.dll.WNetAddConnection3W",
1136. "mso.dll.#94",
1137. "mso.dll.#3260",
1138. "mso.dll.#1776",
1139. "mso.dll.#1073",
1140. "mso.dll.#1441",
1141. "mso.dll.#4994",
1142. "mso.dll.#8218",
1143. "mso.dll.#6226",
1144. "mso.dll.#7032",
1145. "mso.dll.#2824",
1146. "mso.dll.#8369",
1147. "mso.dll.#1521",
1148. "mso.dll.#2652",
1149. "mso.dll.#1836",
1150. "mso.dll.#935",
1151. "mso.dll.#6439",
1152. "mso.dll.#6859",
1153. "mso.dll.#5188",
1154. "user32.dll.GetSysColor",
1155. "mso.dll.#9736",
1156. "mso.dll.#7736",
1157. "mso.dll.#6394",
1158. "mso.dll.#9234",
1159. "mso.dll.#2557",
1160. "mso.dll.#2975",
1161. "mso.dll.#3598",
1162. "mso.dll.#6588",
1163. "msi.dll.#111",
1164. "mso.dll.#1176",
1165. "mso.dll.#5965",
1166. "mso.dll.#9041",
1167. "mso.dll.#2814",
1168. "mso.dll.#5377",
1169. "oleaut32.dll.#2",
1170. "oleaut32.dll.#6",
1171. "mso.dll.#1241",
1172. "bcryptprimitives.dll.GetHashInterface",
1173. "cryptnet.dll.CertDllVerifyRevocation",
1174. "sechost.dll.ConvertSidToStringSidW",
1175. "profapi.dll.#104",
1176. "mso.dll.#2161",
1177. "mso.dll.FIsLSCUrl",
1178. "mso.dll.#7792",
1179. "mso.dll.#5889",
1180. "mso.dll.#2422",
1181. "mso.dll.#5002",
1182. "sensapi.dll.IsNetworkAlive",
1183. "rpcrt4.dll.RpcBindingFromStringBindingW",
1184. "rpcrt4.dll.RpcBindingSetAuthInfoExW",
1185. "rpcrt4.dll.NdrClientCall2",
1186. "winhttp.dll.WinHttpOpen",
1187. "winhttp.dll.WinHttpSetTimeouts",
1188. "winhttp.dll.WinHttpSetOption",
1189. "winhttp.dll.WinHttpCrackUrl",
1190. "winhttp.dll.WinHttpConnect",
1191. "winhttp.dll.WinHttpOpenRequest",
1192. "winhttp.dll.WinHttpGetDefaultProxyConfiguration",
1193. "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
1194. "winhttp.dll.WinHttpTimeFromSystemTime",
1195. "winhttp.dll.WinHttpSendRequest",
1196. "gkexcel.dll.FValidateExcelFile",
1197. "gkexcel.dll.GkInitHost",
1198. "mso.dll.#2739",
1199. "mso.dll.#5709",
1200. "mso.dll.#5177",
1201. "mso.dll.#9203",
1202. "mso.dll.#5061",
1203. "mso.dll.#9783",
1204. "winhttp.dll.WinHttpReceiveResponse",
1205. "winhttp.dll.WinHttpQueryHeaders",
1206. "shlwapi.dll.StrStrIW",
1207. "winhttp.dll.WinHttpQueryDataAvailable",
1208. "winhttp.dll.WinHttpReadData",
1209. "mso.dll.#7640",
1210. "user32.dll.SetScrollRange",
1211. "user32.dll.SetWindowWord",
1212. "mso.dll.#343",
1213. "mso.dll.#9636",
1214. "mso.dll.#2022",
1215. "mso.dll.#4750",
1216. "mso.dll.#3747",
1217. "mso.dll.#2660",
1218. "shell32.dll.DragAcceptFiles",
1219. "mso.dll.#1719",
1220. "user32.dll.ClientToScreen",
1221. "mso.dll.#81",
1222. "winhttp.dll.WinHttpCloseHandle",
1223. "gdi32.dll.GetOutlineTextMetricsW",
1224. "mso.dll.#7238",
1225. "mso.dll.#1774",
1226. "mso.dll.#6452",
1227. "mso.dll.#5764",
1228. "ole32.dll.CoGetCallState",
1229. "ole32.dll.CoGetActivationState",
1230. "advapi32.dll.RegisterWaitChainCOMCallback",
1231. "mso.dll.#8140",
1232. "mso.dll.#3913",
1233. "user32.dll.PeekMessageA",
1234. "mso.dll.#356",
1235. "mso.dll.#1006",
1236. "mso.dll.#408",
1237. "mso.dll.#8622",
1238. "mso.dll.#3449",
1239. "mso.dll.#3820",
1240. "mso.dll.#2714",
1241. "mso.dll.#469",
1242. "mso.dll.#7974",
1243. "mso.dll.#2609",
1244. "oleaut32.dll.#8",
1245. "cryptnet.dll.I_CryptNetGetConnectivity",
1246. "cryptnet.dll.CryptRetrieveObjectByUrlW",
1247. "oleaut32.dll.#9",
1248. "setupapi.dll.SetupIterateCabinetW",
1249. "kernel32.dll.RegOpenKeyExW",
1250. "kernel32.dll.RegCloseKey",
1251. "cabinet.dll.#20",
1252. "cabinet.dll.#22",
1253. "mso.dll.#4872",
1254. "devrtl.dll.DevRtlGetThreadLogToken",
1255. "mso.dll.#1780",
1256. "mso.dll.#3834",
1257. "mso.dll.#8879",
1258. "mso.dll.#6949",
1259. "mso.dll.#5457",
1260. "mso.dll.#9462",
1261. "cryptsp.dll.CryptSetHashParam",
1262. "sechost.dll.OpenSCManagerW",
1263. "sechost.dll.OpenServiceW",
1264. "user32.dll.GetScrollRange",
1265. "sechost.dll.QueryServiceConfigA",
1266. "sechost.dll.QueryServiceStatus",
1267. "sechost.dll.CloseServiceHandle",
1268. "rpcrt4.dll.RpcStringBindingComposeA",
1269. "rpcrt4.dll.RpcBindingFromStringBindingA",
1270. "rpcrt4.dll.RpcEpResolveBinding",
1271. "sechost.dll.LookupAccountSidLocalW",
1272. "rpcrt4.dll.RpcStringFreeA",
1273. "rpcrt4.dll.RpcBindingFree",
1274. "mso.dll.#3380",
1275. "mso.dll.#4648",
1276. "mso.dll.#6873",
1277. "mso.dll.#2052",
1278. "mso.dll.#7703",
1279. "mso.dll.#4607",
1280. "mso.dll.#2751",
1281. "mso.dll.#1281",
1282. "gdi32.dll.GetRgnBox",
1283. "user32.dll.SetScrollPos",
1284. "oleaut32.dll.#10",
1285. "mso.dll.#1767",
1286. "webservices.dll.WsResetHeap",
1287. "user32.dll.SetFocus",
1288. "webservices.dll.WsCloseServiceProxy",
1289. "ws2_32.dll.#3",
1290. "webservices.dll.WsFreeServiceProxy",
1291. "ncrypt.dll.SslDecrementProviderReferenceCount",
1292. "ncrypt.dll.SslFreeObject",
1293. "user32.dll.IsRectEmpty",
1294. "user32.dll.CreateCaret",
1295. "user32.dll.SetCaretPos",
1296. "user32.dll.GetSystemMetrics",
1297. "user32.dll.MonitorFromWindow",
1298. "user32.dll.MonitorFromRect",
1299. "user32.dll.MonitorFromPoint",
1300. "user32.dll.EnumDisplayMonitors",
1301. "user32.dll.GetMonitorInfoA",
1302. "user32.dll.EnumDisplayDevicesA",
1303. "user32.dll.SetRect",
1304. "user32.dll.GetFocus",
1305. "mso.dll.#2068",
1306. "gdi32.dll.CreateDIBSection",
1307. "gdi32.dll.CreateCompatibleDC",
1308. "gdi32.dll.GetViewportOrgEx",
1309. "gdi32.dll.SetViewportOrgEx",
1310. "gdi32.dll.SetGraphicsMode",
1311. "mso.dll.#339",
1312. "gdi32.dll.SetBkColor",
1313. "gdi32.dll.ExtTextOutA",
1314. "gdi32.dll.PatBlt",
1315. "mso.dll.#4716",
1316. "gdi32.dll.ExtTextOutW",
1317. "user32.dll.BeginPaint",
1318. "user32.dll.FillRect",
1319. "mso.dll.#9414",
1320. "mso.dll.#2538",
1321. "windowscodecs.dll.WICCreateImagingFactory_Proxy",
1322. "kernel32.dll.WerRegisterMemoryBlock",
1323. "gdi32.dll.SetStretchBltMode",
1324. "gdi32.dll.DeleteDC",
1325. "mso.dll.#580",
1326. "user32.dll.IsWindowRedirectedForPrint",
1327. "gdi32.dll.CreateRectRgnIndirect",
1328. "user32.dll.GetUpdateRgn",
1329. "user32.dll.ValidateRect",
1330. "user32.dll.GetUpdateRect",
1331. "user32.dll.EndPaint",
1332. "mso.dll.#2398",
1333. "user32.dll.GetKeyboardLayout",
1334. "mso.dll.#1213",
1335. "mso.dll.#5735",
1336. "mso.dll.#1335",
1337. "mso.dll.#6117",
1338. "mso.dll.#5213",
1339. "user32.dll.GetWindowTextW",
1340. "user32.dll.SetWindowTextW",
1341. "mso.dll.#5152",
1342. "mso.dll.#5407",
1343. "user32.dll.BringWindowToTop",
1344. "mso.dll.#5330",
1345. "user32.dll.DestroyCaret",
1346. "mso.dll.#3084",
1347. "user32.dll.WindowFromDC",
1348. "winmm.dll.timeGetTime",
1349. "mso.dll.#1429",
1350. "mso.dll.#6502",
1351. "mso.dll.#2566",
1352. "mso.dll.#6664",
1353. "mso.dll.#3043",
1354. "mso.dll.#2340",
1355. "mso.dll.#6843",
1356. "mso.dll.#1566",
1357. "mso.dll.#894",
1358. "mso.dll.#2786",
1359. "mso.dll.#9585",
1360. "mso.dll.#4651",
1361. "user32.dll.GetDC",
1362. "user32.dll.ReleaseDC",
1363. "mso.dll.#1607",
1364. "mso.dll.#5202",
1365. "mso.dll.#7320",
1366. "mso.dll.#5822",
1367. "mso.dll.#1056",
1368. "mso.dll.#8136",
1369. "mso.dll.#7418",
1370. "mso.dll.#999",
1371. "mso.dll.#7113",
1372. "dwmapi.dll.DwmIsCompositionEnabled",
1373. "d3d10_1.dll.D3D10CreateDevice1",
1374. "gdi32.dll.D3DKMTOpenAdapterFromGdiDisplayName",
1375. "gdi32.dll.D3DKMTCloseAdapter",
1376. "gdi32.dll.D3DKMTQueryAdapterInfo",
1377. "gdi32.dll.D3DKMTOpenAdapterFromDeviceName",
1378. "setupapi.dll.SetupDiGetClassDevsW",
1379. "setupapi.dll.SetupDiEnumDeviceInterfaces",
1380. "setupapi.dll.SetupDiGetDeviceInterfaceDetailW",
1381. "setupapi.dll.SetupDiDestroyDeviceInfoList",
1382. "setupapi.dll.SetupDiGetDevicePropertyW",
1383. "wintrust.dll.WinVerifyTrust",
1384. "d3d10warp.dll.D3DKMTOpenAdapterFromGdiDisplayName",
1385. "d3d10warp.dll.D3DKMTOpenAdapterFromDeviceName",
1386. "d3d10warp.dll.D3DKMTGetDisplayModeList",
1387. "d3d10warp.dll.D3DKMTSetVidPnSourceOwner",
1388. "d3d10warp.dll.D3DKMTSetDisplayMode",
1389. "d3d10warp.dll.D3DKMTCloseAdapter",
1390. "d3d10warp.dll.D3DKMTSetGammaRamp",
1391. "d3d10warp.dll.D3DKMTGetDeviceState",
1392. "d3d10warp.dll.D3DKMTQueryAdapterInfo",
1393. "d3d10warp.dll.D3DKMTWaitForVerticalBlankEvent",
1394. "gdi32.dll.D3DKMTCreateDCFromMemory",
1395. "gdi32.dll.D3DKMTDestroyDCFromMemory",
1396. "gdi32.dll.D3DKMTCheckVidPnExclusiveOwnership",
1397. "gdi32.dll.D3DKMTCheckMonitorPowerState",
1398. "gdi32.dll.D3DKMTCheckSharedResourceAccess",
1399. "d3d10_1core.dll.D3D10CoreCreateDevice1",
1400. "d3d10_1core.dll.D3D10CoreGetSupportedVersions",
1401. "d3d10_1core.dll.D3D10CoreGetVersion",
1402. "d3d10warp.dll.D3DKMTCreateAllocation",
1403. "d3d10warp.dll.D3DKMTQueryResourceInfo",
1404. "d3d10warp.dll.D3DKMTOpenResource",
1405. "d3d10warp.dll.D3DKMTDestroyAllocation",
1406. "d3d10warp.dll.D3DKMTSetAllocationPriority",
1407. "d3d10warp.dll.D3DKMTQueryAllocationResidency",
1408. "d3d10warp.dll.D3DKMTCreateDevice",
1409. "d3d10warp.dll.D3DKMTDestroyDevice",
1410. "d3d10warp.dll.D3DKMTGetRuntimeData",
1411. "d3d10warp.dll.D3DKMTLock",
1412. "d3d10warp.dll.D3DKMTUnlock",
1413. "d3d10warp.dll.D3DKMTGetMultisampleMethodList",
1414. "d3d10warp.dll.D3DKMTPresent",
1415. "d3d10warp.dll.D3DKMTRender",
1416. "d3d10warp.dll.D3DKMTGetSharedPrimaryHandle",
1417. "d3d10warp.dll.D3DKMTEscape",
1418. "d3d10warp.dll.D3DKMTSetContextSchedulingPriority",
1419. "d3d10warp.dll.D3DKMTGetContextSchedulingPriority",
1420. "d3d10warp.dll.D3DKMTCreateContext",
1421. "d3d10warp.dll.D3DKMTDestroyContext",
1422. "d3d10warp.dll.D3DKMTCreateSynchronizationObject",
1423. "d3d10warp.dll.D3DKMTDestroySynchronizationObject",
1424. "d3d10warp.dll.D3DKMTWaitForSynchronizationObject",
1425. "d3d10warp.dll.D3DKMTSignalSynchronizationObject",
1426. "d3d10warp.dll.D3DKMTSetDisplayPrivateDriverFormat",
1427. "d3d10warp.dll.OpenAdapter10_2",
1428. "d3d10_1core.dll.D3D10CoreRegisterLayers",
1429. "d3d10warp.dll.#50",
1430. "dwrite.dll.DWriteCreateFactory",
1431. "msi.dll.#203",
1432. "gdi32.dll.GetCurrentObject",
1433. "gdi32.dll.BitBlt",
1434. "gdi32.dll.GetClipBox",
1435. "user32.dll.IntersectRect",
1436. "gdi32.dll.StretchDIBits",
1437. "riched20.dll.REExtendedRegisterClass",
1438. "user32.dll.GetWindowLongW",
1439. "user32.dll.SetWindowLongW",
1440. "user32.dll.RegisterWindowMessageA",
1441. "user32.dll.RegisterClipboardFormatW",
1442. "user32.dll.GetDoubleClickTime",
1443. "user32.dll.SetCaretBlinkTime",
1444. "user32.dll.SystemParametersInfoW",
1445. "user32.dll.GetKeyboardLayoutList",
1446. "mso.dll._MsoGetFidUspDll@0",
1447. "mso.dll._MsoLoadLocalizedLibraryEx@12",
1448. "usp10.dll.ScriptGetProperties",
1449. "usp10.dll.ScriptItemize",
1450. "user32.dll.LoadCursorW",
1451. "user32.dll.IsWindowVisible",
1452. "user32.dll.PostMessageW",
1453. "user32.dll.DefWindowProcW",
1454. "uxtheme.dll.IsThemeActive",
1455. "uxtheme.dll.IsAppThemed",
1456. "uxtheme.dll.OpenThemeData",
1457. "user32.dll.GetClientRect",
1458. "user32.dll.IsIconic",
1459. "user32.dll.GetParent",
1460. "usp10.dll.ScriptGetCMap",
1461. "user32.dll.InvalidateRect",
1462. "user32.dll.HideCaret",
1463. "user32.dll.ShowCaret",
1464. "user32.dll.IsWindowUnicode",
1465. "user32.dll.SendMessageW",
1466. "user32.dll.NotifyWinEvent",
1467. "user32.dll.GetWindowTextLengthW",
1468. "user32.dll.EnableWindow",
1469. "msctf.dll.SetInputScope",
1470. "user32.dll.UpdateWindow",
1471. "user32.dll.GetWindowRgn",
1472. "gdi32.dll.CreateCompatibleBitmap",
1473. "gdi32.dll.SaveDC",
1474. "gdi32.dll.SetPixel",
1475. "gdi32.dll.GetPixel",
1476. "gdi32.dll.RestoreDC",
1477. "imm32.dll.ImmAssociateContext",
1478. "user32.dll.IsHungAppWindow",
1479. "user32.dll.GetForegroundWindow",
1480. "user32.dll.EnumChildWindows",
1481. "user32.dll.GetClassNameA",
1482. "user32.dll.GetWindow",
1483. "gdi32.dll.GetMapMode",
1484. "gdi32.dll.GetWindowOrgEx",
1485. "gdi32.dll.SetWindowOrgEx",
1486. "user32.dll.PtInRect",
1487. "user32.dll.GetWindowWord",
1488. "user32.dll.InflateRect",
1489. "user32.dll.OffsetRect",
1490. "gdi32.dll.OffsetRgn",
1491. "gdi32.dll.IntersectClipRect",
1492. "gdi32.dll.GetClipRgn",
1493. "mso.dll.#3925",
1494. "mso.dll.#5127",
1495. "mso.dll.#3141",
1496. "mso.dll.#2821",
1497. "mso.dll.#7026",
1498. "mso.dll.#3327",
1499. "shell32.dll.SHAddToRecentDocs",
1500. "mso.dll.#1010",
1501. "mso.dll.#6989",
1502. "mso.dll.#7223",
1503. "mso.dll.#1682",
1504. "mso.dll.#7979",
1505. "mso.dll.#3459",
1506. "mso.dll.#2041",
1507. "mso.dll.#7834",
1508. "mso.dll.#239",
1509. "user32.dll.GetWindowDC",
1510. "gdi32.dll.SetLayout",
1511. "gdi32.dll.RectVisible",
1512. "gdi32.dll.ExcludeClipRect",
1513. "gdi32.dll.SelectClipRgn",
1514. "mso.dll.#1914",
1515. "advapi32.dll.RegDeleteKeyW",
1516. "mso.dll.#1338",
1517. "mso.dll.#6357",
1518. "mso.dll.#1671",
1519. "oleaut32.dll.#7",
1520. "mso.dll.#8263",
1521. "mso.dll.#9741",
1522. "ole32.dll.PropVariantClear",
1523. "mso.dll.#8022",
1524. "user32.dll.UnionRect",
1525. "gdi32.dll.SetDIBitsToDevice",
1526. "mso.dll.#749",
1527. "mso.dll.#6336",
1528. "mso.dll.#4791",
1529. "mso.dll.#8085",
1530. "advapi32.dll.RegQueryValueW",
1531. "apphelp.dll.ApphelpCheckShellObject",
1532. "mso.dll.#5003",
1533. "user32.dll.RemovePropW",
1534. "ole32.dll.CoRevokeInitializeSpy",
1535. "comctl32.dll.#388",
1536. "mso.dll.#1848",
1537. "mso.dll.#8970",
1538. "mso.dll.#6453",
1539. "mso.dll.#6759",
1540. "mso.dll.#1443",
1541. "mso.dll.#3698",
1542. "mso.dll.#8565",
1543. "mso.dll.#8373",
1544. "mso.dll.#5630",
1545. "mso.dll.#4577",
1546. "mso.dll.#6163",
1547. "mso.dll.#552",
1548. "mso.dll.#8549",
1549. "mso.dll.#2863",
1550. "mso.dll.#8756",
1551. "mso.dll.#2861",
1552. "mso.dll.#9198",
1553. "mso.dll.#4481",
1554. "mso.dll.#1024",
1555. "mso.dll.#7181",
1556. "mso.dll.#791",
1557. "mso.dll.#7173",
1558. "mso.dll.#1420",
1559. "mso.dll.#4631",
1560. "mso.dll.#7001",
1561. "mso.dll.#9213",
1562. "mso.dll.#1380",
1563. "user32.dll.TranslateMessage",
1564. "mso.dll.#4731",
1565. "user32.dll.DispatchMessageW",
1566. "mso.dll.#6900",
1567. "mso.dll.#6420",
1568. "user32.dll.WindowFromPoint",
1569. "user32.dll.SetCapture",
1570. "user32.dll.ReleaseCapture",
1571. "oleaut32.dll.#12",
1572. "user32.dll.GetMessageExtraInfo",
1573. "user32.dll.GetAsyncKeyState",
1574. "mso.dll.#1815",
1575. "mso.dll.#8802",
1576. "user32.dll.GetKeyState",
1577. "mso.dll.#424",
1578. "uiautomationcore.dll.UiaClientsAreListening",
1579. "user32.dll.GetCapture",
1580. "user32.dll.LoadImageW",
1581. "user32.dll.SetCursor",
1582. "mso.dll.#7766",
1583. "mso.dll.#1911",
1584. "ole32.dll.CoCreateInstance",
1585. "user32.dll.GetClassLongW",
1586. "msostyle.dll.PIMEShareCreate",
1587. "user32.dll.LoadStringA",
1588. "mso.dll.#9500",
1589. "user32.dll.GetCursorInfo",
1590. "user32.dll.TrackMouseEvent",
1591. "user32.dll.GetMessagePos",
1592. "user32.dll.ScreenToClient",
1593. "user32.dll.IsWindowEnabled",
1594. "user32.dll.GetDesktopWindow",
1595. "user32.dll.FindWindowExW",
1596. "mso.dll.#2966",
1597. "mso.dll.#2998",
1598. "mso.dll.#7836",
1599. "mso.dll.#3544",
1600. "user32.dll.GetSystemMenu",
1601. "mso.dll.#732",
1602. "user32.dll.EnableMenuItem",
1603. "mso.dll.#1575",
1604. "user32.dll.OpenClipboard",
1605. "user32.dll.IsClipboardFormatAvailable",
1606. "user32.dll.CloseClipboard",
1607. "mso.dll.#6305",
1608. "mso.dll.#6337",
1609. "mso.dll.#6220",
1610. "mso.dll.#9693",
1611. "mso.dll.#1419",
1612. "mso.dll.#7299",
1613. "mso.dll.#4702",
1614. "mso.dll.#287",
1615. "user32.dll.GetClipboardOwner",
1616. "advapi32.dll.RegDeleteTreeW",
1617. "xmllite.dll.CreateXmlReader",
1618. "user32.dll.IsChild",
1619. "mso.dll.#8824",
1620. "mso.dll.#900",
1621. "mso.dll.#6784",
1622. "mso.dll.#4795",
1623. "mso.dll.#5892",
1624. "mso.dll.#6422",
1625. "user32.dll.WaitMessage",
1626. "advapi32.dll.NotifyServiceStatusChangeW",
1627. "user32.dll.SendNotifyMessageW",
1628. "advapi32.dll.CryptAcquireContextA",
1629. "cryptsp.dll.CryptAcquireContextA",
1630. "advapi32.dll.CryptGenKey",
1631. "cryptsp.dll.CryptGenKey",
1632. "advapi32.dll.CryptImportKey",
1633. "cryptsp.dll.CryptImportKey",
1634. "advapi32.dll.CryptExportKey",
1635. "cryptsp.dll.CryptExportKey",
1636. "advapi32.dll.CryptDestroyKey",
1637. "cryptsp.dll.CryptDestroyKey",
1638. "advapi32.dll.CryptCreateHash",
1639. "cryptsp.dll.CryptCreateHash",
1640. "advapi32.dll.CryptSetHashParam",
1641. "advapi32.dll.CryptHashData",
1642. "cryptsp.dll.CryptHashData",
1643. "advapi32.dll.CryptGetHashParam",
1644. "cryptsp.dll.CryptGetHashParam",
1645. "advapi32.dll.CryptDestroyHash",
1646. "cryptsp.dll.CryptDestroyHash",
1647. "msi.dll.#90",
1648. "user32.dll.RegisterPowerSettingNotification",
1649. "powrprof.dll.PowerSettingRegisterNotification",
1650. "user32.dll.GetWindowThreadProcessId",
1651. "mso.dll.#8837",
1652. "mso.dll.#1613",
1653. "mso.dll.#9218",
1654. "mso.dll.#1455",
1655. "user32.dll.CreateWindowExW",
1656. "user32.dll.EnableScrollBar",
1657. "user32.dll.ShowScrollBar",
1658. "user32.dll.ShowWindow",
1659. "user32.dll.SetParent",
1660. "user32.dll.KillTimer",
1661. "user32.dll.SetWindowPos",
1662. "user32.dll.MoveWindow",
1663. "user32.dll.GetWindowRect",
1664. "user32.dll.DestroyWindow",
1665. "gdi32.dll.GetViewportExtEx",
1666. "gdi32.dll.GetWindowExtEx",
1667. "gdi32.dll.GetTextCharset",
1668. "gdi32.dll.GetTextAlign",
1669. "gdi32.dll.GetLayout",
1670. "oleaut32.dll.SysAllocString",
1671. "oleaut32.dll.SysStringLen",
1672. "oleaut32.dll.SysAllocStringLen",
1673. "oleaut32.dll.SysFreeString",
1674. "user32.dll.SetScrollInfo",
1675. "gdi32.dll.GetFontData",
1676. "uxtheme.dll.GetThemePartSize",
1677. "mso.dll.#9018",
1678. "gdi32.dll.GdiIsMetaPrintDC",
1679. "msimtf.dll.MsimtfIsWindowFiltered",
1680. "user32.dll.GetMessageW",
1681. "user32.dll.MessageBeep",
1682. "gdi32.dll.SetTextColor",
1683. "gdi32.dll.SetBkMode",
1684. "gdi32.dll.SetTextAlign",
1685. "gdi32.dll.ExtSelectClipRgn",
1686. "gdi32.dll.GetTextColor",
1687. "uxtheme.dll.DrawThemeBackground",
1688. "user32.dll.CallNextHookEx",
1689. "wininet.dll.InternetGetConnectedState",
1690. "rasapi32.dll.RasConnectionNotificationW",
1691. "sechost.dll.NotifyServiceStatusChangeA",
1692. "cryptsp.dll.CryptAcquireContextW",
1693. "osppcext.dll.SLActivateProduct",
1694. "osppcext.dll.SLGetTokenActivationGrants",
1695. "osppcext.dll.SLGetTokenActivationCertificates",
1696. "gdi32.dll.GdiFlush",
1697. "osppcext.dll.SLGenerateTokenActivationChallenge",
1698. "osppcext.dll.SLSignTokenActivationChallenge",
1699. "osppcext.dll.SLDepositTokenActivationResponse",
1700. "osppcext.dll.SLFreeTokenActivationGrants",
1701. "osppcext.dll.SLFreeTokenActivationCertificates",
1702. "ole32.dll.CoTaskMemFree",
1703. "ole32.dll.CoTaskMemAlloc",
1704. "ole32.dll.CoInitializeEx",
1705. "ole32.dll.CoUninitialize",
1706. "mso.dll.#8113",
1707. "mso.dll.#2833",
1708. "user32.dll.UnhookWindowsHookEx",
1709. "mso.dll.#7531",
1710. "oleaut32.dll.#33",
1711. "sxs.dll.SxsOleAut32MapReferenceClsidToConfiguredClsid",
1712. "mso.dll.#6484",
1713. "mso.dll.#4477",
1714. "mso.dll.#9374",
1715. "mso.dll.#8461",
1716. "mso.dll.#4619",
1717. "mso.dll.#8202",
1718. "mso.dll.#888",
1719. "mso.dll.#8757",
1720. "mso.dll.#7163",
1721. "mso.dll.#4456",
1722. "mso.dll.#6345",
1723. "user32.dll.RedrawWindow",
1724. "mso.dll.#1031",
1725. "mso.dll.#4820",
1726. "mso.dll.#2766",
1727. "mso.dll.#2294",
1728. "mso.dll.#8633",
1729. "mso.dll.#8158",
1730. "mso.dll.#5512",
1731. "mso.dll.#1401",
1732. "mso.dll.#8472",
1733. "mso.dll.#8691",
1734. "mso.dll.#6079",
1735. "mso.dll.#3425",
1736. "mso.dll.#6000",
1737. "mso.dll.#248",
1738. "mso.dll.#9398",
1739. "mso.dll.#1442",
1740. "mso.dll.#4388",
1741. "mso.dll.#5973",
1742. "mso.dll.#8747",
1743. "mso.dll.#420",
1744. "mso.dll.#186",
1745. "user32.dll.EnumThreadWindows",
1746. "user32.dll.EnumWindows",
1747. "user32.dll.DestroyIcon",
1748. "mso.dll.#3209",
1749. "mso.dll.#4083",
1750. "mso.dll.#292",
1751. "mso.dll.#795",
1752. "mso.dll.#8349",
1753. "mso.dll.#8796",
1754. "mso.dll.#3930",
1755. "mso.dll.#9105",
1756. "mso.dll.#9199",
1757. "mso.dll.#7948",
1758. "uxtheme.dll.CloseThemeData",
1759. "mso.dll.#6277",
1760. "wtsapi32.dll.WTSUnRegisterSessionNotification",
1761. "winsta.dll.WinStationUnRegisterConsoleNotification",
1762. "mso.dll.#831",
1763. "mso.dll.#121",
1764. "mso.dll.#884",
1765. "user32.dll.GetWindowPlacement",
1766. "mso.dll.#9306",
1767. "mso.dll.#2468",
1768. "mso.dll.#815",
1769. "mso.dll.#6418",
1770. "mso.dll.#4203",
1771. "mso.dll.#4284",
1772. "mso.dll.#2272",
1773. "mso.dll.#4781",
1774. "user32.dll.VkKeyScanW",
1775. "mso.dll.#591",
1776. "user32.dll.PostQuitMessage",
1777. "user32.dll.UnregisterClassW",
1778. "mso.dll.#3338",
1779. "mso.dll.#3974",
1780. "mso.dll.#8106",
1781. "mso.dll.#8876",
1782. "mso.dll.#4426",
1783. "oleaut32.dll.#34",
1784. "mso.dll.#4210",
1785. "mso.dll.#8316",
1786. "mso.dll.#187",
1787. "advapi32.dll.CryptReleaseContext",
1788. "cryptsp.dll.CryptReleaseContext",
1789. "mso.dll.#5625",
1790. "mso.dll.#8586",
1791. "mso.dll.#8004",
1792. "mso.dll.#6137",
1793. "mso.dll.#6078",
1794. "mso.dll.#7598",
1795. "advapi32.dll.ConvertSidToStringSidW",
1796. "msi.dll.DllGetVersion",
1797. "ws2_32.dll.#116",
1798. "user32.dll.RemoveClipboardFormatListener",
1799. "user32.dll.UnregisterPowerSettingNotification",
1800. "powrprof.dll.PowerSettingUnregisterNotification",
1801. "shell32.dll.#155",
1802. "advapi32.dll.EventUnregister",
1803. "user32.dll.UnregisterClassA",
1804. "gdiplus.dll.GdiplusShutdown",
1805. "advapi32.dll.RegDeleteValueW",
1806. "mso.dll.#2482",
1807. "mso.dll.#5458",
1808. "mso.dll.#786",
1809. "advapi32.dll.UnregisterTraceGuids",
1810. "comctl32.dll.#321"
1811. ]
1812.  
1813. [*] Static Analysis: {
1814. "office": {
1815. "Metadata": {
1816. "SummaryInformation": {
1817. "num_words": "None",
1818. "num_pages": "None",
1819. "last_saved_by": "alex",
1820. "creating_application": "Microsoft Excel",
1821. "author": "Microsoft Office",
1822. "revision_number": "None",
1823. "codepage": "1251",
1824. "title": "None",
1825. "comments": "None",
1826. "num_chars": "None",
1827. "total_edit_time": "None",
1828. "create_time": "None",
1829. "template": "None",
1830. "last_printed": "None",
1831. "keywords": "None",
1832. "security": "0",
1833. "last_saved_time": "None",
1834. "thumbnail": "None",
1835. "subject": "None"
1836. },
1837. "DocumentSummaryInformation": {
1838. "codepage_doc": "1251",
1839. "chars_with_spaces": "None",
1840. "shared_doc": "False",
1841. "paragraphs": "None",
1842. "hidden_slides": "None",
1843. "mm_clips": "None",
1844. "category": "None",
1845. "presentation_target": "None",
1846. "hlinks_changed": "False",
1847. "scale_crop": "False",
1848. "version": "1048576",
1849. "hlinks": "None",
1850. "link_base": "None",
1851. "company": "Microsoft Corporation",
1852. "unused": "None",
1853. "dig_sig": "None",
1854. "content_type": "None",
1855. "heading_pairs": "None",
1856. "slides": "None",
1857. "links_dirty": "False",
1858. "language": "None",
1859. "notes": "None",
1860. "bytes": "None",
1861. "manager": "None",
1862. "content_status": "None",
1863. "doc_version": "None",
1864. "titles_of_parts": "None",
1865. "lines": "None"
1866. },
1867. "HasMacros": "No",
1868. "DocumentType": "Excel Workbook"
1869. }
1870. }
1871. }