Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: "Wshrat"
- [*] MalScore: 10.0
- [*] File Name: "Docs_0251b22f858fcc0ced62b34fdbda70c9.doc"
- [*] File Size: 267436
- [*] File Type: "Rich Text Format data, version 1, unknown character set"
- [*] SHA256: "bbefd3aa4e17e4e4d8dc212af713f28c101072a37d17894cdc53d589f500c513"
- [*] MD5: "0251b22f858fcc0ced62b34fdbda70c9"
- [*] SHA1: "1cf6d9af3a06dd37b8e316acc792b284864f49e8"
- [*] SHA512: "c56db255e3302d131b943885a5a41b50c21055280c043119922deac1f4defec53885694117c9bcb28e9cb82dcea25d1df4a431b60ff66d560b53381adc2824eb"
- [*] CRC32: "C56D2101"
- [*] SSDEEP: "768:s7Kf2sdrM3xaSybdRZXZWkWZNLekKXw47vm6KE1ml2OsyoFt/xsY58aMmYhd0PhB:sxxQW3ykpeu6K5sv/T59nyXUq5aWmEO"
- [*] Process Execution: [
- "WINWORD.EXE"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Attempts to connect to a dead IP:Port (6 unique times)",
- "Details": [
- {
- "IP": "104.87.15.67:443"
- },
- {
- "IP": "104.18.24.243:80"
- },
- {
- "IP": "104.100.17.152:443"
- },
- {
- "IP": "52.109.92.24:443"
- },
- {
- "IP": "72.21.91.29:80"
- },
- {
- "IP": "52.109.12.6:443"
- }
- ]
- },
- {
- "Description": "At least one IP Address, Domain, or File Name was found in a crypto call",
- "Details": [
- {
- "ioc": "turabian.xsl"
- },
- {
- "ioc": "ontent.inf"
- },
- {
- "ioc": "iso690.xsl"
- },
- {
- "ioc": "mlaseventheditionofficeonline.xsl"
- },
- {
- "ioc": "ist.glox"
- },
- {
- "ioc": "adial.glox"
- },
- {
- "ioc": "chicago.xsl"
- },
- {
- "ioc": "architecture.glox"
- },
- {
- "ioc": "quations.dotx"
- },
- {
- "ioc": "iso690nmerical.xsl"
- },
- {
- "ioc": "gb.xsl"
- },
- {
- "ioc": "content.inf"
- },
- {
- "ioc": "rame.thmx"
- },
- {
- "ioc": "gosttitle.xsl"
- },
- {
- "ioc": "set.dotx"
- },
- {
- "ioc": "rocess.glox"
- },
- {
- "ioc": "chevronaccent.glox"
- },
- {
- "ioc": "sist02.xsl"
- },
- {
- "ioc": "pictureorgchart.glox"
- },
- {
- "ioc": "iew.thmx"
- }
- ]
- },
- {
- "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
- "Details": [
- {
- "post_no_referer": "HTTP traffic contains a POST request with no referer header"
- },
- {
- "suspicious_request": "http://vemvemserver.duckdns.org:1425/is-ready"
- },
- {
- "suspicious_request": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
- },
- {
- "suspicious_request": "http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE%3D"
- },
- {
- "suspicious_request": "http://doughnut-snack.live/bpvpl.tar.gz"
- },
- {
- "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
- },
- {
- "suspicious_request": "http://doughnut-snack.live/mapv.tar.gz"
- },
- {
- "suspicious_request": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
- },
- {
- "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
- },
- {
- "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- },
- {
- "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
- },
- {
- "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
- },
- {
- "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
- },
- {
- "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
- },
- {
- "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
- },
- {
- "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
- },
- {
- "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
- },
- {
- "suspicious_request": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
- },
- {
- "suspicious_request": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
- },
- {
- "suspicious_request": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
- },
- {
- "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
- },
- {
- "suspicious_request": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
- },
- {
- "suspicious_request": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
- },
- {
- "suspicious_request": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
- },
- {
- "suspicious_request": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://paroquiadamarinhagrande.pt/app/hmvrch.msi"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
- },
- {
- "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
- },
- {
- "url": "http://vemvemserver.duckdns.org:1425/is-ready"
- },
- {
- "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
- },
- {
- "url": "http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE%3D"
- },
- {
- "url": "http://doughnut-snack.live/bpvpl.tar.gz"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
- },
- {
- "url": "http://doughnut-snack.live/mapv.tar.gz"
- },
- {
- "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
- },
- {
- "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
- },
- {
- "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
- },
- {
- "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
- },
- {
- "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
- },
- {
- "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
- },
- {
- "url": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes"
- }
- ]
- },
- {
- "Description": "A document file initiated network communications indicative of a potential exploit or payload download",
- "Details": [
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xbf\\xbf\\x833\\xa7\\xcco8r/\\x19\\xeb\\xb5n\\xcc\\x13u\\xbc\\xc0\\xb1\\x8b\\xc1\\xb8\\x06\\x80\\x9d\\x0ev\\xd1yab~\\xfe5\\xf2\\x04`\\xf2a\\x90\\x02\\x84z\\xb6\\xb3\\x07\\xf6up\\x86\\xd8l\\xa5z\\xff?\\x0b\\xa2\\xb7\\x1da{z\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x90\\x16x\\xd4\\x0cm\\xbc\\xe2\\xf5g\\x996\\xc9\\xcc\\xa9>ll\\x89j\\xf6\\xacr}\\xf7\\xa6\\x81\\x88\\xe8\\x81\\xa5-t\\xec\\xf7o\\xbf\\x82\\xe1$\\xe8\\x1c:z\\xa5\\\\xd5\\x89"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p]\\xd4\\xf7j\\x19h\\x01e\\xff\\xa1\\xa8\\x85dx!\\xc3\\xfcy<au\\x9b\\xc8\\xc4\\xe6\\x16\\x16\\xa2\\xa0\\xa5\\xf6p\\xba4.0\\xaa\t\t~\\xd5\\xd4[\\x91\\xd6\\xc4n6\\xf7\\x98\\x86\\xc5r\\x8a\\xa6\\x81\\xe3h\\x9e\\xa2x#-\\xd8h,\\xca\\xe0\\xe5bl]\\x07\\x8f\\xde\\xd6\\xacg\\x8a;>\\xe6\\xe0\\x86*>dhz\\xa0o\\xca\\xc6u\\xc4?\\x13\\xa3\\x9ad\\xca\\xc0g\tj\\xdc\\xd9\\x9bn\\x15\\xa5l\\xc4\\x0e!\\xb3d\\xd0m\\xf1\\x91qhf\\xddb\\x9e\\x85\\xf9\\x83\\x16\\xbf\\x91w&\\x9bi\\xca\\xa5\\xc8/\\x05\\xa0\\x9cl\\xe3\\xa54\\xce\\xa8dt/\\xa11o\\xe5\\x99\\xbe\\xe3\\xdb\\xec\\x99 st5x\n_m\\x9f[\\x08[\\xb4h\\x9c\\xd8<\\xbe\\xbdy\\xed\t\\xb3m\\x0f^_\\x9be\\xe0#\\x0fi\\xbac\\xd4}\\x12\\x19\\x83\\xb9\\x93\\xc1\\x86\\xef\\xf0(?b9y3\\x9b4\\xa2w\\x9f\\xc9\\x96\\xd2\\xbd\\x9b\\x0c!\\xa4\\xcd\\xd8\\x96\\xd2\\x98@\\x8e\\xec\\xee\\xa1\\x1d\\xef\\x85\\x17\\x99n3m\\x15\\xec\\xf3mu"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00~\\x01\\x00\\x00z\\x03\\x01]\t}\n\\xc9\\xce\\x10\\xc8%\\x94\\xe6\\xe9\\x8d\\xfe_\\x840`)\\x1a\\xbadz\\xfa*\\xd4i8\\x9fu\\xa4,\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x009\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00 \\x00\\x1e\\x00\\x00\\x1broaming.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04hu\\xbc\\xb5j\\xd5bm>\\xedj\\x96\\xe1\\xc43\\xf9\\xd8\\xfa'\\xe4fv\\xfa\\x88#\\x9b\\xa8\\x83\\x80r\\xe8i+\\xb9\\x03\\xd1\\xccom\\x04\\xf4oq\\xc7\\x00\\xec\\xec\\x9b\\xabx7m\\xf6@4\\xcc\\x12ich\\\\x8dzs\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xd8'l\\x94\\xd6\\xf2x\\xcf(\\xe8+\\xfc\\xd1`\\x80b\\xba{\\x8c\\xa9@\\xa1g\\xa4\\xf6\\xdd\\xff\\x9d\\xfb\\xc5z\\xa4i\\x80e\\x88\\xbd\\xb7y\\xa3)/\\x88b4\\xf7u\\xff"
- },
- {
- "http_request": "winword.exe_WSASend_get /mfewtzbnmeswstajbgurdgmcgguabbtbl0v27rvz7lbduom%2fnyb45spuewqu5z1zmijhwmys%2bghunoz7oruetfaceai4elabvpzalrznpjlrv1u%3d http/1.1\r\ncache-control: max-age = 89056\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: fri, 22 mar 2019 18:30:24 gmt\r\nif-"
- },
- {
- "http_request": "winword.exe_WSASend_get /mfqwujbqme4wtdajbgurdgmcgguabbrpc1vzt9qvn7bzy3iidtbhla4mkqquwiif1tycsck3fd7%2fhijo5ox%2f%2bn0ce3saagyvv14%2fmepdgh0aaaaabk8%3d http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: sat, 23 mar 2019 17:46:18 gmt\r\nif-none-match: \"dd54d75d468"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00z\\x01\\x00\\x00v\\x03\\x01]\t}\r\\xca]\\x14,\\xfb\\xa2\\x1ew2\\x96\\xd12b\\x85\\x1c\\xec\\x08\\xbd\\xaf\\x04vq\\xa0\\xb5\\xa7m\\xe9\\x99\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x005\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1c\\x00\\x1a\\x00\\x00\\x17odc.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x86\\xbf|\\xf6\\xef\\xd0b\\x9fy-\\xaad\\x8f\\xdc\\xb0\\xee\\x01\\xb4c\\xfb\\xf3+oq\\xc4\\xd5\\x90\\?3\\x18\\x1f@\\x80\\xac~e=\\xd2\\x1e\\xb6g\\xfd]%\\xd6\\x9cx\\xcf.\\xb0w\\x81 nkp{\\xf0\\x0b*\\xbe4y\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x81jo~\\xaf\\xbe\\x05\\xcd\\x13t\\xcc\\xf2b&\\x83&sy\\x0c~\\xb6\\xa3\\x0b\\x1f\n9g\\x12]j\\x15\\x0e\\xa7*c\\xb9\\xb7\\x13\\x1eqth\"\\x87y\\xb3\\x97)"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p&o\\xcewbn]0\\x83\\xdc\\xa0/9e\\xfc\\xf4\\x94\\xe2*\\xb1\\x9d$]\rc\\xfb@\\x8d\\xc8\t\\x88\\xb9\\x9d\\xa9\\xa6\\x1c'\\xe6y\\xfc\\xb9\\xe2\\xa4\\xdd\\x1dfk\\xcby\\x83\n\\x1d\\xeb\\xc0\\xdcnt\\xc0,\\xf9q\\x16*\\x8b8\\x02\\x8a\\xd97\\x89\\x1e9_\\xeb\\xc02t\\xec\\xba\\xce\\xc6\\xf7#\\xe6\\xba\\xb6\\x0b\\xfb\\xf3\\x8c\\x87\\xd6y\\xdd!\\xe3\\x11g\\x82\\x1d\\xa4\\x0f\tt\\xce-.>r\\x8a\\xaeg\\xad\\xb5\\x94\\xa4.\\xf9\\xbb\\xc5\\xbf)\\x88\\x99fuu$h\\xc0hec*\\xab\\xe9\\xb4:2\\xa8\\xd9}-\\x1e\\x909\\x9b\\xb9\\x83\\x0e{d\\x1e\\x8c\\x13\\x01^\\x0f\\xa1\\xd1-\\x10\\x1f/\\xbav\\xe6n rr]\\x87\\xd0i\\x95\\x11\\xa7{s:cv\\x9a\\x059*/\\xd9x`\\xc0\\x84l\\x9e\\x8f\\xbaj\\xf0\\xbax\\xb4tg\\xda4\\xf6\\x1c\\xbb \\xe7\\xfc\\xa8y\\xf1\\x07\\x03dj=y\\xbe\n)e(e2\\xc6:3ld?\\xeb\\xd8lyt\\xed\\xa2\\xbd\\xd7\\x16\\xee\\x01'\\x925\\xc2\\xd9"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01pg\\xd7\\xcb\\x05\\x95u\\x07\\x12\\xb8\\xf7\\x15\\xa5\\x97\\xc1n8\\xd8\\x1e\\xea\\xb9g\\x86/\\xfa\\xe4\\xbc\\xc8zu}a\\x99\\xa0\\xea\\xa6b,mh\\x98\\x1be\\xa9&[x\\xf9\\x8fz\\xc3\\xb3\\xe6\\xa4\\xaa%o\\xf7\\xa8(u\\xc2\\xf5v\\xa9$/\\xae\\xb9\\xb6\\x1e\\x03`\\x84\\x9co\\x9b\\xbbe,\\x88\\xfa\nv\\xbef\\x9a\\x05>\\xf3ta\\xa0[\\xa4okya(\\xd4\\x9d\\x90\\xe9\\xb9*\\xfdk.\\xb9\\xb4kq\\xb8\\xd4\\x96\\xc4\\x89\\xdc\\xc9{\\xa1m6\\x1f\\xba:\\xe3\\x96g\\x89\\x93u\\xc7!\\xe5\ru\\x17\r\\xc4\\xbf\\x18<\"\\xc5\\x92_\\xc0\\xc1\\xae\\x82&-\\x04\\x80\\xcb\\x8adp:\\xdf\\xf80\\xd0g\\x0f\\xccsr\\x98\\xd6\\xea\\x08h\\xf7'2\\xc7\\xc5\\xad\\x9ejf\\x82\\x11\\xf7)\\x8d\\xb1\\xad\\x01~ur\\xbba\\x9f\n\\xd5\\xa8\\xb8o\\x94d\\xba\\xc6hs$\\x88\\x18\\x8b\\xc6\\xfde\\xeb_\\xdc\\xba]lif8\\xb2\\xd2v\\x85\\xe0\\xf1\\xe9\\x123\\xa9{\\x81\\x14\\x0e\\xdd\\xe4\\x1a\\xcedl\\xdd\\x0e]63\\xe5|"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x02 d$\\xea\\xceq\\xdc\\xefi\\x85;\\xb3\\x92\\xc0\\x1b\\x1e3\\x9e\\xc2z\\x82\\xdd0\\xb0\\xfd\\x80!\\x01ig\\xb1\\xb1\\x05\\xc9\\xf1\\x1fx\\xb0\\xe9l6\\x0c\\xda\\xddg\\x7f\\x95r\\xde-nw*u\\xff\\x9dz\\x81sd\\x8ctj\\xa4\\xf9!p`y\\x15%\\x0f\"l\\x08&\\xfb\\xb7\\xf9\\x1f\\xcd\\xa4\"k\\xcf\\xf8\\xbc\\xc7\\xeb\\x9e\\xc5\\x86\\xca\\xfc\\x8c\\xef\\xa4<-e\\xc9 \"ws\\xb4\\xd0\\x92\\xfb\\x00\\x81\\xd2\\xe0\\xf7k\\xdckl7\\xbcilm\\x18\\x04z\\xa7\\x14\\xd13x\\x85\\xcc\\xde=3\\xed\\x81\\x8a\\xe6\\xc8\\xd85\\x12(\\xec\\xd7\\x83=s\\xfd\\x7f\n\\x7f:\\xfe\\x83\\xb6\\xcf\\xf9\\xdb\\x9dy\\x05\\xc5d\\x1a'4p\\xcd1\\x04\\x17\\xc9)\\xa2jd\\x9f\\xf5\\xdb\\x83\\xb9|\\x10\\c\\xaa\\xc1g\\x87\\xbd\\x88if\\x06\\x05\\x19\\xdf\\xf3\\x8coqe\\xac~o`\\xfd\\xf8\\xd5\\x9bg\\x96ff\\xa5u\\xe0n{i\\x1b\\xa1\\x041a\\x98:\\x12\t\\xb1\\xdc\\xb7\\xd5\\xaf\\xf2\\x00ma\\xc8z\\xa7%\\xd3sq`\\xb9\\xca\\"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00}\\x01\\x00\\x00y\\x03\\x01]\t}\\x0f\\x7f\\x04j\ne\\x8f\\xb0\\x1a@\\x85\\x1d\\xe8\\x10\\xe1\\xda\\xb7f\\xc8]\\xef\\x04\\x139b_\\xe8\\xd8\\xef\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x008\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1f\\x00\\x1d\\x00\\x00\\x1atemplateservice.office.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04%\\x1a\\xcbu\\xc4\\xc3c\\xc7v\\xc4\\xc7\\x97l+\\xf3\\xc1\\x94$\\xa2\\xc4\\x00\\xd3{\\xc9x\\xb4\\x8d\\xde_\\xec`\\x12\\xae\\xfc\\x91\\x8d\\xdc\\x1a\\xbc\\xb6\\x9b\\xc4a\\xd9\\xa5r-\\x9e\\xc2\\x0b~\\xd7\\x03*\\xcf\\x06\\x0b\\x89\\xce\\xf9pq\"\\xb1\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xac\\xe8nj\\xaam\\x9b\\x1ac[\\x9a\\x90\\x8b\\x9f\\xb4\\xc8w\\xd0\\x1b\\xee\\x95\\x88tc\\x15\\x18\\x04'\\xe4\\xad)\\xa6ct\\xbc\\xa0\\xbb7\\xed\\xd4z\\x8b\\xc6\\xe8\\x1e\\x87\\x16t"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\xb8\\xcc\\x8a%w,\\xe7\\x9f\\x91;\\xe8q\\x0f\\xf0n\\xa2j\\xf0\\xachm\\xfa`\\xb2q\\xea\\xfd\\xe31w\\xb9\\xd1\\xb6\\x8a:8\\x0c\\x90\\xff\\xfb\\x9c%xd\\xd8\\xc2\\x85]\\xa9]\\x9a\\xe9\\x13i\\xb7\\xe3\\xe2\\xb0\\x8f\\xc4\\xbbqz\\xa7;\\xb5c[\\xb5\\xc0l8\\xb4+\\xdal\\xf5g[*\\xe6\\xc0)\\xf0b\\xb6\\xd1 \\x1bu\\x10\\xc7\\x12\\x1d\\x1fz@\\x1d\\xf8\\xc6\\xb0`\\xae\\xd2\\xdd\\x16\\xa3s\\xe2u\\xef\\xde\\xf6\\xecqy\\xfb\\xe2]\\xd0&\\x1e\\x89n\\x8f7ek\\x1be\\x8b\\xd8p\to\\x05{\\xbao@*\\xc8\\x8f\\xdc*a\\xce\\xc3f\"v\\x84\\x86\\xa2dkuje m\\xddi\\x10\\x9b\\x9a\\xa0\\xd7\\xc7\\xa5dv$3\\x89t\\x80\\x8e^\\xc1nkt\\x1a|\\x95\\x85\\x03\\xbf\\x1a$\\x93\\x13\\xc2\\x85{k\\x00@c\\xa9_n\\xe6\\xcc\\x95\\xcdw\\xde\\xc1\\x85i\\xb2\\xde\\xa9v2\\xea\\x83k\\xc0\\x04'\\xda\\x9e|\\x9c\\xec\\xbd=>\\xb1\\xe1\\x16\\xe3\\xde\\xed\\xdbe\\xa9\\x87u\\xdd\\xfe\\xfb\\x1e`\\x95r\\x15="
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1dx9\\xa4g(\\xd3\\xc1\\xfbsy\\xf8hp\\xd7\\xfem@\\xf3m\\x9f\\x9c\\xa4\\x93ey'\\x93\\xbb\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1d\\xf6]\\x159\\xed\\xaa\\xd8\\xc6\\xcf*\\xcf\\xeb\\xfb\\xc4zpy\\xce`n\\xe1\\xec\\xcf\\xcb\\xb4|o.\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1d\\xee\\xc4\\x9d\\xef\\xc5\\x13<\\xd0\\xad\\x00t\\xd7\\xe6os\\xb5\\x91\\x13\\xd8\\xa1\\x8d\ru 4\\\\x9b}\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1d\\xc0)\\xbf\\xe1\\xea~\\xd7\\xda\\xc2\\xd4\\xa2[\\xf7\\xa8\\x8ct\\x04\\x02n\\x12\\xc0\\xf5\\xb2:\\x87\\xd7\\x93\\xa7\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1d\\xf9\\x01myf\\x9b\\xfc\\xf3\\xcf\\xea\\xe6\\xcf\\x9d\\x9a\\xd5\\x87\\xf8\\xc0,o\\x8d\\xcd\\xf4$\\xda|\\x15}\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1d\\x8b]\\x0c\\xc7\\xa2\\x0e\\x13i\\xc2\\x99\\x1a\\x80#\\xb0\\xf2\\xe8;\\xef\\x8fb \\xc1b\\x9b/\\x88~\\xca\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1do\\xb7\\x1b\\xcf\\xf5[*\\x08\\xc5?8@\\xad8\\xcbpz\\x15?\n\\x82u*)\\x08ep\\xae\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1d\\xea\\x01\\xb6\\xb6=tp\\xb01\\x81\\x13t\\x98\\xccm\\x7f\\xfd7\\xce_d\\xa3d\\xd4ipe\\xec\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1d\\x90\\x97\\xf8j\\x01\\xa0\\xb3\\xc5\\x8e\\xb8\\x13\\x91-xe8c\\x17\\xac\\x8ch\\xa8(\\xbe}\\xd3\n\\xa0\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04}\\x8d,\\xd8\\xe8\\x8ak\\xb6\\xff\\x0f\\xd4\\x06\\xeb\\xc9\\x97\\xea\\x98\\xf2\\xa3\\x84\\x9di\\x059\\xaa\\x01\\xc5\\x8a\\xdf\\xf1\\xa9g\\x16\\xbc.w\\x01u\\x05\\xe0:\\x8b\\xa8\\x03\\xe9\\xbc\\x8c?\\x06\\xef\\xae?\\xc3\\xbad|f\\xb1\\xbf\\x84\\xd8j\\x19\\xe6\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x0002\\#\\x8e,\\x95w\\x84\\xa9kf\\xc5\\x8biz\\xf7\\xd6:\\x01\\xe3(s46zc\\x93uz\\xda\\x99\\x164\\x8eq\\xc8s>\\x18\\x9c\\xbe\\xb4ff\\x14[\\xccx"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xce\\x8fe\\xc7\\x0e\\xa6\\xc9\\x85\\x93\\xee\\xddro\"\\xad+\\xcf\\xb4<\\xaf\\xaaxp\\xa1\\x0fy\\xaci\\xee|y\\xd5\\xb2i\\xf2\\xea\\x88\\xa6\\x8f}\\x04\\xb4\\x1a\\xeduciz\\x17\\xd2\\xeb\\xbd\\x9c\\xd9]7\\x1e\\x87c\\xberlkc\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000h@/\\xb3t\\xf1\\x01\\x93\\x1ao1\\x05c\\x99f\\xf9\\xa0\\xd2\\xd0\rw\\x19\\x10\\x8d$\\xcd\\x17\\xce\\x15\\x1f\\xf9\\xd0d\\x81\\xafq\\x15\\xc9\\xc2\\x112\\xdd\\xc5\\x85f\\x88\\x0eb"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\x10\\xf9ew\\xdb\\x15-\\x94(o\\x8d3\\xa7\\xe2s\\xebn\\x14\\xaew\\xca\\xec\\xce\\x0f,w\\x86\\xc8\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\x19ci\\x80\\x1de\\xf5m\\x7f\\xb6\\xc4\\x14\\xbfh\\x8c\\xcb\\xb0\\x1az\\xe4u\\xfe\\xe1\\x88/\\x02bh\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1ec\\xa8\\x1f 5\\xf0\\x8f\\x88\\xc7\\xf3p\\xa5\\x03\\xf0\\xaa\\xb85^8\\xd2\\xe6\\x1d\\xdd\\xe7\\x95\\xaa\\xc4\\xea\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\x10\\x9f\\xd6\\xee\\x9ct\\xcfx\\x1f\\xb9@\\x88\\xbdp\\xfad%\\x85m=c\\xf9\\x81atx\\xd8\\xb9\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e`\\x17\\xa9t>h\\x8d{\\x8a\\xcc\\xc0\\x9e\\xbc\\xc0\\xad\\x8c\\xe4\\xb4\\xbb6\\x1c\\x0f\\xff:\\xb5\\xe7\\x93\\xee\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\x8f\\xd60\\x9dim\\x9a\\xfa\\xd1\\xdb\\x89\\x1f@\\xea\\xae\\x1a\\xf2\\x89=e\\x97\\xbave\\xf6s\\x92\\x04\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\xa2\\x01\\xba\\xf3n\\x1a\\xacq\\xd4r#q\\x02\\x8c*\\xaa\\xebu\r\\xca\\x9a\\xa5\\xb5\\x94p\\xb0\\xc0\\xb5\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\x1fx\\x9a\\xe2/\\xe8\\x91\\x89,v\\xd8\\xbam\\x03\\x9dz\\xe4\\xbc.a\\xae,\\xe4\\xe9\\x18\\xd1q4\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\xbc\\xcd\\xecs\\xbe;\\xba\\xd0\\x10 rr\\xf2\\xf2\\xbe\r\\xbc:\\xf7\\xaf\\x7f1c\\xcfj\\xac\\xab\\xcf\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e_\\x9c\\xc6\\x8c\\x8cs\\xa5/\\xf9\\xa2d9^\\xb6\\x97\\x941\\x05s@8\\xcbe\\xbea?p\\x15\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e#\\x8c\\xf3\\xa1\\x9cr0\\xf9\r\\xec\\xa9\\xb4\\x9ci\\x88\\x81\\xce\\xe7\\xea\\xb1\\x98\\x8e\\x95\\x86\\xebr=\\x93\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\x03\\x90\\x11i\\xe2_x\\x7f\\xc6\\xd7\\xce\\xf5\\x1a\\x85\\xb3\\xb7\\xe2iy`\\xe0\\x19 \\xc4\\xa19\\xb8\\xba\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x83\\xd9\\xe3/\\xf4\\xc11h%\\xe1\\x8b\\xcdw\\x10q\\xa4$\\x83\\xb9\\x0e\\x94\\xb8\tf\\xb5\\xf5\\xed[\\x00\\x12\\x05f\\xdd\\x95t\\x0cg\\xfa\\xb7\\xf0l\\x8ez\\x90\\x00\\x81\\x87$^^\\x94\\x9c?\\x97\\x9ao\\xeds\\xf3\"9\\xa0\\x11\\xa8\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xd7\\xc77(\\xbcd9\\xa4+\\x13\\xdc\\x19\\xd1\\x94v}\\xad\\x81p\\x86\\xea\\x19\\x1e\\xab\\xb4\\xbe$m\\x19\\xa4\\xad\\xfa\\xa1\\xfah\\xf8rlml \\x8e\\xa2\\x01\\xaax\\xa5b"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x1f\\x19\\xbf\\x94\\x82>-\\x8a\\x01mw\\x12|r\\xc1\\xa8\n\\xd6l\\xc2z\\xcae\\xf3\\xa5x\\xb6? \\x95\"\\x8a\\xbd\\xac\\x9d\\xabdc\\x16\\x8a\\xe9)q>\\xa3f\\xce\\xd0\\xbc\\xad\\xa4\\xcd%\\xe0\\xf3+\\xcez\\xcdcs\\xc7\\xb3z\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xc8,\\x93\\xc6\\x95\\x84\\x9c\\x9cz\\xc8\\x18>\\x18\\xb3mhw\\xcf\\xe3\\xd2\\x90\\xf1\\xf3sfvru(\\xcaqv\\xcc\\xffb\\xf7\\xda\\x1c\\xa2er\\xa1i\\x04e\\x0e\\xec\\xd0"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xa4\\xfc\\xc2\\x97dhf\\x8e\\xf8\\x92l\\x80\\xb2\\xd5b(l\\xed/\\xd8^\\xfd\\xd7\\xf8^\\xec\\xf1,\\xb8\\xc2\\x1fe>\\x160\\x9f?\\xceb\\xbe\\xde\\xb3\\x85n\\xdfm\\xc9z\\xb3\\x92_\\xfa\\x81\\xabgw\\x1c\\x8e\\xcf\\x13\\xe6\\xc5\\x05\\x17\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x1dm\\xc4\\xce\\xbd\\xa0n\\x85\\xb3\\xb6pes\\x88\\xa6>1) \\xb3\\xfan\\x11a\\xe1\\xcf\\xf5\\x83]\\x12\\xa0\\xa3\\xab%:\\x83p\\x99\\xc2v\\xeb^\\xf1~\\x9c\\xf3c\\x19"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\x13o\\xfe\\xb2q{&\\x9f\\xef\\x9c\\xa4\\xa6>\\x8c\\x1b\\xf2\\xb8y7\\xa1bve\\x95\\x90\\x9a\\x8b\\xed\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x042\\x97\\xc6\\x85\\x16i\\x99\\x03~u\\x8e\\xbf^>\\xd8\\x15\\x00\\xd0\\x1a:\\xca\\x92\\xab\\x92\\x9ac\\x85\\xbc\\xf2\\x0f\\x98(\\xcc#\\xc6\\x89,7@\\xfe\\xf6\\xe5\\x00\\xc5\\xfa\\xe1\\xef~\\xa2\\x06cv\\x86\\xfd\\x81\\x9d\\x0c\\xaa\\x8bl$\\xae\\xdd\\xda\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000dt\\x97\\x9b\\x98\\x83\\x08i^\\xf6n`\\xed\\x1d\\xb4\\x83}\\xcc\\xf8\\xc3sw\\x91\\xab\\xd9\\x9fr\\xf5\\x9dy-\\xf0\\x17\\xf4@\\xd1\\x08\\xff,m\\xb0\\xb9\"\\xda\\x04\\xb0!\\xcf"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x1be\\xf4\\x1a\\xadn\\xe7\\xfeb\\xe7zm\\x01\\xd5\\xabv\\xbd&u'*\\xa1\\\\x16ax\\xa5\\xb2\\xfdm\\xefdl\\xc8l\\x0e\\x84\\xf4\\x19{\\xbf\\xb9e\\xd35\\xcb\\x9b\\xd2\\x01\rk\\xfc\\x13h\\xdf\\xe0y\\xe7\\xe2\\x15}\\xee\\xc2\\xb3\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000z\\xa9m\\xfd\\xf1\\xf6al\\x90\\xed\\x9a}k8(\\xdb\\x15\n\\xfd*t\\xc1?\\x84\\x03\\x04\\x13#2\\xd9\\xc7\\xfe*sr^\\x82\\xd7\t\\xffs\\xb6\\xbd\\xe0\\xeeg\\x89\\x0b"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04@\\x82\\xd0\\x85j\\x8a\\xf8\\x98 \\xe8(\\x1bw\\xbb[ \\xaf9\\xdf\\x1e\\xea#\\x19gm?\\x1b\\xa3`\\xb1\\xea\\1\n\\x13y0n86\\x83\\xbf|\\xef\\x84\\xf5\\xe8\\xca\\xd9\\xc5\\x9a\\xb0p\\xc3\\x14\\xed\\xef\\x04t\\xcb==\\x99\\xc1\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xce\\x18zy\\xf0.\\x1ew\\x98\\xe4\\x9a|3\\xf7>\\xe8\\xcf\\x96\\xb6\\xc5\\xb3\\x92\\x1b\\xe8\\xd0\\x9d\\x87\\xc4\t\\x0c\\x061l\\xe0\\xed\\x8e\\xc0\\xe3\\xcb\\x1f%\\x14o\\xe1\\x8f\\xd6#e"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04b~)\\xa8\\x9c[\\x9b\\x11\\x93\rg4\\xe7\\xb2\\xc7kga\\x86\\xc8\\xed\\x01\\xe27\\x0b>\\xf2\\xef\\xf5\\x8e.\\xe9\\x1b8m\\xbe\\xa7\\x11\\x92\\x96\\x9a\\xd3\\x9a_bo\\x12\\x15\\xbb\\x01\\xa3\\xd8\\xae}\\xc8\\x86\\xa4\\x13\\xb0\\xff\\xc0t\\xb9j\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x91f#\\x0ec-\\xee\\xb2\\x8b_<65\\x01g\\x02\\xbb\\x8a\\x18\\x0c1\\xe9r\\xda\\x14\\xef6\\xdd#5\\x95\\x88p}\\xb2\\x05w\\x89j\\x0bl\\xa9m\\xc8\\x16\\xcb\\xc9\""
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x84*\\xa3\\xd2\\xadv\"\\x9a\\x02x\\x9f\\x8f\\x04\\xc7o\\xa1\\x1f?\\x05\\xa9l\\xb9\\xa5\\xeb#\\x11.x\\xd2\\x83\\xfb\\x0e\\x82\\x8b\\x17 \\x10\\xdd\\x99{\\x14\\xe3\\x9c\\xe4z\\x1b(f\\x14)^\\xf2\\x8d\\x03\\x1f\\x02z\\xd3\\xedia\\xfe\\x9dl\\xf1\\x91/\\x94\\xb0\\xc5\\xc4]u\\xae\\xa8\\xf9\\x19\\xfc\\x1a\\x1b\\x82\\x98z\\x1b4\\x08\\xbbs\\xb6\\xf0\\xed\\xa8\\xa5\\x84\\xa7\\x1c\\x7f\\x87\\xd0'x\\xb4535\\xe0\\x9d\\x9c\\x17h\\x9a=%\\x03\\xe6\\xe1{c82\\xac\\x86\\xb2\\x7f\\xab\\x9d\\xe7\\xfbu\\xc8\"\\x08\\xdb\\x99)\\x8fhrn\\xc2f\\x14\\xd8\\x1a\\xb1m\\x0c\\x04/\\x8dm\\xe0\\xf7\\xc8\\xd5f\\x9b\\xa64v\\x17i\\x89\\xe9\\xce\\xc3\\x8b\\xfco\\xcey\\xa9@\\x9a\\x01\\xa9h\\x87\\x98\\x81g&\\x0bu\\xdf\\x161\\xb5w\\x97y\\x8c?x\\xfen83\\xc2\\x11\\x955\\xb1|d\\xe11$m\\xed\\xff\\xadd\\xfbjeck\\xf8\\xfd\\xc9\\xbcf\\xff\\xc8\\xf5\\x0f\\x04j\\x9a&\\x94\\x1c\\xcai\\x02\r^\\x1b|\\xd8t>5\\x133\\xe7\\x1c\\x92\\x00;"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010a\\xe5\\x0ef=\\x1c\\xfe$b$\\xb0\\x94w\\xda\\x11\\x9bz\\xb1\\x0f.\\xbc\\x90=[j\\xbe\\x16g\\xdb7=\\xf5<g\\x9d\\xdb\\xda\\xca/\\x9cu\\x88e\\x05\\x8e\\x83\\xd4\\xc6}a:\\xae\\xc5\\xae\\xf5\\x0f\\xd5\\xc3o\\x86\\xa6\\xa1\\xc0pn\\xb7\\xc1\\x9e\\x9b=\\xf0\\x9b\\xe9\\x88\\x04\\x8b\\x96\\x98k\\xe7\\xce`-\\xc2\\xd6\\x82\\x85r\\xc3\\xfbi?|\\x02m\\xfe\\xb3\\xe4@\\xd2\\xd8\\xf9\\x9da\\x88k\\xa4\\xf2\\xc4\\xe0\\x8f\\xe3\\xba\r\\x13\\x1f\\x17e\\xdc\\xf55\\xfa\\x9b\\xb8e\\x16\\xf8\\x1f\\xf2#\\xd9\\xb1\\\\x90!\\x11\\xdbg\\xac\\x1d\\xc4\\xab>\\x0b\\x8dn\\x1c\\x8da\\xcf@\"\\x8bh\\xcek{\\xf5\\x9a\\xb4q\\x1c@k>\\xc3\\xfb\\x84+s\\xe2\\xc7\\x8b\\xd5js\\x99\\x16\\xebmt\\x91\\x87\\xc2\\xa6\r\\x9e\\x8e\\xa4s\\x9e.dp)\\xf6\t\\xd7\\x84\\xe5\\xd9]\\xc0\\xfc\\xf7na_\\xf14{e\\xe6\\xf6\\xdd\\x12\\xbb#\\x8e\\xa9\\xc4kbw\\xe2\\xfae0zm\\xacmi\\xb0\\x96\\x93\\xd0\\x96co\\x7f\\xdd\\x84\\x86\\xc5\\xca\\xa8\\x02?\\xf5\\xd9"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010`\n1\\xd5(=\\x021\\xba\\x13\\xaajo}\\xd3\\xa3\\\\xe0\\x8f\\xfb\\xbd\\xfd\\xbc\\x81\\xba\\xa6\\xda\\xc9\\x00\\x8f\\xffdk\\x82$\\x00@\\xed\\xb5oz\rb\\x82\\xef\\x9c(}t\\xd3-\\xf5bp\\xd1\\xd8\\xfb{\\x98\\xd4\\xcd[p?\\xc9\\xe9\\xd4\\xe0\\xda\\xa6c7u\\xf7?\\xaf\\x11\\x8f'\\x18\\xf2\\xbf\\xc64fm\\x18qt\\xb1j \\xe5\\x8f2\\x9b\\xf4\\x1f\\x7f\\xc8;\\xc9%\\xf6\\xa9n\\x9a7\\x9a\t\\x990p\\xa0e\\xb4\\x08\\xa8\\xb3\\xa0\\x11b]\\xda^=e\\xb7\\x10\\xbe\\xe6l=%\\x82i^#\\x90\\xaa\\x94k5n/\\xc9\\xc0\\xc4_\\x9f\\xac\\x9etl\\xa9+qx\\xe7\\xda\\xae1\\xf7/\\xba'hrwvb\\x14\\xb1\\xa9.\\x88c\\x98\\xdd\\x93\\x84\\xa9\\x0b\\xc7le\\1\\xf0\\xf2\\xc66^\\xa6mepa\\xe67\\xa7\\x90\\xa1\\x1csw\\x1cz\\xeb2\\xd6do\\x07o\\xae\\xde\\xbe\\xd7>\\x0bm|m\\xab-\\xbd\\xf8^n\\x82\\xb2\\xcd\\xf5zf\\xbd\\xf9\\xd3\\x04d\\xc3\\x88s\t\\xad\\x92g\\xc4\\xef\\x9a"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xa0!\\xea\\xd3$'\\x8fv\\x08\\xfam\\x1a?\\xc7\\x8d\t\\xd2m\\xa0\\xec?\\xc3\\xc7\\xd3/\\xa8\\x04\\xd7gb_\\x85\\xbd\\x9f&\\xe0\\x91\\x92`\\xb1\\x024\\xee\\x1d\\x13z\\x9a\\x88\\x135\\xaf\\xe0v\\xf4\\x9d?\\x91{d\\xde\\x1d\\xf0\\x05\\xed\\x8e\\xaf\\xd8;^l\\xbc\\x97\\x92\\xc7\\xb7(\\x07\\xcf\\x87l>\\xb6x\\x16}\\x86\\xde\\xd9\\x1e\\xa7\\xb9\\x9fy\\x0e\\xbe\\xcf\\x19~a\\x14\\xce\\xdd\\xc4p\\xcc\\xd9\\x00\\xde9\\x04\\xb7\\x88\\x0c\\x93\\tf\\x856f\\xe7rqjvg\\x99{c\\xd8\\xe14\n\\x85o\\xf5\\x12\\xe7\r;\\xac)\\x11|,\\xc8!\\xe9\\xdc\\xe3\\xb0\\x95\\xe7\\xcd\\xba\\x1f\\xd3\\xfad\\xc0\\xe8\\xa7\\xa5\\xb2qb\\x91\\xa7n\\xde\t\\xd8\\xe7&\\x8c\\xeb\t\\xd8\\xe4^\\xbd\\xe9\\xa2\\xa2\\xc1\\xad]\\x14\\xd0n\\xc3\\x0f\\xac\\x0c__j\\xfd\\x1d\\x98\"\\xa0o\\xb5\\x0e\\x10\\xbc,\\x07\\x19m\\xb8\\xc5a\\xdcf}odg\\xf8\\xf2*f\\xf7\\xd6\\x90dn\\x05e;\\xd8cewfo\\x109kh\\x8d62oz\\x91x\\xd5="
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb1\\x90\\x81\\x929\\x8a\\xab\\xc6\\x17t\\xe7'\\xfcqps\\x17\\x95(\\x0fk[\\xf6\\xfb\\x03:\\xb0\\x15\\xb3\\x0f\\xec\\x8b\\x14\\xfd+d\\x08\\x01\\xcc\"9\\xc1\r\\x0c\\xcb\\xd4\\x82=/\\x854d\\xfcmd\\xc4\\x05\\xa0\\x02ej\\xae\\x98\\x8e\\xda\\x18)^!\\x86\\x813\\xe1\\x04\\x8cmh*r\\x96\\xf9\\xd7\\xe8\\xf2\\x16zh\\xd3\\xf4aq=\\x94\\x85kx\\xd2\\xfeg^\\xd3\\x9b\\xed\\x07\\xc6h\\x19s\\x87`.f\\xa5!\\xf3}94\\xca\"q\\xf3\"\\xb8)\\x0ezha\\x7f\\xb0\\xd2\\x1bo/m \\x03u\\x0f\\xebw\\xe0xzg\"\\xf9\\xb1jx\\xcb\\xf6\\xb7\\xb8\\xe0\\xc6\\xe8\\xad\\xc7\\xc7\\xafl\\x1ff\\xbc@@\\xa3vt4\\xa0\\xbc\\x12\\x95\\x91%\\xae\\xf2\\xe4]\\xc3\\x9b\\xb1\\xc4\\x07\\xcc\\xcaj\\xfe\\x19br\\xba\\x82\\xffy)\\xc6\\x18\\xb7\\xe4\\x92\\xd7\\xd6\\xdb\t\\x98\\xe6l@\\x7f\\xcf\\x94\\xe6\\x9b\\xed\\x8c:s:\\xb4\t\\xbad\\xf6#9\\xd7\\xdb\\x00}\\xa8\\x91~0\\x04\\x13\\xdb\\x95\\xe1\\xd3\\xfc\\xc7\\x1a'\\x90(u\\xdb"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb3h\\x8f\\x94\\xb6j\\x1c\\xe2\\xbc\\xde:\\xc0\\x82\\x97\\x82b\\x8e\\xdc\\xd5\\x8c+\\xea>\\x13\\x8f\\x82z\\xed\\xe1\\xc03\\xf0\nx\\x869\\x00\\x80\\xd02\\xcd\\x11\\xee8\\xd4b\\xbc\\xd8\\x0e\\x01\\xbb\\xa5\\x10\\xd7\\xd3.&\\xac\\xd7\\\\xd4\\xb38r>\\xd4\\xfa`&\\xf2\\xb9\\x0c\\x92v\\xb5\\xb3;\\xda`\\xa2\\xb6\\xfann\\xc1c\\xee\\x89\\xbd\\x08\\xca5\\xe4\\xee\\x9f\\xfd\\xb3\\x94\\x99\\xe9\\xfak\\xa5\\xe7\\xc0)\\x9d\\xcc:/k\\xff\\x1b\\xb0\\xd3\\x92\\xdb\\x12_<b_\\xb9\\x07\n\\xb5f\\xd0\\x05\\xed\\x04i*\\x99\\x84\\x00\\x81\\x90h\\xc6\\xa6\\x98\\xd2\\xe54\\xf6-\\x8e\\xe9z2=ta\\xe8\\xf7\\xc7x\\xd0\\x9b\\xedj~\\x16\\xb8\\x08\\xcc\\x10\\xab\\xaa\\x0c\\xd5ipk\\xf7\\xedg<\\xcai\\x83\\x81\\x91\\xff\\xc4\\xdak&\\xc7>fc+\\xbck\\x1d\\xce\\x7f]$q\\xeb\\x8c\\xcb\\x07c[\\xd5\\xa3\\xdd\\xb2f\\xd6y!\\xe7o\\xda\\x1b{\\x82\\xe7\\x942\\xef\\xec\\x97\\xcbl\\xb8rbv\\xdd\\xa7\\xa7\\xa3\\xde\\x90zom\\xcb|\\xa9\\xe9k\\xf6'\\xdc"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x10u\\x04\\xa8\\x93\\x9f@y\\x86\\xc2\\xb9\\xf3\\xb1\\xefa\\x0cr\\xadk\\xf6\\xff\\\\xede\\x0f\\x9ax\\xab\\x86>f\\xf2\\xee\\x91\\xc3a\\xb4\\x18\\x02\\x8b\t\\xc7g\\x1a\\xf3\\xdfg1\\x1c\\xabhl\\xd0\\xcd\\xfda3\\x85{v\\xc8\\xe2-\\x80\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x1ay\\x0f\\xd1\\xc7\\xf6@\\xa0\\xa6;\\x1aj\\x8d!q\\x1f\\x87\\x1cs\\xf5m/\\x90\\xe3\\xeb\\xff\\xe5jg\\xa8\\x81\\x8d\\xdff\\xdf\\x85\\xedz\\x8a\\xf0\\xb7)\\xac(\\xc1\\xb5\\x96\\x0f"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04mo\\x82\\x0f\\x91-z]\\xbf,\\xe6\\x8coe\\xfey@\\xb0\\xffi\\x0cj\\x96!\\x9a\\xc3\\xcf\\xb3\\xbc\\xaf[[\\x9d\\x87\\x9ba\\xe4\\xcc\\xfa\\x968_v\\xb4ri\n\\xe4}\\x86cd\\x90\\xa0\\xf0\\xec\t\\xfd\\x99p\\x13v\\xb4\\xf2\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x9b\\xb2\\xb7\\xfa~\\x91/y\\xd6\\xcf:\"\\x18\\x1d\\xd1_(=<s\\x1b\\xa6\\x89\\x1d\\x80ewm\\x1au0k\r\\x08\\x99/\\xd0}\\xf2&2\\xfb_o\\xcc.\\xa3\\xc8"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\x16\\xfb\\xcd\\xf6\\xd8;\\xcc\\xe31\\xca\\xcf\\xd9\\xad$\\x80\\x92%\\x96\\xcdl ^\\xe6\\xff8\\x7f\\x12\\x83\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\xb5a\\x9f\\x04\\x14\\xf0\\x1cx\\x9f\\xd4y\\xae\\xf7\\xb4of7\\x83\\x97)\\xfc\\xbb\\x93\\xad\\xa7;\\xed\\xa0\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x10\\xdb\\xbf:g\r\\x9cx7\\xf2\\xbb\\xb1\\}\\h`\\xb8\\x13r\\xfc\\xbb\\xce\\xeb\\x91\\x85\\x82w\\x01\\xaca@\\xf3ur\\x05s\\x96q\\xfb\\xf0\\xf9\\xb7/\\xc2\\x08\\x8d\\xf2\\xe3k\\x9a\\xf5\\x9a\\xb9\\xe0\\xc0\\xd8\\xcd'\\x06\\x9b\\xca5;\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xfcz\\x8e\\xac\t\\xdc\\x06\\xac\\xb7\\x17\\x9d\\x08_\\xd4\\x9f\\x97x\\xfegn\\xd7y\\xfes\\x1c\\x04\\x17\\x19k_a\\x97\\xea\\xddu\\xe9d8\\xb9\\x94\\xd4\\xd5s\\x9b~\\xb4\\x97@"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04plv/li\\xcf2h\\x86\\xa9\\x80\\xdc\\xba\\xa3\\xd3\\xc6\\xa2\\x1f\\x96\\x9c}_p\\xff\\xe0\\x8fyf\\x81'\\xcb\\xbfq\\x8f\\xf30\\x9e\\x88*\\x87\\x81j5\\xabu|\\xb8\\xa7\\x97\\x83\\x16bdp\\xd0n0\\x86\\x98*v\\x94\\x17\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000x\\x1c\\xdft\\x9f\\xacz\\xc4\\x05\\x9ef\\xc3\\xd9\\xf0d[\\x0co\\xe2\\xa67\\xd6\\xd7\\x16`)\\x15\\xbc\\x84\\x1ay\\x85\\x97f\\xab<\\x12\\x8e\\xf3l\\xdf\\x19\\x15\\x89\\x13f\\xfc|"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\nr\\x01\\xe4?\\xb4\\xce\\x1f\\x8e &+\\x05\\xc25\\xbd`\\xbd\\xd0+\\xc2\\x80h4-/-\\x83\\xa4\\x9b~\\xc2w_\\xe8/\\xe1\\x96?\\xf8`\\x8a\\xc8kr6e|n'\\x8b\\x8du8\\xa6\\xdfv{\\xd1p x\\xf0n\\xa9\\xde\\x0e\\xa1\\xab\\xca\\xbf\\x83n\\x94\\xa0tb\\xb6ztk\\xf7~\\xe6zp\\xa7x\\xder\\xcc\\x977\"\\x10f\\xba\\xad\\xc9\\xcau\\x89\\xaahw7\\xa2\\xae0\\xb0?\\x9c\\xd2\\x07\\xed\"bf\\xc2\\x8a\\x16\\xba\\x14\\xa0~\\x9f\\xed\\xbdodl\\xf7\\x17l\\xb0\\xdbm\\xa6\\xad\\xf3\\xb0\\x11@z\\xee\\xd7gu\\xd5\\x88\\xeb\\x9c\\x87\\xfb\\x96r\\xa0\\xee\\xb3\\x87\\x84'\\xafiz\\xf9\\xef\\x81ur8\\x8c\\x0bl\\x90\\xdf\\xd4\\xaf?\\xf4\\x85\\x1c\\x877\\x1f,}\\x89\\x86\n\\x9cs{\\xb8?\\xa0\r\\xc3\\xbb=\\x17\\x82 m\\x05}\\xf7\\x02fa\\xab\\xe7%\\xc5\\x1cs{_\\x87\\xbf\\xd7h\\xa6\\x1f\\xc2cp\\xb3\\x9e\\xa8\\xa4\\xaf$mnm\\xbe\\xafh\\x89x\\xb2\\x11\\x1f\\x14e\\x0c\\xcc\\x13\\xa0]"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb9\n\\x98\\x95e\\xd9f\\xa8fy\\xa3|qt\\x0bkj\\xe7qnkz\\xf5<\\xb1\\x11d3\\xd9\\xe29\\x1f\\xea\\xae\\xda\\x8b\\x95\\xc2\\xa5\\x9bd\rv\\x1e$:\\xf5\\x81z6\\x8e#\\xb4\\xfd\\x8a@\\x02\\xce\\x91>\\x85~\\x83joo\\xa0\\x99\\xad\\xc9|\\xd7\\xa4\\x9e>\\xac\\x9d$\\xbe}dv\\x19\\xf8\r\\xb9\\xfdf\\xaa!\rf\\x1e.\\xc9\\x0c\\xa6\\x86\\x1f\\x17b\\xf8\\xd7\\xfc<x\\xa1\\xca\\xfc\\x90\\x0e\\xb1\\xadt\\xc2[\\xc0\\xbe\\xd91\\xd0\\xd9 pi\\xd9l\\xf6\\x97\\xbb0f\\x15\\x06<m\\xdb\\x08\\x12\\xf0\\xa2\t\\x8a\\x81\\xa1\\xa456\\xc5\\x7f\\xf4\\xceu<\\x7f\\xb3\\x85\\xe9\\xac\\xbfa4\\xfca\\xa2{4fcm\r\\xca\\x89\\xc0\\xae\\xc1\\x87\\x19\\xc8l\\xec/$ki}\\x83!\\x85\\x96\\xb6\\x9bh\\xbb\\x80o\\xd5\\xe2:x\\xf3\\\\xcda\\x99:\\x908%\\xb7\\x17d\tfvz\\xa6\\xb2<\\xc0#0\\xb2\r\\x18`\\xf56\\x15\\x12\\x05\\xd0w\\x9b]+\\xd3\\xcey!\\xcfo\\x9ec<\\xbd^\\x1b\\xa21\\xbb"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e\\xf2\\x06x/\\xf8\\xe1\\x80g\\xe1\\xd1g\\x94\\x8cp\n\\x97\\x02\\xcd\\xc3\\xd9\\xb6\\x18\\xff\\xbd\\xf46\\xc1\\xce\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xdf\\xa9\\xc1\\xea)b\\x90\\xc2:2\\xa0~h\\xd1\\xc5k8\\x8d\\xedm\\xbe\\xd3j\\xc6>*\\x81\\x13\\x84\\x83\\x15\\xa13!8w\\x90\\xf5\\xd7\\x93\\xc9\\xd3\\xcdl\n&\\xce\\x85\\x96j_(\\xd1j:\\x03\\xe2j\\x1b\\xed>\\xd4\\xecw\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x16\\x7f)\\xac\\x02\\xb8\\xa1\\x87z1\\xd4&\\xbaw;\\xa2\\xf9\\x99w\\x14,ax\\xc3\\x99\\xd6\\xf2\\xb9\\xcf\\x0e\\xc7a\\xd9\\x85\\x1e\\xc0\\xe5\\xb6uglf*\\xa9b\\xd3\\x00|"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1e`\\xf0\\x82\\x0f\\xa0b\\xecomkq\\x98\\x08\\\\xdd\\xe8\\x08\\xf8\\x92\\x90\\xe6\\xdb\\x8b\\x7f\\x84\\x88h\\x8a\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1ev\\x8e\\xc0\\x83\\xef\\x1bi\\x86\t\\xc1'\\xe7n<\\x9api\\xc7bi\\x10\\xa4\\xca\\xc3\\xbf\\xf2bj\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xb5l\\xff\\x8e\\xe6\\x92\\x02qhj\\x89m\\xf7\\xe7\\x95\\x19\\xf2m\\x05\\x83 \\x8c\r\\xa4\\xcab\\xa0twk\\x833\\xea\"\\x08\\xb0\\xdc\\xb2\\x8bi\\x05\\xed\\x16\\x00e\\x11,\\x7f\\xea\\xe8f3\\x1d&\\xf2\\x89;\\xe4r\\xe9\\x8e\\x00?\"\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x9do\\xfa\\x8a\\xf1\\xa8\\xc9\\xc5ky\\xab\\xb5;\\x8bi?a\\xdc\\x80\\x81\tyw\\xbas\\xa2qvt!\\x13\\x8c\\xf3o\\x93#*\\x88\\xd5\\xb4\\xef\\xe5eu\\xb8\\xcc\\x12\""
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04ruj\\x95\\xf8\\x15\\xe29\\xaa\\xa7\\xcbh\\xa6\\xefj\\xbd\\xda\\x94\\xfa\\xb6\\xc2\\xe6'\\xf1\\xc21m\\xea\\xbad\\xd9\\\\x819l\\x9c\\xe0'\\x95\\xee\\xdc\\xd8\\xbe(\\xa01v\\xc3\\xb07\\xa7\\xbc\"s\\xd3\"j\\xee\\xd5%\\x1f\\x9f\\xb4\\xe7\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x12r\n\\xd4sh\\xfd\\xe8\\xf3k\\xc2\\x94{\\xf0[\\x97\tt\\x99\\xd93]\\xf9\\xae\\xea\\xdad\\x8a&\\x13e\\xe9n\\x15a\\xc0\\xcb\\xfdv\\x9bb\\x8d(\\xb2\\x97\\xe4\\xb6("
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04>g\\xad\\xac\\xec\\xbdv?:e\\x95\\x1a\\xa4up\\x1a\\xd2#\\xb9h\\x03\\x0cc\\xbf\\x8f^\\xb5\\xaa\\xcf\\xf3\\x97\\x07\\xb0l\\xe9\\xc6:pt\\xbc\\xfc(d\\xba\\x05\\xcd\\xc7+x\\x81mz\\xda\\xe3\\xda\r\\x8c?t\t\\xaf\\xa5}\\xd4\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xe2|\\xf7g>/\\x8b\\xc8$a\\x8e\\x86i\\xfd#\\x84\\xbe\\xa4\\xacy\\xfeb\\xcc3\\xcf\\xc9@l\\xc7\\xc8$\\x1f\\xf2y5~\\xe6\\x94\\x7fo\\x11{\\xab\\x1f\\xa7\\x00\\xd8$"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1f\\xd5\\xa7\\x94\\x83\\xc6\\x0c\\x01\\x06\\xa2\\xcdy\\xec\\x08q\\x14n\\xa8\\xbf\\x05\\xb1\\xccv\\xa6x\\x9b\\x18\\x80\\xa9\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04h\\xc7\\x7f&k\\xb9^\\xde\\xf0\\xbe\\xfb\n\\xbb\\x1c\\xf6\\x88\\x96>\\x85\\x0c\\xbbu\\xce\\xda|\\xb6`\\xe6\\x89c\\xe5>\\xf4n\\x17b!\\x93\\x08d\\x12{o\\xd1q{\\x05m$k\\x1b\\xfbo\\xab*[\\xd57+\\x06\\xac\\xb8\\xfab\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000q\\x84\\x0e\\xf7\\xb0\\xe2\\x00\\xef\\xd6%m\\xee;\\xd5\\xbb&\\x8c\\xee\\x0et\\xdb\\x83=\\xe2?\\xf7\\x15\\xd3\\xef,\\xd1\\xd2\\xbdb\\xdf\\x00+\\xae?\\x0c,\\x82\\xf8\\x1e\\xb2>%u"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xbe\\xee\\xb6p\\x88,\\x90\\xea\\x872\\x00i\\xe5\\xac\\xae\\xc33\\x94\\xda*i\\xf5\\xb8\\xd0\\xa9\\x13\\x9edp\\xb9\\x0ey\\xec+\\xf1\\xa5\\xabu\\xb2\\xbb=\\xb2w\\x81\\x0702\\xe8\\x16k:wt?q\\x8b\\x0f}\\xdb\\xf3\\x007\\xb2b\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x90@\\xd1\\xdd\\x90\\xc5}\\x9e\\xa3zq}<\\xba\\x8a\\xd0\\xc9\\xc0\\x9e\\xcf\\xe3\\xbfkuc\\xd1k\\xd7*!\\x97n\\xbbx\\x8e\\x94q\\x1d\\x02\\xaa\\xbd\\xa8\\xa8\\xcbl\\x92-$"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04l\\xd1\\x82q\\x8bkl6c\\x8e)\\xe3\\x9e\\xa8\\xa8\\x04\\xf8\\x08` \\x94#\\x18q\\x95b\\xebo\\x9cb\"\\xcf\\#w\\x7fm\r\\xc8\\xde\\x11o\\xde\\x1a*mlc91y\\xef@0\\x88zy\\xcb\\x80\\xed\n\\x81\\xef<\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000/9\\xb8y/\\x7fw9\\xf99\\xe0i\\xf4\\xa0\\x87c\\x08\\x8b\\xa94 b\\x03\\xd5\\xde\\xb2\\xd6\\xc5\\xa5t\\xcf-^\\xf6\\xfa<y\t\\xbe\\xbf\\x9f\\xa0\\xc6yw\\xebr\\xbe"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xa4(\\x19\\xdc\\xf4\\x886\\xe2\\xef\\x82x\\xbev\\x15\\xea!?9\\xd8\\xa1\\x1c\\xa3\\xfd\\xf9\\xff\\xe4\\x8d=\\x9c\\x18|&0\\xef\\xf6\\xc4gf\\xdc\\x19\\x10\\x9d\\xdc?w\\xa3\\xd8mxh\\xfb\\x88i\\xfd\\xd9px\\xd60\\xc5n\\x83r\\xff\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000|\\xf2p\\x9b\\xaf\\xe7\\x9en\\x1eb#\\x7fv>\\xbd\\xa9\\xf9o\\xc7i\\xbd\\xb0\ni\\x86o\\xd9tk\\xc8\\xf3\\xc0\\xb78\\xa7\\xf0\\xa1}tk\\x80c\\x87\\xd2\\x93\\xe4q1"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x044\\x89\\xd7\\xd0\\x1cls\\x8ej\\xe7\\xae|\\xfbt\\x1f2\\x0e&g4\\xb0l!\\xce\\xc0\\xea/\\xb4\\xc1\\xbe\\xb4>\\xdcnp\\xba\\xca\\xba\\x0b9\\xf9\\x9e\\xdf\\x89<5\\xea\\x01\\xae\\xb8\\x97\\x9e\\xeb|+\\xc0\\xc7l\\xe0\\xc4)s\\xa6\\xbe\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x1a0b\\x9a\\x9e\\xb3\\xed\\x03\\xd9f\\x9a_,\\xe4vlg\\xed\\xda\\x95\\xf1\\xdc\\xdb\\xbez9\\xa5\\xc7\\x8a\\xcf7\\x86\\x04\\xb82\\xfb\\x96\\x83\\xf5p\\xaas\\xeb\\xcc\\xba\\xc2\\xe9\\xf0"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010o:c\\xf09\\x19\\xdeo\\xbb\\xe9\\x1eg3\\xae\\x8b\\xf3m\\xd0\\xec&\\xaa\\xb4\\xf0\\xe0\\x8dl\\xaa~~\\xf9^\\xbd\\xc5\\xb3$f\\x97\\x98\\xc6e\\x80>\\x0e\\x1ccxy\\xa72:\\xbd[)\\xf4\\xcb\\xaf$b<k\\xe6\\x84\\xa9\\x82{\\x188v\\xd2^{\\x03\\x84f\\xff\\x05\\xcb\\x11\\x154\\xeau\\x85sz\\xcd\\xc81\\xd5\\xfb\\x9d\\xe3\\xae\\xd77m<x-v\"9jv\\xf1\\xbc\\x82v9z\\xde\\x8dr\\x1e\\x8ced\\xb9ba\\x19\\x97s!\\xd9\\x9f\\xd3\\xb0\\xdb\\xd8*\\x07\\x01\\xf2\\xa91\\x07\\x86\\x86:\\x9e4h\\x84\\xb8-6f\\xd7w\\x14\n,,\\x1f6\\x93h\\x9f\\xc4\\x81\\x93^\\xee\\xc3?\\xca\\x1b\\xe1<\\xbb\\xa6\\x10\\x9d-\\x8b\\x15\\xe3jm\\xba\\xf0\\x96\\xa2\\xae8\\xdb9[\\xc1\\x9c\\x03\\x02j\\xe2\\xd7\\xdd?\\x8aj\\x9e\\xd7\\xe1\\xe3\\xb1\\xa3{\\x94\\xd2\\xa7\\x1f\\xe6\\xe6jcb<j.\\x8f\\xb4\\x1d\\x88\\xb4\\x97\\x1d`e\\xdf*\\xf0=\\xa4s\"\\x8b\\xdaedk\\x0bb\\x99\\xee`-\\x995r\\x99\\x84"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x9c\\x14\\xcc\\xea\\x01\\xb2h\\xf5\\x16\\xc2p\\xf5\\x96\\x14\\xd7;\\x9c81\\xd7\\x9e\\xd3\\xc4\\xaa\\xcf\\xbc\\xb3\\x1c\\x05`1\\xba%h&\\xb4h\\x92\\xa4r.\r}\\xc6\\x95oh\\x96\\xf5\\x8f\\xb9\\x81\\x9b\\x95\\xce\\xfe\\xd1\\xd5\\xb8\\xe3\\xc7\\xf1-\\xba\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000bm=q\\x13\\xad\\xb6\\xb5\\xc4\\x9dz\\xcc\\x14\\x9f\\xe1\\xae\\x04\\xdf\\xd9\\xbd\\xd1pfu\\x0e\\x98\\x83\\x05\\xb2&v]\\xc8\\x94\\xd2\\x80\\x02\\xd3o5\\x0f\\x8d\\x18j}\\xc1\\x16\\xa9"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe9put\\xc3\\xa6\\x180\\x19u\\xc1(\\x8b\\xfa1\\xc7snh|`u\\x01\\x0b\\x8an\\x11\\xf0\"\\xb0\r\\xed\\x0c,|t/\\x81s\\xa5\\xdd/\\x8e\\xaa%\\xe4\\xe3*\\xda\\xf0*+\\xb3\\xd6\\xdbw\\xa5\\xcez\\xe0\\x94\\x86\\xec\\x8e\\x85\\x9d\\xa3\\x80\\xf8h\\x9a\\xb96\\x8d\\x1c\\xd9\\x13\\x03\\xc8\\x11r\\xe8\"\\xdc\\x7f\\x16\\xd7\\xf4\\xado\\xca\\x01\\xc9\\xfa2=\\xb4)f\\xd7^\\x81\\xf2;jop\\xf2\\x04;\\xbb\\xcc\\x00\\xaflw\\x15\\x8c\\xd9b\\x89%\\x8bt\\xf0|-lr\\xd2\\xf9\\xcb\\x95\\xa2\\x91\\xe3-$c\\xfc\\xea\\x83v4\\xe2\\x85\\x81p\\xc5\\x0fm\\x94\n\\x92\\xf7\\x95\\xbc\\x9e\ry\\x85\\xccw\\x07\\xc7\\\\xbb\rw\\xcf\\x9e![/\\x1e@\\xe8\\x99\\x9f~\\xb8\\xddt\\xb8}$k\\xc9}\\xef\\xc9\\x08\\xdc3:\\xc2\\x06\\xc4\\xa1\\x02\\x85\\xc8\\xa5'\\xe3\\x00\\x0b\\x81m\\xd0+\\xad!\\x1b\\xdc\\x05l\\xb8o\\xfc\\xaf\\x8c\\xbd\\xf8'\\xdbt!vg\\xea\\xc4\\x9e\\x9b\\xa9\\xa9\\xc0b\\xdda\\xacjp^\\x98\\x00\\x1f\\xe9\\xbb\t\\xa5"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010{\\xe4h\\x82\\xa9\\xd2\\x86\\xc4\\xab\\xc2\\xd1\\xd9\\x9d\\x12\\xbf\\xd6\\xc9]\\x92\\x9d\\xbeo\\xdc\\x98c\\xe6\\xf9\\x9f\\x9b\\x00%\\xe7\\xaed\\x1f\\xaa\\xd8\\xac\\xa0\\xfcv\\x8elb\\x98\\x05\\x8c\\xe6\\xaf\\xf2\\xafke\\xd1\\xe7/\\xb1<\\xc2\\x16^u'\\x05c\\xda7[~}\\x0f\\xe4\\xd8ss\\xec#\\xa6'\\x0b\\x0c\\x82\\x9d\\x19\t\\x03\n*\\xefn\\x8b\\xd43\r\\x07\\xab-\\x81\\xa8\\xa6:\\xe3\\xf0\\x96\\xea>\\xe5\\x93\\xe8\\xaff\\xc2\\xb2\\xc7\\xb4\\x12\\xc155\\x89\\x0848x\\xe8!\\xb5\\x138\\x8b\\x80\\xeea\\x85~\\x01\\xb3f\\xbd\\xcettb\\xdd\\xc91g\\xc8^1\\x88k!\\x07\\xbc\\xaf^\\x04\\x97\\xac\\s\\xd2\\x08\\xad\\x15\\xe8e\\xd3\\x00n\\xe3\\xc3\\xb0\\xd6_k\\xc8\\xad\\x91\\x85\\xd1\\xc8\\x07\\xadw\\xe7a\\x12\\xb8w\\x08\\x94\\xbe\\x8e3c\\x18\\xac\\xf0\\xb1(\\xe5\\xd6\\xb0wwzbxg\\x9d\\xd6\\x84bh\\xbc>o\\xb8q\\xf0o\\xe6|m\\xeb~nsm\\x0f\\xd9\\x86,\\xb6\\xe7\\x8a\\x17\\xb4\\x89:\\x0c_\\xfcd\\x7f\\x02\\xfb\\x80>"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}\\x1f$k\\xff\\xdf*5\\x81\nn$d\\xe7\\x0c~(\\xcb\\xd5;\\x9a\\xf0\\x85&\\x80\\x91\\x0b\\x7f#}\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x8dh\nd\\xf4\\xdb\\x0b\\x0b_\\x86\\xe1\\xc8:\\xec\\xc7\\xa6\\x81\\xbb\\xfb\\xa1\\xf5\\x89;\\x91i\\xcb\\xcf\\x97:\\x9edn\\xd9&\\x1at\\xbc\\xd9\\xd0$\\xb6$\\xeb\\x96\\xc2\\xfd3`\\x12\\x9fa\r\\x08xbv\\xeb\\x8b>\\x14=\\xf9.\\xb8bj\\x16\\x9a\\xe0\\xf71;\\xbc\\xe7\\xb4\\xae\\xb0\\xfdd0@\\xbe\\x8c\\x0f\\x9b\\xcf,\\xd4\\x12x\\xc9>.i\\x17f\\x0bs\\x8b\\xa98:.\\xa4\\xd1\\x04\\xe8\\x92\\x87\\xceq}\\xaa\\xd2\\x88\\xeblk\\xfc\\x03%\\xb6d\\xad\\x91b\\xce\\x8e\\xf6\\xeb\\xe1f{\\xe6@v\\x96\\xcc-\\x00\\xd6s\\xad\\x91\\x91\\xaf\\x98\\xf0p#\\xf0#\\x9dfu\\xe6\\x11b\\xd4za\\x9c\\xd3\\xee\\x03\\xb6\\xaa\\x868\\xd43\\x9d\\xe0c\\xffzj\\xe4\\xfe\\xfd7ey\\xb9\\xc1\\xb7\\xda 0k\\xf4\\xc5>\\x07c\\xe4\\x80j\\xdbqz\\xa4\\xe6\\xd6o\\xba#h\\xa9\\xa44\\xf2ln\\x9c\\xaa\\xa3\\xb5\\x95\\x97\\xec\n\\xcc\\x9d\\x95pl\\xf1\\x1ci\\xa6\\xf8\\xae\\xa4\\x1e\\xdc\\x81(\\xd9}fl\\x87@\\xe1od\\xe0%i\\xf7"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe14\\x07nx\\x94\\xcb\\xc8\\x89\\xd7l\\x84\\x85\\xd0mx\\xb5$c\\xfd4\\x13\\xa6a\\x94\\x14\\x93e\\x80~\\xa4)\\x0e\\xa1\\x1dx\\xf2#<\\xed9\\x9e\\xcd\ng\\xa5\\xbb6&\\xd5/7\\x188\\x1e\\x0c\\x1d\\xe7\\xef\\xa8n\\xdd\\x1f\\xf8\\xff\\xf3o\\x8ee\\xc2\\xbd\\x07f\nz\\x116-\\x8a\\xaam\\xfa\\x15\\xd1\\x06!\\xeb\\x0e\\xdb\\x98h2)\\x08\\xd8\\\\xec\\x98\\x9d\\x9a\\xf8\\xbc[\\xac'\\xcfkk\\xbb[v\\xb8\\xd0\\x01\\xc8\\x9an\\xbdg\\xfata\\x15\\xdf\\x0c\"\\x13\\x8e\\\\xb8a\\xcf\\xd6\\xca\\x8d\\xe9\\xeai*e\\xc6n\\x9f\\x89\\xc4\\xbd\\x91\\xc1\\xc0\\xe9mh\\xa6~ra}v\\x11b\r\\x88\r08\\x82\\xa6\\x12\\xeb\\xe6?\\x13(\\xe8\\x94-&7\\x0e\\xec\\x12\\x13\\xc9;\\x9a1^\\xcb}\\xcf\\xeb\\x8e\\xe7@\\xef\\xa3\\xf06\\x14\\x0e\\x13\\xae\\xb9\\xf2c\\xf9dm\\\\xe2*\\x88^\\x94\\xf04\\xc2\\x19[\\x94\\xfc\\xef\\x01\\xf4\\xa2c\\xe9\\xcd\\xa7}\\x17r\\xbc\\xf5)\\x98\\xb9\\xd6\\xa6\\xe0\\x14o\\xd5\\x885e\\xbd\\xe8\tq\\xbe"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010b@\r\\x8dj\\xdf\\xac\\x16l\\x11\\x8cv\\x19g\\xed\\xc8*\\xc3\\x16\\xcd\\xd7\\xec\\x98h\\x9fk\\x88\\xe0[\\xf6y\\x97s~o\\xad\\xee\\x88\\xe4\\xe2\\x10\\x1e\\\\xa4\\x88n\\xb2\\x8d\\xc9\\xa1\\xc1\\x01\\x89z\\x06\\x82\\xf4\\xd5\\x1d[\\x86\\xbb\\xb6\\x1e\\x06\\xf6\\xaf-\\x7f\\xcb\\xf5\\xe9\\xa0\\xc8k3\\xf8\\x1d\\x05c`\\xe2\\xd9c\\xa3\\x9d\\xad\\x87}\\x96\\xc7\\x8d\\xf7\\x1e\\xc3t\\x07\\xe5\\xabg$\\x94\\xf6f(o\\xadaawm\\xd6\\x7f\\xdeo\\xd1\\xd6m9\r\\xbd\\x16\\x9c&9\\xe6\\xd5\\xf4%\\xa3?\\xe7\n\\x02\\xe2d\\x8f\\x94\\xfc\\x9f\\x12\\x93\\x8a\\x96\\x7f$\\xe0|z\\xaf[0\\x05l\\x85\\x93\\x99x\\xd6`\\x04\\x0ey\\x02\\x1dh\\xdc+\\xa2u\\xe3\"\\x8a:n:\\x1e\\xe3\\x01\\xe5\\x14\\x02\\x8d$\\xb3\r\\xf2:#\\xbe~\\xbc\\xae\\xc1(\\x18\\xfb\\xf9\\xb4x\\xa4\\x177b\\xb7m\\xbe\\xccaw\\x9b\\xf7\\x13\\x089\\xb8\\xcf\\x88k\\xaay\\xf5|$\\xb6\\xa8\\x1a\\xa8w\\xe6\\x85w[\\xeb\\xc0\\xa7\\x1cn3g\\xef\\x93j`\\xb3\\x0f\\xfc'\\x15a2"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xf9\\x95\\x8c\\x16@4\\xc0\\xa1k\\xa6\\x92\\xc4\\x1ai:dc+[~\\xc4\\xe8p(\\xd9\\xa1u\\xb6>\\xea=\\xd0\\xe3qr\\x05`lx\\xcd\\xfai1\\xae\\xb4\\xf48\\xa2}\\xf1\\xda\\xc4$u\\xea\\xaf\\x94\\xe6n,\\\\x14\\x83\\x1a](\\xc8\\xec\\x02m\\xa9\\xc1rb\\xdd\\xf0\\xc1t\\xae:\\xac\\x12\\xca\\x00\\xd9,3\\xe7\\x06\\xfc2\\\\xe6,\\x86\\xa6\\x93;\\x0em\\x9e*d\\xb2\\x107u\\xfe\\xf8\\x14}?\\xc5\\xce\\xbf\\x0f\\xd1{\\xa8\\xc7xm\\x18 !\\xd9\\xc0\\x06f\\x94\\xe0g-0\\xf7cb\\x05\\xe1\\x98\\xfe\\x91\\xb5\\xa6\\x1d\\x7f\\xa9g\\xa1\\xfe\\xb1\\xcb:\\xa0\\xa0^\\x80\\xd7\\xf6\\xed\\x88\\xc8\\xf2`b\\xcd\\xbe\\xceh\\xe9\\xc0\\xf8\\xa1_\\x83\\xf9\\xe2\\x9e\\x11\\x84a%m]\\x84hs\\xd5\\x01\\xbdl\\x0b]\\xba_\\x8fi! \\xd2\\x08\\xac\\xc6z\\xf8\\xbfa$\\x86\\x0e\\xc2\\x9ei\\xc0\\xa7\\x0c\\x19\\x03\\xb0\\x03\\x05v\\x02\\xd0\\x86\\xde\\x85\\x97\\xddry$z\\x13\\x87\\x8a\\x82\\xcb\\xfb=-y\\xcfyg\\xb7\\x0e\\xd6\\xec\\xbb\\xc2"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xf48t\\xf0\\xca\\xa0\\x07\\xe2t0\"!=\\xff3\\x89\\xebm\\xb1\\xe0\\x93\\x10#\\xfb-\\x0c\\x07y\\xf5}\\x8d(\\xb9ey\\xb7%#o\\xb6\\xd9\\x81\\x9f\\xb2,9\\xb0\\xe4\\xd6i\\x94*(huk/\\xd4\\xa7\\x9ea\\x8b\\x04,\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xfckp\\xde\\x88\\xb9\\xf3\\xf6n\\xd3\\xde\\x99\\xa1\\x99\\x19\\x0b\\xe9\\xf0\\xc9\\x8b\\xa1\\xaen\\x98\\xeduo\\x10\\xcct\\x9f\\xeb\\x18s6n\\xbfae\\xc8i\r\\xa1\\xb8t\\xef\\x97\\x14"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x98\\x15igr\\x04\\x0b4\\xc7i%\\x00\\xc3m\\x1b\\xc4\\xe2cy8&\\xad^\\x06\\x9e\\x99k&\\xdd\\xb9\\xb7,\\xc4\\x05*o\tu\\xa0\\x83\\xd0j7o\\x1b\\xa6m\\xf5\\xce\\xc2\\xe4\\xac\\xca\\xed\\xd0hk\\xb7\\xba\\x12\\xd9\\xb0 y\\xf6yku~\\xdc\\xbdb\\x8c\\x1a\\xc7j \\x0c\\x9e\\xb2|\\xfc\\x8e\\x15oi\\x98\\xa7\\xe7\\xca\\x98\\x14)\\xd6jw\\x1ep\\xea\\xd6\\x91z\\xf3rg2&\\xe4\\xc1\\xc4\\x0b\\xbf\\x112\\x9c\\x8amou\\xc4\\x97\\x9da3\\xd0:\\xab\\x02v+:imo\\x07\\x02t_\\xcd\\xa3h\\xe6i>\\xf1\\xa2j\\x95ka\\xc7\\x08'\\xbd\\xda\\x1e\\xcf\\xe5\\xbe\\x90\\xb6\\x8cs$\\x93ak\\xc1\\xffr%\\xc7\\xcf\\xa6\\x92\\x19\\x88g>xa|\\x99\\x9b\\xab\\xe1\\x7f\\xec\\x83\\xdc\\xe7i\\x81xt\\x8ap\\xa2\\x848\\xb4\\x05\\xc0\\x86\\xc3\\xa2\\xa9\\x04\\xeb-\ru\\xcc\\x0c\\x1ed\\xa9 \r\n\\x90\\xa7\\x99\\xb3t\\x85\\xac\\x12\\xce\\xff\\x96\\x06c2\\xca\\x86\\xc4p\\xfc\\xd5\\x16]^\\x13iyh7\\x85m\\xc7"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\t\\xaf\\xa6n\\xd1\\x9b\\x98\\xb9\\xcfm\\xe4\\x10\\xb1\\xdd\\x1c\\x86\\xa8p\\xb1j\\x80{o\\xbb\\xf5q$\\xb3\\xeb\\x05\\xba\\xd5\\x03\\x9f\\xe1\\x85\\xb1\\x86\\xa8\\\\xca\\x8e\\x0ffa\\x00\\xd0\\x8b\\x1c\\xcb\\x95\\xfe\\xb2\\xfep\\x15\\xd8k{i\\xf4\\xcct\\xbd\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x82\\xd5f\\xf46og=\"j\\x99q\\xeb\\x91k=@\\xdb\\x0fg\\x91\\xe3*\\xdcz\\x868\\x94\\xe6\\xacsc\\xa7\\xb8\\x19\\xfc r\\xcc\\xfe8\\xb6d\n\\xa7\\xf6\\xb9\\x9e"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x08~\\x03m\\x13`\\x0bi\\xd2\\x04\\xe1}\\xa8\\xa0\\x8f\\x19\\xc8\\xc9\\x07.3u\\x06\\x90\\xe6\\xec\\x12\\x14\\xa5\\xba=\\x05j\\xfa\\x87\\x1fmo\\xdc\\xf1e\\x00\\xda\\x857\\xdcv\\x11\\xa0e\\x8d\\x1c\\x08\\xa9\\xfb$\\x8c\\xd6\\x80&\\x9d\n\\x9d\\x01\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000w\\x9d\\x84\\xe7\\x9c3\\x07\\x9a\\xf9fq\\xaez\\xf6\\x816+\\xd3\\x08\\xc54\\xd3\\x0f\\x92o\\xff\\x04\\xee\\xf4\\x13wc9\\x01\\xa4\\x14\\x07\\xf7+r\r\\xe2\\xa0.\\x0b\\xd0\\x8e\\xfb"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x13\\xb1\\xb1>%_\\xa6\\xac\\xb0r\\x00\\x1c\\x1d\\xaf\\x00\\x01\\x8d\\xbd\\xa1\\x98/\\xbc\\xacp\\x99n\\xa1^\\xc40\\xc4st*\\xaf('\\xb4\r\\xf3`\\x90\\x02}\\xb1\\x08\\xe5\\xe0\\x9ftu\\xe2v\\xde\\xdf|r\\x97\\x85\\x98\\x03\\xc7\\xac\\xd5\\x98\\xa8<\\x99s\\xce*\r'p)\\xc5\\x01\\xe8\\x10\\x16\\x81}\\xac(#-\\x16ce\\xd3\\x9a\\xd6\\xab5zh\\x9fy\\x92\\x0by\\xdc\\x98\\xfae\\xa7|\\xfa\\x84\\xec\\xd1\\xc8\\xec.\\xd1\\xe5\\xe4sg\\x82\\xce;u\\x15\\x98h\\xff?\\x9f+;\\x9e\\xaf\\x11\\xca\\x0b-\\xe6\\o\\x1f\\x8d%\\xf7\\\\x02\\x14\\xb4\\xeb\\x8cwh\\x85\\xd8kn\\xc3\\xa5:w\\x1c%\\xc6\\x18\\xc0i\\xeewpf\\x1b+x\\x17%y\\x9ed\\x87,\\xf6e\\xb7j\\x10\\xed\\xf9\\xd5\\xb7\\xde\\xf3\\xbd\\x9a'm\\xf3t\\xfas\n\\x1d\\xcb\\x8ca\\xe2~j\\xae\\x01\\xb8\\x19-\\xfd\r\\xa3\\xc0\\xfa\\xba\\x1a\\xf7@\\x97\\xb7m\\xfb\\xe0n\\xaa\\xd3\\x88\\xa1\\xd7\\x11\\xf3q$\\x10\\xe7\\xfd]>\\xdfu\\xd6\\xfa\\x86\r\\x9d\\xf8\\xef{"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010bh\\xda\\xbf\\xb7\\x80[\\xb0\\x18\\xf1\\xabu\\xdd[\\x13\\xcbd\\x11\\x1cc\\x7f\\xc5\\x83u\\xa3\\xd0<@?\\xa6\\xa1q\\xc1\\xae<\\x14\\xee7\\x9dx\\xb8\\xb6\\xd5\\xeb\\x1e\\xa8\\xd3x\\xcb9\\xc7\\xd9sd\\xae\\x12\\xfe\\x8er\\xf5n\\x18\\x94\\x98_\\xed\\xd3\\x11\\x997v\\xe4\\x94i\\xb1lm\\x15\\xa80\\xf1\\xfc<m\\xff\\x8f\\x82\\xe1no\\x06\\x84\\xc2\\x8c3ju\\xdcz[{\\x8c$t\\xbc\\xd6)ne\\x07\\xaf\\x1bi\\xec\\x9e\\xf4\\x96\\x05\\x89s\\xb9\\x8e\\xe0\\xd0\\x1b\\xf9\\xd5\\xd2e\\x1eh\\xce\\x1a\\xf6\\xf6\\xdd7\\x9c\\x8f\\x83\\x0e&m\\xfe\\x99\\xe9\\xaev\\xbb\\xad\\x87\r\\x13\\x88\\x08\\xc7\\x00\\xef\\xe8\\x91\\x9f\\x11\\xe0i\\xe5q\\x7f\\xf1=\\x1b\\xc6\\xd4\\xb0i=\\x93\\xbdrb\\xb9\\xbec{1x*\\xc6nu\\xea\\x97\\xeb\\x8e-\\xf6\\x03\\x8f\\x0b\\xe4\\x98\\x98\\x8cjb\\xb2\\xf5\\xec\\xda\\xafh\\xcd\\x8f\\xf9\\x8cwg\\xe6f\\xce\\xa6\\xc9\\xf2\\x9e\r*\\xb1$]^\\x04\\xaf\\xd7\\x15\\xcb\\xf4\\xc94\\xa04\\x99j@\\xddb\\x9d\\x9cs\\x9e\\xdbqk"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xcb\\xfe.'\\xdcpu\\xae\\x98=\\xd8\\xae\\x07\\xc1\\xdeq#0\\x08h\\x05+\\xff\\x0c\r\\xa0\\xddh\\xdd.\\x8b\\xe7\\xa4\\x02\\x01\\xca\\x81\\x97/t\\x92\\x7f\\xca\\x9f\\xbd\\xf7\\xcb\\xc4v\\xf6+m\\xba\\x8d\\x9d\\xf1\\x7f\\x935.\\xce\n{]\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xef\\x8be\\xdci\\xcf0[\\x90%\\xef{\\xabc\\x8ac\\xf8\\xb7\\xec\r\\xac\\xe2\\xa0\\xb2\\x88\\xf6_\\xf3\\x18_\\xfd\\xa1\\x83\\xbd\\xfb\\xa7\\xb08w\\x88&\\xad\\xdf\\x15\\x9e\\x1f\\x07\\x89"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x07\\x91wc\\x0e.\"v@c\\x1d`\\x9e\\x03g\\x94\\x95\\x98\\xf9<\\x03b\\xeb\r)\\xa5y\\xfe\\xd5\\xb0\\x1f\\xa2\\xd1\\x9c@\\x198\\xa8x\\xf3\\x11\\xaa\\xe1mj\\x08&\\xfb#\\xa5\\xb7\\xac\\xc1,\n\\x94\\xf7\\x13?\\xa9\\xd7\\x817]\\xca\\xff\\xc3\\xa9\\xd6\\x94\\x8a\\xf9r\\xda\\xb5g\\xabxm\\xa8\\x9e*\\xd6\\xab\\xfdu\\xb4\\xda9\\xf5& o\\xe6\\xb2}r\\xd8t\\xbb\\xcd\\x10umao\\x80x\\x93\\xa2\\x93\\x07\\x93\\xff\\xa7\\xd6\\xe1hc8\\xb0z\\xf2\\xfe\\xac\\xddee\\xea\\xa2\\x9c\\x131\\xc3?\\x07?q\\x93\\xf0w\\xdbg\\x9bo\\xd9j\\xe4%\\xa7,\\xaa\\xf7?\\xf9\\xa9\\xe1\\xb4w\\xce\\xff&\\xde\\xd0e\\x86\\xa7~\\xe6\\xa0\\x94\\xa9th\\xd1\\x94p\\xee\\xb5\\x95\\x90\\x82\\xb3\\xe8\\xda\\x0f1\\x9d\\xaf\\x81\\xd0\\xb5\\xfa\\xf0\\xe4\\xf4\\x15\\x19\\xc0#h`\\xe5\\x89\\v\\xcc<a^:\\xaa\\xde\\xe9\\xfa\\x80i,\\xdce\\xdd\\xec!\\xa3&\\xa9&\\xcb$e\"\\x17f\\xe2\\xe5\\x16\\x07\\x07\\x831\\xcc{\\x01\\xf9\\xa8q\\xde47\\xc8\\xea"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x0b>`\\x11\\xf0u\\xd5zl\\xc3\\xed\\x89t/6\\x88\\x0b0 \\x0e\\xd6\\x05\\x13\\x12\\x00<\\x10\\x87q{\\xb4d\\x11\\xa0\\x9b\\xb4\\x1c\\xe2\\x15\\x9f\\xa9\r\\xd7\\xbf\\xc72\\x8ap\\xa4)4\\x95\\x85\\x8e&i\\xd2a\\xc8\\xc8\\xa3\\xe0i\\xfd\\x159\\xdb\\xe6v\\x80\"\\xd4a\\x9d\\x88\\xb6\\x98s\\x9d\\xbaq\\xf2.\\x05\\xe7\\xe0%\\xf2\\xe6\\x97\\xe0\\x07\\x06\\x1ba\\xfc\\xf3\\xc2\\xff/\\xe4y\\x97\\xca\\x85.[\\x9a\\xaa\\x98\\xaddo\\xed\\xe9\\xe4zh\\xfd\\xf9\\xdc\\x19\\xda\\x96\\x06\\xf5nl\\xb6(\\xeb.\\x84\\xac\r\\xf5.\\x04\\x9ay\\xa6y\\x02l\\xbb\\xf7\\xb7\\x0c!\\x15\\xe3\\x06\\x98\ti40\\xee\\x19\\x05\\x83\\x01\\xe6\\x81y?*\\x06\\x8e%$\\xe8\\xfb\\xe8\\x14z\\xd5di<\\xda\\x86\\xd4\\xa4\\xfcwj\\xf1\\xa4l\\x99\\xa3\\x95q\\x03\\xcb\\xd99|\\xf2\\x91i:\\x0e\\xe8\\xf4\\x16\\x99\\x1e \\xbd\\x82\\xea\\xfe\\x07\\x1e\\xec+\\xbf(\\x02\\xb8\n\t\\xbb\\xf9\\xd1\\x8b\\xf9\\xd8 \\xba2b\\x9a|\\x14\\x99k\\x92\\xb3\n*\\xa9^\\xc7\\xbep{\\x155"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x0107z\\x8e\\xdep\\x94h\\x15m\\xfc\\xb7\\x1f3\\x8b\\x87\\xc8\\xf4\\xc2@j\\x13\\xa6cs`\\x93\\xe9\\xc1\\x03\\x1c\\xdel\\xf8k\\xd9\\x10mc6\\x0b{\\x06\\xda\\xf7\\xdc\\xcf\\x8a\\x80\\xff (f\\xde\\xee\\xda\\x893#\\xd4\r\\x05#\\xf5\\xe0\\x8bq\\xc1u\\x80\\xc15'[\\x1b]%\\x00a|\\xb5\\xcf,9\\x8fz\\x1bv\\x90\\xb4\\x8anz\\x96\\xd3\\x9e>=j\\xaf`!\\xae\\xa3d\\x9f\\x1a\\x86\\x00\\x11\\xb6\\xa2\\x81m\\x9fv,y\\xadr\\xd6tx`\\xdf:\\x89zw\\xad\\xf7eyd\\x18\\xf1\\xc1\\x01\\xab\\xf7:\\x8c\t\\xdb\\x98\\xfd\\xd8u%\\x914\\xf87\\xb2\\xb7\\x8a\\x1d0\\xf5?\\x12\\x17\\xac\\xd1g,\\x85|$\\xe9\\x82z\\xa7\\xd63f\\x18\\xad\\xa0\\x83\\x0ci\\x87e\\xcb\\x13\\x81\\x9e\\xec\\xc1k1\\x10\\x85\\xbf\\x93\\x82\\x06\\xd9\\xd8\\x13[\\x82\\xf8d\\x80\\x08m\\x97o-\\xd1\\x1e<y~*\\xc41\\xd1\\x98j\\xb14\\xb5\\xcdb~\\xa6\\xa2\\xba\\x12\\xc3v6\\x91\\xcc\\x15\\x95\\xd1\\xe3\\xb20\\x9bt~t\\xa7\\xc0\\x9c\\xfe\\xf0"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x045\\xa7\\xd6\\x0cp\\xe5\\xa2p\\x7f.\\xb2_\\x1a\\xa3x\\xd7~a<\\x0c\\xae\\x02\\x0f]\\xdct\\xe8\\xe4g\\xa5$\\xe6\\xce\\xd6\\xca\\xe9\\xb0\\xe5\\xffjr\\xfa>\\xbf\\xc2\\x86\\xe4[j\\x85\\xe5\\xa00\\xaf\\xb5|\\xde\\xbe\\xb8\\xda\\xea\\x89\\xecx\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000w\\xf3\\xca\\x01\\xc1\\xcb\\x8ay\\x97\\x01a\\x1b\\xfd\\xef34z\\xfb\\xccf~\\xf0\t\\xb7\\xbfh\\x01x\\xe3\\xff\\xcbf\\x0f\\xf2\\x96tv\\x82\\xf0\\xa6:t\\xc71/f@}"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04{\\xf0a'\\xf2\\xb7\\xe2\\xf9\\x8f\\xc5o\\xee\\x087mb3r\\xc2\\xe3w\\x1e9\\x83;1\\xfa\\xd0\\x81n{x\\xc6\\xccp\\x00\\xf2f\\xf5\\x98\\x0f\\xae|\\xb6\\x16u<\\x97h\\x07\\x8e\\xe9<7hg\\x1dxb\\xf8x\\xe4x\\xd3\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x82\\xa3%i\\xdaq\\xd1\\x88\\xbd\"?`\\xc2\n\\x86\\x94\\x90\\xe9\\xff\\xbb\\x14\\x14\\x8f\\xbc\\xdf\\x0f9\\xc8\\xfb#p\\xfe\\x00\\xbd\\xd6\\xb0\\xdc\\xf2\\xaa\\x91\\x055m\\x12\\xab\\xa32\\xc5"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}!\\x84\\x1f\\x99\\xd4\\xc5\\xa4s\\xca+\\x91\\xc4q\\x93ln\\x80\\x85\\xce\\xf0\\xba#}\\x96m!\\x85\\xa7\\x03\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}!\\x96\\xc7i\\xd5\\xfb\\xa1\\xad\\xc4\"\\x92ed\\xd1\\x04\\xdf)ys]\\x12\\xac\\xfc g^\\xe2\\x16u\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t} \\x98\\x92\\x91\\x19\\x14\\xeb\\x8fx\\xaei\\xee\\xc8b\\xc1\\xfc\\x02d\\xba\\x11\\xfa\\xf3\\x92\\x97\\x95v-\\x9b\\x1a\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t} m\\xbf8\n0\\xe2\\x1f0\\x16\\xd3\\xdd\\xaf\\xb0\\x83\\xf5\\xa9j\\xa0\\xce/\\xd6\n\\xcc\\xa0\\xfac\\x9d\\xe9\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t} \\x12b\\xbd\\xce\\x8e\\xac\\xc7\\xc4\\xe3m%\\xc8'\r\\xe0\\xa5\\xea\\x94>\\xf6\\x85\\x9cmv?1[e\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04m\\x95t0\\xa3\\xbc\\xb5\\xf7\\x8e\\xa5\\xa6;udi\\xa3\\xf7\\x159`\\xde\\xe6\\x0bf\\xa8c\\xc92\\xaek\\xb9\\xa0\\xc6\\x18be\\xe7\\x9b$x\\xa5+\\x01\\x83\\xd6\\xd4/\\xeb\\xdb\\xa5ll#>\\xb4\\x8bk\\xd2\\xb8\\x85!gvt\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000m\\xa3crdu\\x921?\\x8fqsa\\xbe\\xd0\\xf1\\x95#\\xa5z\\xb1}\\xbe\\x9dh\\xa2\\x18vi\\xca\"\\xfa\\xf9\\xf6\\xe6\\xeb\\xb6\\xcf\\xa5\\xb1\\x929\\xbfm;\\x15a\\xcb"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04j\"?+\\xc9w\\x9es\\x9e\\x10\\x8es`-_\\xbb\\x0c\\xf7'p\\xcdp\\xec\\xc6\\xceyo\\xe5p\\x11r\\x06k\\xc6\\x9e\\x1c\\xff\\xd6\\xbd\\x1c\\xaf\\x11\\xc4zdb\\x1a\\xdb\\xb0\\x89\\xabmm3\\xff\\xdd\\xff\\xf0wz\\x9b8\\x82\n\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000cf\\xa5\\x9d\\x1c7\\x87\\x8e!s\\xf7\\x8e\\x0e\\xdf\\xc6\\xfet^\\xc9:\\x90@\\xda/yor\\xb7\\xa4\\xe6\\xf8\\xa7qs\\xe1\\xa4\\xfd\\x17\\x01\\xce\\x81[\\x0b\\x0b\\xdb\\xb0m\\x90"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xc8\\xae\\x9d\\xf2\\x93\\xabu\\x1a\\xc8\\xf4\\x9b\\x7f<x\\x87\\x9cj;xwg\\x93\\xbbr\\x17v\\x04\\x11o\\xee\\xd3d6\\x82\\xbd8\\x80\\x8an\\x96\\x1b\\x7f\\xe9\\xe5\\xfa\\xcf\\xa0on\\xb6\\x95\\xa1\\xa44\\xa8_\\xca\\xb88h\\xf3\\xfc\\xb4\\xf3\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000}s\\x10^\\x15\\x0f\n\r\\xbe_\\xdf\\xc5o\\x05\\xb1\\xc4\\xaat\\x7f\\xdf\\x1d\\xde\\xef\\x8f\\x07*\\x8ca h\\x86x\\xca\\xd9.\\x84\\xccxdx=\\x9a\\xb5\\x90\\x9a1\\x08\\x1f"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04l\\xd5%n\\xed|-|>1\\xf6\\xa5\\xbe\\x1a\\xca\\xfe\\x90\\x8f-m\\x13\\xb8\\xe2\\xb9qw\\xb4?\\xeal\\xbd\\xeb\\x15b\\xbf\\xa7\\xbag\\x9c\\x91\\x0b\\x95\\x9a\\x89\\x0e=l~`&\\xb8\\xdd\\xc4=b\\xb5n\\xb7\\x0f\\x13\\x8d\\x9d\\x15\\x9a\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xbf\\xb5\\xef\\xb4\\x1eu\\xaf)4:\\x1a\\xca\\xa7\\xbb\\x13\\x1f\\x9c\\xe8\\xb6xy,\\x92s\\xbe\\xe9\\x0c\\xda8\\xe4\\x11\\xa3\\xc8\\xc4c\\xa4\\x17\\xd4\\xba\\x95\\xe5%\\xb4v\r\\xa7\\x17\\xb7"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t}!q\\xe7\\x94\\x96x\\xa1\\x13\\xcbz\\xdb<\\x98\\xc4s\\xc0m{\\xd8v\\x08\\xb7b\\xd6\r\\xd0w\\x13\\xed\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x8c\\xa3\\x9b\\xf4\\xf6o\\x07j\\x7fo\\xd4\\xd5z\\xe7\\xb9\\x10g\\xa7/\\x07\\x9f\\xc1o\\x95\\xc8\\x90&l\\x0b\\x1a\\xbc\\x17\\xc6\\\\x9a\\xc3\\xf7~\\xbf8\\x03=fi&v\\hn\\xb7\\xa0!\\xa4\\x9b(}\\xf3\\x0f\\xa0v\\xb7x\\xde\\xb6\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xa9\\xdeai5=\\xb8\\xfe\\x8c\\xd9!\\x19\\xa0\\x93\\xe3x\\x9cmi\\xa9k\\x8b\\xfc\\x03\\x9a)9[\\x11\\xfc\\xbe\\xbd\\x07@\\x8f\\x1e\\xe5\\xd9\\xf7\\x7f]6\\xbd\\x04\\x97\\xf89\\xb8"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04j\\x01\\x16\\xad\\x13\\x06`\\xe9\\xd00\\xb5\\xd8/\\x8c\\xec\\x1a\\x92\\x12l\\xe7\\\\xf7\\x1b \\x10s]\\x06\\xfbq\\xb1z\\xfb\\xc5\\xf21\\x82\\xf1\\xb2\\x8d*\\xf7\\xfc\\xccs\\xa6i\\x185_ur7\\xf4\\xac\\xa9!:\\x85\\xb0\\x822y\\xd7\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000b\\xbf*zaz3\\x16\\xb6\\xc5,i\\xda\\x8e{[ry&x-\\x9d\\x12\\x14w7\\xb3p(\\xb7\\xa4lv\\x90\\xf3\\xccz\\x13\\x1b\t\\xb1a,m\\x9b\\xc2\\x9b|"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe5t\\xbf\\xee^r2\\x85\\xc2\\xc2zqb.8jy`\\x92f\\x13\\xfe5b\\xc0j\\xbe1\\xe7\\xb2x\\xe7\\x8ak\\xbc\\xf21i2\\xe61\\x13#\\xb6\\x84h\\xa3]\\xd3\\x0bz\\xea\\xcb\\xad\\j\\xa5l\\xf9\\xf9\\x8b\\xc3\\xfe\\xe6\\xed\\xd7`\\xaf'u\\xdb^\\xe2i\\xb8\r\\xf3\\xa6g\\xd9\\xf0ss\\xe8\\xe2\\xc5\\x87in\\x1b9\\xac\\xf13\\xb6\\xad\\x82m~\\x01\\x82\\xadl\\xc4\\xba4n\\x98+\\xc4\\x91\\xb2\\x888]`\\x11\\xa2\\x1b\\xbe\\xdd\\xc62\\xa6x<\\xc6y\\xa4\\x10\\xb4\\xd8\\xe4c\\xccl\\xf3.\\x9b\\xd9rj7\\xc2?\\x8e\\x88\\xd55\\xc1\\xac$0\\xaezr\\x1d;\\xfe\\x1a\\xc9\\xdd&\\xd6\\x1f\\x1f\\xcbn\\xb5\\xa2t\\xa7\\xd8\\x88w\\xf5\\xa8\\xb9\\xf0\\x88\\xbf\\x82\\xaa'\\xb3\\xd0\\x8d\\x98\\x86\\xd2\\xc1\\x8a\\xac\\x06wc\\xd8_lm\\x8d\\xfe\\x1d\\xac\\xfc\\xa09\\x88\\xc8\\xf8\\xca\\xda\\x95\\xfe)g\\x1d\\xa2)\\x8e,\\xff\\x91~\\x84\\xd4`\\xd8i`\\xeb\\x80\\x8e\\xa0\\x1c\\xaez|v!\\xf7k\tl\\xacf\\xdc\\x1eq3\\x88"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x0108'\\xcbm\\xeb\\xf6:e\\x8e\\xdd]\\xe8f-\\xd0\\xaajx:\\x15\\x99m\\xd3\\xa8\\x19\\x95\\x8a\\x10\\xc9\\xc6\\xb1\\x1eu;\\x13\"a7\\x05n0\\x02\\x9b\\xc3\\xce\\x9fh\\xd1\\xf2\\x17\\xbd\\x04\\xe2{\\x91\\x81-\\x05\\xc3\\x02? \\xe3,2\\x03\\x95ip\\xe02\\x0b*}x\\xfee&q\\x9e\\x1dr\\xb4\\xd2\\xf6\\xac%~\\xf8\\x11\\xf9%k\\xbc\\xd2\\xba~\\xb7s$\\xd08l\\xec\\xbc>@\\x00\\x05\\x1cj\\xe0\\x00c!\\xbd\\x85\\xf3\\xd1\\x98|\\xac\\xb7c\\xc7\\xa2\\x8d\\xf0\\xb5\\x1c\\xa4\\xa3\\x80ev@fx\\xc0\\xa9;8\\xc80\\x8a2\\xe5\\xf7\\x80\\xb5=\\xcc\\x1d\\xf9\\xb2\\x97\\x1b\\x04\\xda\\x19\\x92.\t\\x95\\x03\\xbd\\xaa\\x06\\xea\"v92\\xa4i\\xe4\\xe6\\x16\\x0fuw\\x98\\xb9rn\\xceo\\x93*+\\xd6q+\\xb5\\x8f@\\xdc\\xb8\\x82\\xd5\\xc1@v\\x97\\xd5.\\xf1x\\xcd\\xbf\\xaf\\x95g\\xc0\\xbb&'\\x9fp@p\\xe2\\xe5\\x14]\\xf5w\\xc9\\xae\\x8b\\x18)\\xe1\\x04\\x93&\\x96\\x07\\x1a\\xb3\\x92g\\xcb\\x0cg\\xe7\\x06\\xdernh"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010g&\\xb2\\x83{\\xb4a^t\\x84\\xba\\x9f\\x8c\\x8a\\xebd\\x9d\\x9d\\xda\\xc5\\xd5[\\xd4r\\xe3\\x1b\\x1e0\\xae\\xa8\\xf4\\x7fg$\\x96\\xe4\\x17mh\\xb2>[\\xcas\\xa0\\xfe\\x05\\xa1ct\\xb1'\\x1e\"-y\\xed\r\\x0b\\xe7i\\x1b\\x8faq\"\\xfa\\xa5\\xfc\\xcco}\\xc4\\xe3\\xde)\\xd1\\xf6\\x8b?s\\xb6\\x00\\xe0\\xedd\\xcb\\x9f1\\x18\\xbe\\x14\\x82\\xfb\\x9e\\xe3\\xef\\xedc'\\xf6w\\xe6;\\x88\\x96\\xca\\xa0\\xb1sxy\\\\x10\\xe5$?\\xcd\\xb8\\xaf\\x0e\\x16\\xc4\\xaak\\xf0\\xf5o\\xc7'\\x9aw\\xb1k\\xbb\\xcc\\xec$b\\x98\\xf1\\x00\\x9a\\xb5\\xb1\\xd2\\xff\\x85\\x9e\\xe6\\xc9\\xe4\\xc2{\\xa1\\xb6:(\t\\x19xb\\xe0\\xe4\\xc0m`\\xe2\\x9f\\xe4mk0\\xbd\\xe6\\xcd\\xf6\\xcd\\xce\\xd0\\xec\\x995\\xadq\\x88\\xd7*1\\xe7\n\\x0bjf,\\x96q\\xe5y\\xf2\\xdc\\xb2\\x8a%\"\\x14~\\xee\\xcb\\x8e\\x131\\x98\\xd1t\\xe6\\xb0\\xdejy\n\\\\xbc?\\xc6\\xce\\xc2\\x8c\\xc5\\xa4\\x02{:\\xf1\\xcd\\x8c^7j\\x03\\xb01:\\x92k\\x90\\xcc\\xe1\\xec\\xa1\\x85"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010n\\x02\\xdf4\\xb6\\xb6\\xf0\\xc4mkr\\xf2z\\x96\\xdd\\xd5\\xf27\\x1f a~\\xee\\xa5r\\xbf\\x03\\x05\\xb4\\xb8\\x83\\xd4ld(\\xd7v\\xc6g\\xecw\\xbf\\x9fq$s\\xa4\\x866\\x12\\xe3\\x17\\x86\\xc4\\x86\\xabd\\xa8\\x00\\x89\\x107\\x96\\xdc\\x90\\xfb\\xab\\x7f\\xec\\xfbz\\xb9ahmiy\\x17\\xb1\\x86`\\xbe\\x96\\xc92'\\xb8\\x8d`x\\x02o\\x93\\x80\\xdb\\xa2@\\x9c\\xa5\\xd8g\\x87m\\xb6s\\xe0\\xf6\\xe1\\x14\\x16\\xf7\\xd3,\\x87\\x120\\x18]c\\x8db\\xec=\\xeftj#\\xb9\\xb0\\xf5\\x1f\\xf8\\x056]\\xe8\\x0c>bs\\x94\\xf3\\x17\nig\r\\xdac\\x9bc\\x9b1\\x1b\\xf2\\xf4\\xaft\\xe5l\\x89\\xf3\\xe4\\x05\\xce\\xb1~\\xd5 ~\\xec$\\x04\\\\xdc\r\\xc6q\\xc4\\xa8\\xcf\\xd9\\xe2\\x08\\xcfx\\xcd\\xcd\\xa3\\x86\\x8ak\\x10\\x02\\xb3\\x04\\x8c\\x85b+g\\x8fi\\xbed\\x1cx\\xb4\\xc0\n\\xc7,x\\xcda\\xde\\x83qva\\xb3\\x8a\\xf0\\xe9\\xdd\\x8f\\x13,\\xac\\xca*\\xe7\\x02\\xf5g\\x89\\xd9\\x98k\\x03w3h\\x88v1\\x87'\\x93\\x16\\x8d"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xbc{m\\xaf\\xad\\xe8\\x1am\\xdc\\x9f\\xb7\\xd9\\xfc\\xc3\\xb6d\\xa6\\xdf\\x13p\\x94\\xd56\t\\x07\\xb2\\xa5\\xbe\\x14;g\\x1a!\\xe4\\x15\\xba\\xa7\\x8f\\xd0q\t\\xd1\\xf5\\xd4\\xfcj\\x8c3w\\xf2\\xf3\\x80q\\xb7\\x87\\xaap\\x87\\xdf\\xb7er\\xe5\\x99>~\\xdf\\xc5\\x8e\\xe4r\\xba\\xa3^\\x12\\x91\\x00\\xb2&\\x80\\xa5p\te\\xac\\xc2dc(\\xab\\xdb\\x8dzh\\xfa\\xbal\\xc6k\\xc2j\\x04r\\xaey\\xa60\\x8ejl\\xa2\\x12\\x8e}\\x83\\x8eb\\xc9\\x93\\xd2\\xbd\\xe3b\\x01\\xcb\\xc8a\\x10\\xb6\\x0c\\x0e\\xb0:\\x9e(9.\\x7f\\x1e\\xf5c\\xce\\x9f\\xc2l\t\\x8e\\xb2\\xd6m\\xb0\\xa0\\xa6\\x87\\x0e\\x0fg\\xe6\\xden\\xd2\\xd7\\x96fk\r\r\\xd8\\x17\\xc6\\x9b\\x80\\x0ca`\\xa7u\\x17\\x9c\\x84\\xda\\xdb\\xda\\xd3,pz\\x8e\\x15t;\\x88\\xa1p+\\x83\\xa9kvz*?\\x890&p\\xf0\\x81\\xd4\\xfbh\\x82\\x9f\\x08\\x1a6\\xe5a\\x84\\x12y\\x9e\\x1ew\\xfe3k\\xcf\\xbdb\\xa6g\\x02p\\x14'\\xb9\\x1b\\xb0\\xa6\\x86\\x10\\xd1\\xc4\\x04t\\x1f\\x1c\\xa4\\xc3c"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb0x\\x9d\\xb8.\\xd9l\\xfe\\xcew\\xe4\\xa3\\xe8f\\xcb\\xa2\\x1a_\\x8f\\x12\\xf0l\\x8b&\\xf9\\xa4l\\x16\"\\xf5ezp\\xdcq\\x1cl\\xda0\"rq\\xee8`k\\x0e7n`hr\\xc37\\xd4\\xf2\\xdbe\\xa4`\\xd7\\\\xf5\\xcb1\\xdfh\\xd3\\x91\\xe7\\x9a\\x87k\\xd2\\xee\\xe0\\x03\\x8b\\xf8\\xbd\\xb2\\xe7\\xbe\\xe37\\xe3\\xc9\\xb1\\xf3\\x9c\\xddy\\xbf?o^\\x92u\\xfa\\x85:\\x97\\x9bdx\\xaa0t\\xf3\\xc4\\x16\\xd7\\x088\\xb5h\\x1c\\x99&\\xdd(\\x9d\\xb3\\xf4\\xf0-\\x9e|>\\xdd\\xdd^8!\\xa3;\\xe8\\x10\\x1cy\\xad\\xa7e\\x19\\xbf\\xdd!\\xd7v\\x14\\x15\\xad\\xc13 \\xa7u2\\x0c\\xe1o\\xc47=5;0\\xd6>\\xce(\\x9d\\xf7\\x81m\\x87\\x84q\\x89\\xe32\\x03\\xbd\\xb4d\\x19\\x11\\xd3\"\\xe0\\xb0\\xc5|\\x06\\x1e\\xfe6h\\x8d)\\xa9\\xdaag\\x9f\\x01n\\xf9\\xbb\\x92\\xf2\\x81z\\xe7\\x90]\\x85\\x1c\\xd9d\\xa0x\\x16\\x8e%{\\xfe1\\xc5\\xd7]\\x8e\\x97\\xb4\\x15\\x107`\\xbe\\xcb\\x8ah\\xef(7\\xb6]\\xf6\\xb2\\xe1\\xc8"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xc5\\xd7\\xe7\\x95\\xe5\\xd5\\xd0-\\xfc\\xf6\\xffz\\x15\\x12r\\x1e\\xc5\\x8e\\x98\\xbe=e d\\xf1@\\xec\\x93\\xea\\xf7\\xcby,\\xb0\\xedin\\x98\\xb2\\x91\\xf0\\xe2\\xb4{\\x82fs\\x19\\xf7\\x96{\\x17\\xd6\\xf1\\xf2\n>\\xc1\\xca'f_@\\x16\\xce\\x8e\\xc2t\\xc4\\xe2\\x0b\\xd1t\\x1e\\xde\\x85\\xe0:~\\x86s\\x9c\"\\x0b\\x91\ra%\\xea\\xb0+:\\xe0w}ib\\xcd\\xd1\\xeaf\\x1c@t2i\\xfd\\xde<\\x00\"_\\xc4\\x915c\\x0c\\xc6\\x8bf\\x92\\xeac\\x8a\\xb5<x\\x93\\xf4\\xe2s5\\xe1\\xe8\\xe4\\x0e\\xa6\\\\xd4\\xb5\\xa8\\x84\\x81\\xd33\\x08\\x8a\\x81\\x90\\x08\\xc0?\\x95\\xe0\\xd7!\\x07\\x10\\xec\\xfc5q\\xf5\\x1d\\xc5v\\xd2\\xea!f)9\\x01\\xc2\\xf3\\xb5\\xe8i\\xd5\\xaaw\\xe8\\xe5\\xc9*l6\\x16ey\\xc4\\xd6' \\x95cu?\\x074>\\x97|\\x11s\\x91\\xc1\\xb6\\x04\\xdd\\xb6\\xc5\\xafojf\\xc7/e\\xd8$)\\x18\\xe4\\x96ag\"`g6\\x80&\\x8e\\xf7\\xf7\\xeb\\x893f\\xf0\\xf0g\\xf2\\xddu\\xb8\\x0f/\\x04\\x16"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x18\\xc7\\x0f\\xae\\x7fz6\\x04\\xdcl\\x9b\\x04\\x82\\x16,xt#\\x12>\\x0b\\xa7n\\xabf\\x92\\\\xe2\\x80\\xd02\\x02\\x7fw\\x820i\\xc8\\xf3hz\\x93+'\\xb3gr\\x96\\xabo\\xa8}\\xdc\\x9a\\x8cs\\x10\\x7f\\x94\\x9b\\xef.\\x19\\x9e!\\x96[\\x0b\\xde\\x9c!\\xf0~[\\xe75\\xc5\\x17\\x91m\\xab\\x19\\x02\\xe03 w:\\xd6\\x15a_yq\\x95\\x04\\xac\\x0f\\xf7d\\xa8\\x08]<\\x95\\xd7\\x13\\xcd\\xc7\\xe9\\xbf\\x85\\xef\\x9e\\x14\\x8c\\xd6\\xbc\\x82\\x0c\\x95x\\x84\\xa9[`\\xb1\\xcax\\xaf'\\xe8\\xbc\\x8bj\ra\\xccix\\xd8i\\xdc\\xcc\\xe6\\xe8t\\xe1\\xe8\\xeb\\x96o~\\xc40\\xb7\\x8b\\xc8\\xf5\\x99q\\xb1\\x15\\xd3\\xbe\\x9a\\xd4\\x0f\\x96\\xc308p\\xc8\\xb9/`f\\xda\\xe48\\xff\\xa4t(\\x04\\x00\\x8cv\\xc8j\\x8bd+\\x1d\\x8c\\xa1[\\xf0|\\x12>\\xbe\\x0c\\x7f\\x04[\\xc7w\n\\x9cu\\xfc\\x89\\xdfg)\\xe0\\xda\\x8c\\x1eo\\x90\\xe2\\xcb\\x0c\"=q\\x0ci\\x05\\xe7\\xa9\\xedj\\xday\\xe2\\xee\\xdd\\x10vb\\xddg?\\xc2\\xe3\\x1a\\x1c"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x0e#p\\x8c\\xe7b@\\x03f\\xd9!\\xca\\xec\\x1a\\xb4\\x16e\\x923\\x97\\l\\xf7\\xc1 \\xf7\\x83\\x1f\\x0c\\xc3\\x9d\\xdb\\xd8\\x8c\\xca\\xbfw\\xdbw*\\x88fai\\xa9\\xd8\\x87h\\xf0+\\xe7\\xdbt\\xa7\\xb7\\xd8k\\x0b\\x15\\x04\\xb2]t\\xaf)e\\x018\\xe9\\xe1f\\x91\\xbf\\xdd\r\\x1d\\x10^\\xf5q\\(\\xec\\x1c\\xfc\\xc0\\x90\\xe3u\\xbe\\xff~\\x0f\\xb2\\xaf\\x9ei\\x95\\xd6\\x04\\xd8\\x00\\x95\\x93h\\x1f\\xa5-b\\xaf\\xb5\\x11c\\x88g[bm\\xd5c\\x1b'\\x98\\xe1\\xe6\\xbal\\xa5bt\\xcd\\x15\"\\xc0\\x89h\\xafz\\x1b\\x10\\xfe\\x9d\\xdf\\xa7\\xb2c\\xbeu\\xbd\\xcd\\xb9\\x8el\\x9c\\xd5\\x86mom\\x8c\\xf1\\xd91\\xa5\\xa4\\xc7\\xeacd,\\xd3/\\x92\\xef\\x0f\\xb1\\x1eq\\x00^\\xb4\\xebs:p\\xd8l\\x9b\\xb0\\xc6\\xd2=\\x01(\\xc9\\xe4\\xfd6\\x12\\xbb<&\\xcd\\xd1\\x8c\\x14\\x8e*#ho\nz\\xf3!_yg\\xf3z\\x10%\\xb4n\\x01\\x8e\\xab\\xfb\\xf7\\x19\\xf9\\x01\\x92\\xfe\\xc1\\x9e7\\x0e\\xc9s\\x82\\xfc\\xf3x\n?^q\\xed\\xed\\xac"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xbd\\xe4\\xc4#\\xb54\\x10\\xff\\x06\\x81{\\xca+\\xcbtb\n\\x8a\\x8d\\xf6w\\xfe\\x89\\x95`\\xa4\\x8b\\xa3\\x9a\\xc4\\xcf\\xe6\\xado\\xcc-\\x9fd\\xebc\\xae\\x0f\\xbf\\x8f]a\\xe7\\xe3/wv\\xc7\\x8b\\xb4\\x86\\xcc\\xe9f\\x8f\\x8a\\xfb\\xbd\\xac\\xdfw=\\x89\\x18\\x06\\x1e\\x8d\n\\xa8\\xfc\\xd4w\\xb0m)7\\xca\\xa5\\xa1\t3\\xf3\\x16y+\\xba\\xe2,ot<\\xe1{\\xdf\\xf7n\\xdf\\xc5f\\xb7@\\xe7t\\x08\\x147\\xc5^t)~\\xc0\\xc7\\x02y>\\x8f\\xe9\\xa3\\xc5\\xd1ep\\x9a/\\xe1\\xe3\\xf2\\xa0\\xdb\\xe9\\xff\\x11\\x86c\\x11\\xf8vk&\\xb4\\xcb5\\x1f3\\xc1m\\x17z\\x85>\\xf7\\xden\\xcb\\xd4n(\\xa7\\x9art\\xd6\\x87\\x91\\x18\\xeb\\xc4\\xe4\\xfb\\x1ep\\x89\\xe9\\x9c\\x99\\xc4\\xb2:]\\xe4q\\xcd\\x8ds\\x97\\xc4\\xff\\xa8\\xec\\xf3\\xb3\\xc08\\xf8\\xbe\\xc4\\x00\\x99\\xacm\\xc57\\x89\\x8b\\xf6a\\x9a\\xf6\\xf7\\xac(:\\x97\\xc8p\\xdds\\xef\\x11\\xc4r2\\xb0\\x15\\xb9\\xddp=\\xe4n\\xb1\\xd7|\\x80\\x81nx|\\x04\\xc6\\xec\\x10\\xdck\\xbc*"
- },
- {
- "http_request": "winword.exe_WSASend_\\x98\\xe2\\x97\\x0f\\xb8b\\x99\\x0f\\xf7\\x8a\\x05\\xba\\xf4o\\x07!\\x83| ?\\x03\\xa2\\xfa\"\\x1e\\xee\\xd7j\\xcf\\xf8\\x8d\\xf1\\x91\\xd2\\xb9\\xca\\x8c\\xefb\\xc3u\\x82<ex?\\x8c/\\x8e\\xfe\n\\xfc\"\\xb9\\x9df}\\xda\\x99\\x07\\xa0\\xf9%\\x85\\x01y#\\x0bi\\xe7c:\\x00=\\xda\\xfb\\xf4\\x10\\xaa\\xc1\\xf5y\\x1e\\x91\\xd3\"ud\\x84\\xaf\\x98\\x1a\\x03\\xfb\\xdbq\\x96\\xd1\\x06\\x04\\xbap\\xed\\xbf_\\xecj\\xe6/\\xef\\xdb\\xc4\\xdc\\xf7k\\x02\\xcap\\xe2\\x1bffh\\xf7\\xe8o\\xbb\\xf1\\xa6\\x8f\\x7f\\xbb>\\xf2-\\xce\\xf6f\\x16\\x7f\ro\\x15\\xe4d\\x17\\x1e\\x96\\xdac\\xe6\\x8b\\xadt\\xb0\\xe2c\\xc7\\x88d\\xbf\\x1b\\xb4\\xad\\x0f\\x95\\x94\\x00\\xe5\\xc9g\\x9f\\x9f\\x95\\xe8;\\x1c\\x96\\xca\\xb0\\xc1\\x92\\xb2\\xbb\\x169\\x9a\\x06.\\xd1\\x7f\\xe6\\xdb\\x8c\\x96\\xfc\\xba\\x15c'\\x99u\\xe0\\xfb\\x18\\x83\\x02\\xda\\x02\\xeaz\\x83\\xbae\\xa3f\\xf6\\xc3~\\xa6,\\x11^w0\\x90\\x1f1\\x10\\xbf\\x9b\\xdc%\\x92\\x80\\x00\\xa8e\\xdd\\x8e<\\xb5\\xbe\\xe5\\xa5\\xcam\\xb6\\xbd\\x0e7\\xb5\\x99r\\x18\r"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010]\\xab\\x87\\xd1ji\\xf8\\x04\\xfcu\\xd5\\x91\\x02\\x8f1[\\xc6g~\\xcf\\xcc\\xfa\\xa3\\xbd*\\xc0*!zo\\xee\\xf4\\x91>\\x15x\\xd8:\r*\\xf5\\xc5\\x85\\xf8\\xbd\\x0e\\x9f\\x93\\x99j\\x84\\xaf\\xdff\\x8e\\xe0\\x8d\\xd4\\xc7\\x88 *f\\xd31\\x9b\\x9a<\\xb7\\xfbh\\x05\\x98\\x85\\xd6\\xfbd,\\x0b\\xc3\\xde\\xba\\x15\\x01\\xfb\\xbc\\xe1mu\\xbf\\x1c\\xf2\\x8b\\x14\\x9e\\xd6hts\\xcd\\xdap~\\x14\\xf3w\\x85\tdl\\x94\\xd7m\\xd8\\xad\\x95c\\xc5s\\xa4\\xed\\x0b\\x9d\\xce\\xf2j\\xa5+xrv7w&~\\xb8\\x00\\xf9:\\x8b\\xee\\x18\\x93\\x9f\\xa6\\xd8c\\x13\\x8f\\xc2\\xe8\\xed\\xb6l\\xd3xv\\x8b~\\x9fd\\xed\\x81 \\xc0z\\xc1\\xc3\\xbf_\\xa1\\xdb2\\xf3\\x9ft\\xc1\\xf3\\x15\\x83\\x131mov\\xfa\\x97\\xafs\\xa32\\x1a\\xab*\\x1a\\x02;!l&s2&\r\\xbd\\x10)\\xf5\\xe6\\xbf\\xab\\x91\\x8di\\xbcz\\xa6\\xd7\\xd9\"}\\xb9j*\\xfe\\x1f\\x8b-=pc\\x0b\\xce\\xc5\\xbb\\\\x8a?m\\xa5i\\x045\\xb2\\x85\\xd9\\xda\\xc66-\\xdd"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010k\\xde\\xb3if\\xd8\\x1cn\\xfc\\x800s\\xc4\\xber\\x04-\\xf0\\xb9jv\\x8b\\/iy\\xa7\\x14=\\xfb?k}*\\xe7\\xe3g\n\\xfc\\x99>j\\xab\\xcfp8\\xa9\\xf0v\\x88\\xea\\xa9\\x88\\xfefo\\x1a\\xd7y&\\xc1h\\xd5b\\x16\\x06\\xac\\xd5\\xd3\\x92}\np(\\xfcgg\\x7f\\x9a\\x1bw\\xc5\"\\x12i\\xd1?\\x85\\x84\\x1d\\xa8\\x1b8\\x87\\xcf/\\xdf_y\\xe9s\\xdeoz\\xa1\\xa2n|\\xa1y\\x9c\\x8a\\x91\\x90y\\x98a\\xdc\\xef\\xf7a\\xb5\\x9f\\xae\\xb9\\xcf\\x0bo\\x94\\x0c\t\\xa8w_8sm\\xe3\\x16\\xa7\\x1d\\x1a5n\\x8e'/\\xee\\x14\\xa7@e\\xb4\\xffe\\xf0s\\xdf\\xcc\\x00\\x1e\\xdcl\\x88\\xf1s\\xa2\tu\\x9f3\\xc1\\xc4\\xca^\\xd6\\xcab^\\xab5\\xf5%<6d\\xe3j\\xaa\\xeb\\xc0`\\xe8\\xac\\x86]dz\\x8e\\x81ao\\xf4.\\xa7\\xa1\\x97v\\x85|\\xa02\\xac\\x8bx\\x85\\xd8\\x8fl\\xc3\\xef\\xc9e\\x1e\\xc9\\xa2\\x98\\xb8\\xc7\\xf3\\x817\\xf2y\\xbc\\xd4g\\xb4\\xa7\\xf1\\x8f'\\x05\\xbe\\xc4i\\xf8u\\xee\\xa7\\xa8"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x18k\\xf4e$\\xbd\\x1c\\x86>\\x81\\xd6\\xf9\\x05\\x8f@\\x8d{\\x83\\x85\\xd0\\xe1\\xe0\\xccc\\xac3\\xfdp\\x1ap\\xeb\\xcf\\xb0\\x0e\\xca\\x14\\xa6\\x08\\x85\\x9b\\x84:b\\xe0\\x9at\\x14s\ny\\x89\\xe4e>u\\xc7\\xc9};\\x83wl\\x82.\\xb8-\\xc7?\\x13j\\x1a*%\\xef\\x037\\x1c\\xc9>rp\\xb3\\x19a\\xf8\\xb0r\\xba\\x06}\\xb1w\\x91\\xe5\\x15\\xc7\\x9c\\xf6k\\xf8\\x88\\xcbdc.\\x1clc\\xaae\\xa1j95\\xa5\\xde\\xafk\\x9a\\xef\\xe7~\\xae*'\\xa5r\\x88k?\\xa9\\xe7\\x12e'\\xe9\\xf2\\x1f'\\x16h\\xf7\\x13\\x93o\\xafa\\x1dx8\\xc4\\xd8\\xa1}q\\x0e\\xc0{\\xe0\\xd1(\\x88\\xb0\\xb13&\\xa0=+\\x01yyy:\\x179\\x8b\\xfb\\x9a\\xa5\\x16\\x914\\x1a\\x96hv(\\x82gy6\\xd2\\xce\\xc7\\xa1\\xf0\\xcb-\\x85n\\xdd\\xc2o\\xd4\\x96\\xcbo\\xd0\\x1fq*\r\\x07a\\x94\\xf3\\xea\\xc4\\xa8\\x1c\\x07\\x86\\xc1\\x81\\xcc;y\\x03\\x15\\xcb\\x90^nf\\xdb\\x0cd9\\xe8\\x1d\\xcc\\x04\\xee_\\x07%\\x87\\xbapw"
- }
- ]
- },
- {
- "Description": "File has been identified by 30 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "MicroWorld-eScan": "Exploit.RTF-ObfsStrm.Gen"
- },
- {
- "CAT-QuickHeal": "Exp.RTF.Obfus.Gen"
- },
- {
- "McAfee": "Exploit-CVE2017-11882.ah"
- },
- {
- "Symantec": "Exp.CVE-2017-11882"
- },
- {
- "ESET-NOD32": "probably a variant of Win32/Exploit.CVE-2017-11882.A"
- },
- {
- "GData": "Exploit.RTF-ObfsStrm.Gen"
- },
- {
- "Kaspersky": "HEUR:Exploit.MSOffice.Generic"
- },
- {
- "BitDefender": "Exploit.RTF-ObfsStrm.Gen"
- },
- {
- "Tencent": "Office.Exploit.Generic.Cqz"
- },
- {
- "Ad-Aware": "Exploit.RTF-ObfsStrm.Gen"
- },
- {
- "Sophos": "Exp/201711882-P"
- },
- {
- "Comodo": "Exploit.W97M.CVE2017-11882.AG@843jmy"
- },
- {
- "F-Secure": "Heuristic.HEUR/Rtf.Malformed"
- },
- {
- "DrWeb": "Exploit.Rtf.CVE2012-0158"
- },
- {
- "McAfee-GW-Edition": "Exploit-CVE2017-11882.ah"
- },
- {
- "FireEye": "Exploit.RTF-ObfsStrm.Gen"
- },
- {
- "Emsisoft": "Exploit.RTF-ObfsStrm.Gen (B)"
- },
- {
- "Cyren": "CVE-2017-11882!Camelot"
- },
- {
- "Avira": "HEUR/Rtf.Malformed"
- },
- {
- "MAX": "malware (ai score=100)"
- },
- {
- "Antiy-AVL": "Trojan[Exploit]/OLE.CVE-2017-11882"
- },
- {
- "Arcabit": "Exploit.RTF-ObfsStrm.Gen"
- },
- {
- "ZoneAlarm": "HEUR:Exploit.RTF.CVE-2017-11882.gen"
- },
- {
- "Microsoft": "Exploit:O97M/CVE-2017-11882.T"
- },
- {
- "AhnLab-V3": "RTF/Malform-C.Gen"
- },
- {
- "TACHYON": "Trojan-Exploit/RTF.CVE-2017-11882"
- },
- {
- "Zoner": "Probably RTFObfuscation"
- },
- {
- "Rising": "Exploit.CVE-2017-11882/SLT!1.AEE3 (CLASSIC)"
- },
- {
- "Ikarus": "Exploit.CVE-2017-11882"
- },
- {
- "Qihoo-360": "susp.rtf.objupdate.gen"
- }
- ]
- },
- {
- "Description": "Created network traffic indicative of malicious activity",
- "Details": [
- {
- "signature": "ET TROJAN Worm.VBS Dunihi/Houdini/H-Worm Checkin 1"
- },
- {
- "signature": "ET TROJAN WSHRAT CnC Checkin"
- },
- {
- "signature": "ET TROJAN WSHRAT Credential Dump Module Download Command Inbound"
- }
- ]
- }
- ]
- [*] Started Service: [
- "osppsvc"
- ]
- [*] Executed Commands: []
- [*] Mutexes: [
- "Local\\2BF388D5-6F8C-40A0-A7EE-996D005C4E14_Office15",
- "Global\\MTX_MSO_Formal1_S-1-5-21-0000000000-0000000000-0000000000-1000",
- "Global\\MTX_MSO_AdHoc1_S-1-5-21-0000000000-0000000000-0000000000-1000",
- "5CAC3FAB-87F0-4750-984D-D50144543427-VER15",
- "CicLoadWinStaWinSta0",
- "Local\\MSCTF.CtfMonitorInstMutexDefault1",
- "Global\\MsoShellExtRegAccess_S-1-5-21-0000000000-0000000000-0000000000-1000",
- "Global\\552FFA80-3393-423d-8671-7BA046BB5906"
- ]
- [*] Modified Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\Docs_0251b22f858fcc0ced62b34fdbda70c9.doc",
- "C:\\Users\\user\\AppData\\Local\\Temp\\~$cs_0251b22f858fcc0ced62b34fdbda70c9.doc",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRF{6803CE82-76EB-4C87-9FDF-69844F04E19D}.tmp",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS{75AF03CA-21B9-4BDA-889C-F6324DD5FD53}.tmp",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS{04F12CB0-6C70-47A1-852F-DDEF75179D8F}.tmp",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\15.0\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=10",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab1A1B.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar1A1C.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab5040.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab5041.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab5294.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab5796.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab57B6.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab57CA.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab5943.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab57C8.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab57CB.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab57B7.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab57C9.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab5B3A.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab5954.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab5B4B.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab59F1.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab5D01.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab5D02.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab5D13.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab60CD.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab61A9.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab66DA.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab7225.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab766D.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab771A.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab7236.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab795E.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab795D.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab7E60.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab8130.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab821B.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab821C.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab821D.tmp"
- ]
- [*] Deleted Files: [
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Schemas\\MS Word_restart.xml",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab1A1B.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar1A1C.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\"
- ]
- [*] Modified Registry Keys: [
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\kqf",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2E\\52C64B7E\\LanguageList",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\RemoteClearDate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\Last",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\FilePath",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\StartDate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\EndDate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\Properties",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\Url",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\LastClean",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Security\\Trusted Documents\\LastPurgeTime",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle\\ReviewToken",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\14452A9",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\14452A9\\14452A9",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\OUTLOOKFiles",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Common\\Cloud Storage",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ForceCacheRefresh",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OnceSucceeded",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\DefaultFolderRelativePath",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\HideIfEmpty",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\RegularExpression",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\RegularExpression",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingConfigurableSettings",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastSyncTime",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastWriteTime",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\General\\LastAutoSavePurgeTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\ProductFiles",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03090434",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457503",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033917",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457510",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001105",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033919",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457464",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457475",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033925",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033927",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457485",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033937",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001106",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033921",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457444",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03090430",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457515",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457496",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033929",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457491",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001103",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001104",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328935",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328972",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328990",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328951",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328986",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328975",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328998",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328983",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328932",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328908",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328884",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328940",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328925",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328919",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328916",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM02835233",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM01840907",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851221",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851217",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851224",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851223",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851226",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851225",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851227",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851220",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851219",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851216",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851222",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851218",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM03998159",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM03998158",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328905",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328893"
- ]
- [*] Deleted Registry Keys: [
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\kqf",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\87d",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate"
- ]
- [*] DNS Communications: [
- {
- "type": "A",
- "request": "paroquiadamarinhagrande.pt",
- "answers": [
- {
- "data": "188.93.230.15",
- "type": "A"
- }
- ]
- },
- {
- "type": "A",
- "request": "ipapi.co",
- "answers": [
- {
- "data": "104.25.210.99",
- "type": "A"
- },
- {
- "data": "104.25.209.99",
- "type": "A"
- }
- ]
- },
- {
- "type": "A",
- "request": "unknownsoft.duckdns.org",
- "answers": [
- {
- "data": "185.247.228.14",
- "type": "A"
- }
- ]
- },
- {
- "type": "A",
- "request": "vemvemserver.duckdns.org",
- "answers": [
- {
- "data": "103.136.43.131",
- "type": "A"
- }
- ]
- },
- {
- "type": "A",
- "request": "ocsp.comodoca4.com",
- "answers": [
- {
- "data": "t3j2g9x7.stackpathcdn.com",
- "type": "CNAME"
- },
- {
- "data": "151.139.128.14",
- "type": "A"
- }
- ]
- },
- {
- "type": "A",
- "request": "doughnut-snack.live",
- "answers": [
- {
- "data": "172.245.14.10",
- "type": "A"
- }
- ]
- }
- ]
- [*] Domains: [
- {
- "ip": "188.93.230.15",
- "domain": "paroquiadamarinhagrande.pt"
- },
- {
- "ip": "172.245.14.10",
- "domain": "doughnut-snack.live"
- },
- {
- "ip": "151.139.128.14",
- "domain": "ocsp.comodoca4.com"
- },
- {
- "ip": "103.136.43.131",
- "domain": "vemvemserver.duckdns.org"
- },
- {
- "ip": "185.247.228.14",
- "domain": "unknownsoft.duckdns.org"
- },
- {
- "ip": "104.25.210.99",
- "domain": "ipapi.co"
- }
- ]
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://paroquiadamarinhagrande.pt/app/hmvrch.msi",
- "user-agent": "Windows Installer",
- "method": "GET",
- "host": "paroquiadamarinhagrande.pt",
- "version": "1.1",
- "path": "/app/hmvrch.msi",
- "data": "GET /app/hmvrch.msi HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Windows Installer\r\nHost: paroquiadamarinhagrande.pt\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.msocsp.com",
- "version": "1.1",
- "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 43,
- "body": "",
- "uri": "http://vemvemserver.duckdns.org:1425/is-ready",
- "user-agent": "WSHRAT|C1C5B64F|Host|user|Microsoft Windows 7 Enterprise N |plus|nan-av|false - 18/6/2019|JavaScript-v1.3",
- "method": "POST",
- "host": "vemvemserver.duckdns.org:1425",
- "version": "1.1",
- "path": "/is-ready",
- "data": "POST /is-ready HTTP/1.1\r\nAccept: */*\r\nAccept-Language: en-us\r\nUser-Agent: WSHRAT|C1C5B64F|Host|user|Microsoft Windows 7 Enterprise N |plus|nan-av|false - 18/6/2019|JavaScript-v1.3\r\nAccept-Encoding: gzip, deflate\r\nHost: vemvemserver.duckdns.org:1425\r\nContent-Length: 0\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n",
- "port": 1425
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.usertrust.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.comodoca4.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca4.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://doughnut-snack.live/bpvpl.tar.gz",
- "user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)",
- "method": "GET",
- "host": "doughnut-snack.live",
- "version": "1.1",
- "path": "/bpvpl.tar.gz",
- "data": "GET /bpvpl.tar.gz HTTP/1.1\r\nAccept: */*\r\nAccept-Language: en-us\r\nCache-Control: max-age=0\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)\r\nHost: doughnut-snack.live\r\nConnection: Keep-Alive\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://doughnut-snack.live/mapv.tar.gz",
- "user-agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)",
- "method": "GET",
- "host": "doughnut-snack.live",
- "version": "1.1",
- "path": "/mapv.tar.gz",
- "data": "GET /mapv.tar.gz HTTP/1.1\r\nAccept: */*\r\nAccept-Language: en-us\r\nCache-Control: max-age=0\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)\r\nHost: doughnut-snack.live\r\nConnection: Keep-Alive\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.comodoca.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "www.download.windowsupdate.com",
- "version": "1.1",
- "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.thawte.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "th.symcd.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/microsoftrootcert.crl",
- "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "redirector.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
- "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-7097\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7098-17270\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=17271-26918\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=26919-43880\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=43881-57938\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=57939-87778\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=87779-155901\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=155902-236946\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=236947-347303\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=347304-526212\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=526213-762053\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=762054-1084391\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1084392-1524416\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1524417-2111791\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2111792-3029084\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=3029085-3906922\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=3906923-4919295\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=4919296-6073348\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=6073349-7950523\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7950524-9798267\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=9798268-11074633\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560902783&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=11074634-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {}
- [*] Resolved APIs: [
- "mso.dll.#1443",
- "mso.dll.#9214",
- "mso.dll.#199",
- "mso.dll.#1073",
- "mso.dll.#4255",
- "mso.dll.#3459",
- "mso.dll.#1262",
- "mso.dll.#5709",
- "mso.dll.#7353",
- "mso.dll.#5228",
- "mso.dll.#2155",
- "mso.dll.#1283",
- "mso.dll.#2024",
- "mso.dll.#5274",
- "mso.dll.#3195",
- "mso.dll.#6221",
- "mso.dll.#2314",
- "mso.dll.#408",
- "mso.dll.#2714",
- "mso.dll.#8622",
- "mso.dll.#3380",
- "mso.dll.#2052",
- "mso.dll.#677",
- "mso.dll.#469",
- "mso.dll.#7974",
- "mso.dll.#2609",
- "mso.dll.#8499",
- "oleaut32.dll.#7",
- "mso.dll.#1725",
- "user32.dll.RegisterWindowMessageW",
- "secur32.dll.FreeContextBuffer",
- "ncrypt.dll.SslOpenProvider",
- "ncrypt.dll.GetSChannelInterface",
- "bcryptprimitives.dll.GetHashInterface",
- "ncrypt.dll.SslIncrementProviderReferenceCount",
- "ncrypt.dll.SslImportKey",
- "bcryptprimitives.dll.GetCipherInterface",
- "ncrypt.dll.SslLookupCipherSuiteInfo",
- "user32.dll.LoadStringW",
- "ncrypt.dll.BCryptOpenAlgorithmProvider",
- "ncrypt.dll.BCryptGetProperty",
- "ncrypt.dll.BCryptCreateHash",
- "ncrypt.dll.BCryptHashData",
- "ncrypt.dll.BCryptFinishHash",
- "ncrypt.dll.BCryptDestroyHash",
- "crypt32.dll.CertGetCertificateChain",
- "userenv.dll.GetUserProfileDirectoryW",
- "sechost.dll.ConvertSidToStringSidW",
- "sechost.dll.ConvertStringSidToSidW",
- "userenv.dll.RegisterGPNotification",
- "gpapi.dll.RegisterGPNotificationInternal",
- "sechost.dll.OpenSCManagerW",
- "sechost.dll.OpenServiceW",
- "sechost.dll.CloseServiceHandle",
- "sechost.dll.QueryServiceConfigW",
- "cryptsp.dll.CryptAcquireContextA",
- "cryptsp.dll.CryptCreateHash",
- "cryptsp.dll.CryptHashData",
- "cryptsp.dll.CryptVerifySignatureA",
- "cryptsp.dll.CryptDestroyKey",
- "cryptsp.dll.CryptDestroyHash",
- "bcryptprimitives.dll.GetAsymmetricEncryptionInterface",
- "ncrypt.dll.BCryptImportKeyPair",
- "ncrypt.dll.BCryptVerifySignature",
- "ncrypt.dll.BCryptDestroyKey",
- "crypt32.dll.CertVerifyCertificateChainPolicy",
- "crypt32.dll.CertFreeCertificateChain",
- "crypt32.dll.CertDuplicateCertificateContext",
- "ncrypt.dll.SslEncryptPacket",
- "mso.dll.#4314",
- "sxs.dll.SxsOleAut32MapReferenceClsidToConfiguredClsid",
- "mso.dll.#6484",
- "mso.dll.#9871",
- "mso.dll.#4743",
- "mso.dll.#5452",
- "mso.dll.#2088",
- "mso.dll.#5315",
- "mso.dll.#8140",
- "user32.dll.IsWindowEnabled",
- "ole32.dll.CoGetCallState",
- "ole32.dll.CoGetActivationState",
- "advapi32.dll.RegisterWaitChainCOMCallback",
- "ncrypt.dll.SslDecryptPacket",
- "winhttp.dll.WinHttpReceiveResponse",
- "winhttp.dll.WinHttpQueryHeaders",
- "winhttp.dll.WinHttpQueryDataAvailable",
- "winhttp.dll.WinHttpReadData",
- "webservices.dll.WsCreateError",
- "ntdll.dll.EtwEventWrite",
- "ntdll.dll.EtwEventRegister",
- "ntdll.dll.EtwEventUnregister",
- "webservices.dll.WsCreateHeap",
- "webservices.dll.WsCreateReader",
- "webservices.dll.WsSetInput",
- "webservices.dll.WsFillReader",
- "webservices.dll.WsReadToStartElement",
- "webservices.dll.WsReadStartElement",
- "webservices.dll.WsReadType",
- "winhttp.dll.WinHttpCloseHandle",
- "crypt32.dll.CertFreeCertificateContext",
- "rpcrt4.dll.RpcBindingFree",
- "webservices.dll.WsFreeReader",
- "webservices.dll.WsFreeError",
- "webservices.dll.WsFreeHeap",
- "webservices.dll.WsCreateServiceProxyFromTemplate",
- "winhttp.dll.WinHttpOpenRequest",
- "winhttp.dll.WinHttpAddRequestHeaders",
- "winhttp.dll.WinHttpSendRequest",
- "winhttp.dll.WinHttpConnect",
- "winhttp.dll.WinHttpCrackUrl",
- "winhttp.dll.WinHttpSetStatusCallback",
- "winhttp.dll.WinHttpOpen",
- "winhttp.dll.WinHttpSetOption",
- "winhttp.dll.WinHttpWriteData",
- "winhttp.dll.WinHttpSetCredentials",
- "winhttp.dll.WinHttpQueryAuthSchemes",
- "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
- "winhttp.dll.WinHttpGetProxyForUrl",
- "winhttp.dll.WinHttpQueryOption",
- "webservices.dll.WsOpenServiceProxy",
- "webservices.dll.WsCall",
- "webservices.dll.WsAddCustomHeader",
- "shlwapi.dll.StrStrA",
- "shlwapi.dll.UrlUnescapeA",
- "user32.dll.IsHungAppWindow",
- "cryptnet.dll.CertDllVerifyRevocation",
- "profapi.dll.#104",
- "sensapi.dll.IsNetworkAlive",
- "rpcrt4.dll.RpcBindingFromStringBindingW",
- "rpcrt4.dll.RpcBindingSetAuthInfoExW",
- "rpcrt4.dll.NdrClientCall2",
- "winhttp.dll.WinHttpSetTimeouts",
- "winhttp.dll.WinHttpGetDefaultProxyConfiguration",
- "winhttp.dll.WinHttpTimeFromSystemTime",
- "shlwapi.dll.StrStrIW",
- "mso.dll.#9175",
- "user32.dll.SetRect",
- "mso.dll.#25",
- "mso.dll.#1056",
- "mso.dll.#8136",
- "mso.dll.#8931",
- "shell32.dll.SHGetFileInfoW",
- "mso.dll.#5362",
- "mso.dll.#6044",
- "mso.dll.#6516",
- "mso.dll.#5780",
- "mso.dll.#4870",
- "mso.dll.#6046",
- "mso.dll.#1241",
- "mso.dll.#2821",
- "mso.dll.#2340",
- "mso.dll.#7287",
- "mso.dll.#5290",
- "mso.dll.#1508",
- "user32.dll.IsZoomed",
- "user32.dll.GetWindowPlacement",
- "user32.dll.GetWindowRect",
- "mso.dll.#821",
- "user32.dll.GetSystemMetrics",
- "user32.dll.MonitorFromWindow",
- "user32.dll.MonitorFromRect",
- "user32.dll.MonitorFromPoint",
- "user32.dll.EnumDisplayMonitors",
- "user32.dll.GetMonitorInfoA",
- "user32.dll.EnumDisplayDevicesA",
- "mso.dll.#2378",
- "user32.dll.SetWindowPos",
- "user32.dll.AdjustWindowRect",
- "mso.dll.#5912",
- "mso.dll.#9719",
- "mso.dll.#8824",
- "mso.dll.#6117",
- "mso.dll.#3307",
- "user32.dll.SendMessageW",
- "user32.dll.DestroyIcon",
- "mso.dll.#3813",
- "mso.dll.#1815",
- "user32.dll.PtInRect",
- "mso.dll.#1613",
- "user32.dll.SetWindowTextW",
- "user32.dll.GetClassLongW",
- "mso.dll.#8572",
- "gdi32.dll.CreateDIBSection",
- "gdi32.dll.CreateCompatibleDC",
- "gdi32.dll.GetViewportOrgEx",
- "gdi32.dll.SetViewportOrgEx",
- "gdi32.dll.SetBkColor",
- "gdi32.dll.ExtTextOutA",
- "mso.dll.#1573",
- "mso.dll.#8612",
- "user32.dll.SetScrollRange",
- "mso.dll.#2509",
- "user32.dll.BeginDeferWindowPos",
- "user32.dll.DeferWindowPos",
- "user32.dll.EndDeferWindowPos",
- "user32.dll.OffsetRect",
- "user32.dll.EnumChildWindows",
- "user32.dll.GetScrollInfo",
- "gdi32.dll.DeleteDC",
- "user32.dll.MapWindowPoints",
- "msptls.dll.?FsCreatePageFinite@Ptls6@@YGJPAUfscontext@1@PBUfsbreakrecpage@1@PAUfsnameclient@1@PAU_fsfmtr@1@PAPAUfspage@1@PAPAU31@@Z",
- "msptls.dll.?FsTransformRectangle@Ptls6@@YGJKPBUtagFSRECT@1@0KPAU21@@Z",
- "mso.dll.#6126",
- "msptls.dll.?LsCreateLine@Ptls6@@YGJPAUlscontext@1@PAUlsparaclient@1@PBUlspap@1@JPBUlslinerestr@1@PBUlsbreakrecline@1@PAPAU61@PAUlslinfo@1@PAPAVCLsLine@1@@Z",
- "gdi32.dll.GetFontRealizationInfo",
- "gdi32.dll.GetFontFileInfo",
- "gdi32.dll.GetFontFileData",
- "mso.dll.#7261",
- "mso.dll.#9540",
- "usp10.dll.ScriptGetFontScriptTags",
- "usp10.dll.ScriptGetFontLanguageTags",
- "usp10.dll.ScriptGetFontFeatureTags",
- "msptls.dll.?LsQueryLineVisibilityWord@Ptls6@@YGJPAVCLsLine@1@PAJPAH@Z",
- "msptls.dll.?LsQueryLineMaxDepth@Ptls6@@YGJPAVCLsLine@1@PAJ@Z",
- "msptls.dll.?LsModifyLineHeight@Ptls6@@YGJPAUlscontext@1@PAVCLsLine@1@JJJJ@Z",
- "gdiplus.dll.GdipCreatePath",
- "gdiplus.dll.GdipStartPathFigure",
- "gdiplus.dll.GdipAddPathLine2",
- "gdiplus.dll.GdipClosePathFigure",
- "gdiplus.dll.GdipCreateMatrix2",
- "gdiplus.dll.GdipTransformPath",
- "gdiplus.dll.GdipDeleteMatrix",
- "gdiplus.dll.GdipGetPathWorldBounds",
- "gdiplus.dll.GdipCreatePathIter",
- "gdiplus.dll.GdipPathIterRewind",
- "gdiplus.dll.GdipPathIterNextSubpath",
- "gdiplus.dll.GdipPathIterCopyData",
- "gdiplus.dll.GdipDeletePathIter",
- "gdiplus.dll.GdipAddPathLine",
- "gdiplus.dll.GdipDeletePath",
- "gdiplus.dll.GdipClonePath",
- "msptls.dll.?FsTransformPoint@Ptls6@@YGJKPBUtagFSRECT@1@PBUtagFSPOINT@1@KPAU31@@Z",
- "msptls.dll.?FsTransformVector@Ptls6@@YGJKPBUtagFSVECTOR@1@KPAU21@@Z",
- "msptls.dll.?LsDestroyLine@Ptls6@@YGJPAUlscontext@1@PAVCLsLine@1@@Z",
- "msptls.dll.?LsGetObjectName@Ptls6@@YG?AVLSNAMEEXP@1@PBVCLsDnode@1@@Z",
- "msptls.dll.?LsdnFinishWordRegular@Ptls6@@YGJPAVCLsDnode@1@JPAUlsrun@1@PBUlschp@1@PAVCLsObject@1@PBUOBJDIM@1@HHH@Z",
- "msptls.dll.?LsdnSetRigidDup@Ptls6@@YGJPAVCLsDnode@1@J@Z",
- "msptls.dll.?LsEnumLine@Ptls6@@YGJPAVCLsLine@1@HHPBUtagLSPOINT@1@@Z",
- "msptls.dll.?FsQueryPageDetails@Ptls6@@YGJPAUfscontext@1@PBUfspage@1@PAUfspagedetails@1@@Z",
- "msptls.dll.?FsQueryPageSectionList@Ptls6@@YGJPAUfscontext@1@PBUfspage@1@JPAUfssectiondescription@1@PAJ@Z",
- "msptls.dll.?FsQuerySectionDetails@Ptls6@@YGJPAUfscontext@1@PBUfssection@1@PAUfssectiondetails@1@@Z",
- "msptls.dll.?FsQuerySectionCompositeColumnList@Ptls6@@YGJPAUfscontext@1@PBUfssection@1@JPAUfscompositecolumndescription@1@PAJ@Z",
- "msptls.dll.?FsQueryCompositeColumnDetails@Ptls6@@YGJPAUfscontext@1@PBUfscompositecolumn@1@PAUfscompositecolumndetails@1@@Z",
- "msptls.dll.?FsQueryTrackDetails@Ptls6@@YGJPAUfscontext@1@PBUfstrack@1@PAUfstrackdetails@1@@Z",
- "msptls.dll.?FsQueryTrackParaList@Ptls6@@YGJPAUfscontext@1@PBUfstrack@1@JPAUfsparadescription@1@PAJ@Z",
- "msptls.dll.?FsQueryTextDetails@Ptls6@@YGJPAUfscontext@1@PBUfspara@1@PAUfstextdetails@1@@Z",
- "msptls.dll.?FsQueryLineListComposite@Ptls6@@YGJPAUfscontext@1@PBUfspara@1@JPAUfslinedescriptioncomposite@1@PAJ@Z",
- "msptls.dll.?FsQueryLineCompositeElementList@Ptls6@@YGJPAUfscontext@1@PBUfsline@1@JPAUfslineelement@1@PAJ@Z",
- "msptls.dll.?FsQueryAttachedObjectList@Ptls6@@YGJPAUfscontext@1@PBUfspara@1@JPAUfsattachedobjectdescription@1@PAJ@Z",
- "msptls.dll.?FsQueryFigureObjectDetails@Ptls6@@YGJPAUfscontext@1@PBUfspara@1@PAUfsfiguredetails@1@@Z",
- "mso.dll.#2566",
- "mso.dll.#1429",
- "mso.dll.#6502",
- "uiautomationcore.dll.UiaClientsAreListening",
- "msptls.dll.?FsDestroyPage@Ptls6@@YGJPAUfscontext@1@PAUfspage@1@@Z",
- "msptls.dll.?FsDestroyContext@Ptls6@@YGJPAUfscontext@1@@Z",
- "user32.dll.SetRectEmpty",
- "user32.dll.IntersectRect",
- "user32.dll.InflateRect",
- "mso.dll.#1100",
- "mso.dll.#7047",
- "msptls.dll.?LsQueryLineDup@Ptls6@@YGJPAVCLsLine@1@PAUlslinearea@1@@Z",
- "user32.dll.GetCursor",
- "user32.dll.GetClientRect",
- "user32.dll.SetScrollInfo",
- "user32.dll.SetScrollPos",
- "mso.dll.#3747",
- "mso.dll.#8218",
- "mso.dll.#5394",
- "mso.dll.#331",
- "mso.dll.#6829",
- "mso.dll.#539",
- "mso.dll.#4959",
- "mso.dll.#6463",
- "mso.dll.#4987",
- "user32.dll.GetWindow",
- "mso.dll.#7195",
- "mso.dll.#7573",
- "mso.dll.#445",
- "user32.dll.GetCaretBlinkTime",
- "user32.dll.CreateCaret",
- "msptls.dll.?LsQueryLineCpPpoint@Ptls6@@YGJPAVCLsLine@1@JJPAUlsqsubinfo@1@PAJPAUlstextcell@1@@Z",
- "user32.dll.DestroyCaret",
- "user32.dll.GetCaretPos",
- "user32.dll.SetCaretPos",
- "mso.dll.#5932",
- "mso.dll.#2071",
- "mso.dll.#1024",
- "mso.dll.#6245",
- "mso.dll.#9041",
- "mso.dll.#1767",
- "mso.dll.#9369",
- "mso.dll.#4617",
- "user32.dll.FillRect",
- "mso.dll.#343",
- "mso.dll.#9636",
- "mso.dll.#2022",
- "mso.dll.#4750",
- "mso.dll.#4577",
- "mso.dll.#850",
- "mso.dll.#1776",
- "mso.dll.#9026",
- "mso.dll.#4497",
- "mso.dll.#4647",
- "mso.dll.#8926",
- "mso.dll.#7212",
- "mso.dll.#5407",
- "shell32.dll.SHAddToRecentDocs",
- "mso.dll.#5152",
- "mso.dll.#3327",
- "mso.dll.#6333",
- "mso.dll.#420",
- "mso.dll.#1335",
- "mso.dll.#2041",
- "mso.dll.#7834",
- "mso.dll.#239",
- "mso.dll.#6357",
- "mso.dll.#7026",
- "mso.dll.#1671",
- "mso.dll.#8263",
- "mso.dll.#9307",
- "mso.dll.#1441",
- "mso.dll.#9223",
- "mso.dll.#6453",
- "mso.dll.#8044",
- "mso.dll.#3698",
- "mso.dll.#8565",
- "mso.dll.#8373",
- "mso.dll.#9741",
- "mso.dll.#478",
- "mso.dll.#479",
- "mso.dll.#340",
- "bcrypt.dll.BCryptOpenAlgorithmProvider",
- "bcrypt.dll.BCryptGetProperty",
- "bcrypt.dll.BCryptCreateHash",
- "bcrypt.dll.BCryptHashData",
- "bcrypt.dll.BCryptFinishHash",
- "bcrypt.dll.BCryptDestroyHash",
- "bcrypt.dll.BCryptCloseAlgorithmProvider",
- "mso.dll.#8633",
- "mso.dll.#5213",
- "mso.dll.#6163",
- "mso.dll.#552",
- "mso.dll.#5630",
- "mso.dll.#2513",
- "mso.dll.#1607",
- "mso.dll.#791",
- "mso.dll.#1848",
- "mso.dll.#8735",
- "mso.dll.#9374",
- "mso.dll.#5286",
- "mso.dll.#6368",
- "mso.dll.#4262",
- "mso.dll.#1010",
- "mso.dll.#7979",
- "mso.dll.#8549",
- "mso.dll.#8970",
- "mso.dll.#9198",
- "mso.dll.#4795",
- "ole32.dll.PropVariantClear",
- "oleaut32.dll.#9",
- "mso.dll.#1865",
- "mso.dll.#9688",
- "mso.dll.#320",
- "advapi32.dll.RegDeleteKeyA",
- "user32.dll.DestroyCursor",
- "mso.dll.#7173",
- "mso.dll.#8511",
- "mso.dll.#3299",
- "mso.dll.#7001",
- "mso.dll.#3913",
- "user32.dll.PeekMessageA",
- "mso.dll.#1380",
- "mso.dll.#9500",
- "user32.dll.TranslateMessage",
- "user32.dll.IsWindowUnicode",
- "user32.dll.DispatchMessageA",
- "user32.dll.DispatchMessageW",
- "user32.dll.UpdateWindow",
- "mso.dll.#999",
- "mso.dll.#287",
- "dwmapi.dll.DwmIsCompositionEnabled",
- "mso.dll.#1575",
- "mso.dll.#5034",
- "mso.dll.#1517",
- "mso.dll.#718",
- "mso.dll.#4708",
- "mso.dll.#8046",
- "mso.dll.#4175",
- "mso.dll.#8672",
- "mso.dll.#1990",
- "mso.dll.#3051",
- "mso.dll.#1819",
- "mso.dll.#1419",
- "oleaut32.dll.#147",
- "kernel32.dll.WerRegisterMemoryBlock",
- "dwrite.dll.DWriteCreateFactory",
- "cryptnet.dll.I_CryptNetGetConnectivity",
- "cryptnet.dll.CryptRetrieveObjectByUrlW",
- "setupapi.dll.SetupIterateCabinetW",
- "kernel32.dll.RegOpenKeyExW",
- "kernel32.dll.RegCloseKey",
- "cabinet.dll.#20",
- "cabinet.dll.#22",
- "devrtl.dll.DevRtlGetThreadLogToken",
- "cryptsp.dll.CryptSetHashParam",
- "gdi32.dll.GetCurrentObject",
- "gdi32.dll.BitBlt",
- "gdi32.dll.GetClipBox",
- "gdi32.dll.StretchDIBits",
- "user32.dll.RegisterPowerSettingNotification",
- "powrprof.dll.PowerSettingRegisterNotification",
- "user32.dll.GetWindowThreadProcessId",
- "user32.dll.GetWindowTextW",
- "advapi32.dll.RegQueryValueW",
- "apphelp.dll.ApphelpCheckShellObject",
- "advapi32.dll.RegDeleteTreeW",
- "sechost.dll.QueryServiceConfigA",
- "sechost.dll.QueryServiceStatus",
- "rpcrt4.dll.RpcStringBindingComposeA",
- "rpcrt4.dll.RpcBindingFromStringBindingA",
- "rpcrt4.dll.RpcEpResolveBinding",
- "sechost.dll.LookupAccountSidLocalW",
- "rpcrt4.dll.RpcStringFreeA",
- "xmllite.dll.CreateXmlReader",
- "riched20.dll.REExtendedRegisterClass",
- "user32.dll.GetWindowLongW",
- "user32.dll.GetSysColor",
- "user32.dll.SetWindowLongW",
- "user32.dll.RegisterWindowMessageA",
- "user32.dll.RegisterClipboardFormatW",
- "user32.dll.GetDoubleClickTime",
- "user32.dll.SetCaretBlinkTime",
- "user32.dll.SystemParametersInfoW",
- "user32.dll.GetKeyboardLayoutList",
- "mso.dll._MsoGetFidUspDll@0",
- "mso.dll._MsoLoadLocalizedLibraryEx@12",
- "usp10.dll.ScriptGetProperties",
- "usp10.dll.ScriptItemize",
- "ole32.dll.CoRevokeInitializeSpy",
- "comctl32.dll.#388",
- "user32.dll.LoadCursorW",
- "user32.dll.IsWindowVisible",
- "user32.dll.GetKeyboardLayout",
- "user32.dll.PostMessageW",
- "user32.dll.DefWindowProcW",
- "uxtheme.dll.IsThemeActive",
- "uxtheme.dll.IsAppThemed",
- "uxtheme.dll.OpenThemeData",
- "user32.dll.GetDC",
- "user32.dll.ReleaseDC",
- "user32.dll.IsIconic",
- "user32.dll.GetParent",
- "usp10.dll.ScriptGetCMap",
- "user32.dll.InvalidateRect",
- "user32.dll.HideCaret",
- "user32.dll.ShowCaret",
- "user32.dll.NotifyWinEvent",
- "user32.dll.GetWindowTextLengthW",
- "user32.dll.EnableWindow",
- "msctf.dll.SetInputScope",
- "user32.dll.GetWindowRgn",
- "gdi32.dll.CreateCompatibleBitmap",
- "gdi32.dll.SaveDC",
- "gdi32.dll.SetPixel",
- "gdi32.dll.GetPixel",
- "gdi32.dll.RestoreDC",
- "imm32.dll.ImmAssociateContext",
- "mso.dll.#806",
- "mso.dll.#4908",
- "mso.dll.#8439",
- "mso.dll.#2736",
- "gdi32.dll.GetTextAlign",
- "gdi32.dll.ExtTextOutW",
- "mso.dll.#8122",
- "mso.dll.#2114",
- "mso.dll.#6558",
- "gdi32.dll.GetFontData",
- "usp10.dll.ScriptItemizeOpenType",
- "usp10.dll.ScriptLayout",
- "usp10.dll.ScriptShapeOpenType",
- "usp10.dll.ScriptPlaceOpenType",
- "mso.dll.#1318",
- "gdi32.dll.GetTextExtentExPointWPri",
- "webservices.dll.WsResetHeap",
- "webservices.dll.WsCloseServiceProxy",
- "ws2_32.dll.#3",
- "webservices.dll.WsFreeServiceProxy",
- "ncrypt.dll.SslDecrementProviderReferenceCount",
- "ncrypt.dll.SslFreeObject",
- "mso.dll.#8395",
- "mso.dll.#379",
- "mso.dll.#6338",
- "mso.dll.#7964",
- "mso.dll.#1437",
- "mso.dll.#1427",
- "mso.dll.#6137",
- "winmm.dll.timeGetTime",
- "mso.dll.#7578",
- "mso.dll.#8483",
- "mso.dll.#3055",
- "user32.dll.GetForegroundWindow",
- "user32.dll.GetFocus",
- "user32.dll.GetClassNameA",
- "user32.dll.IsWindowRedirectedForPrint",
- "gdi32.dll.CreateRectRgnIndirect",
- "user32.dll.GetUpdateRgn",
- "gdi32.dll.GetRgnBox",
- "user32.dll.ValidateRect",
- "user32.dll.GetUpdateRect",
- "user32.dll.BeginPaint",
- "user32.dll.EndPaint",
- "mso.dll.#3624",
- "msptls.dll.?LsPointXYFromPointUV@Ptls6@@YGJPBUtagLSPOINT@1@KPBUtagLSPOINTUV@1@PAU21@@Z",
- "msptls.dll.?LsDisplayLine@Ptls6@@YGJPAVCLsLine@1@PBUtagLSPOINT@1@IPBUtagLSRECT@1@@Z",
- "gdi32.dll.TranslateCharsetInfo",
- "mso.dll.#3300",
- "mso.dll.#7465",
- "mso.dll.#6247",
- "mso.dll.#5070",
- "gdiplus.dll.GdipCreateSolidFill",
- "gdiplus.dll.GdipCreatePen1",
- "gdiplus.dll.GdipSetPenLineCap197819",
- "gdiplus.dll.GdipSetPenLineJoin",
- "gdiplus.dll.GdipSetPenMiterLimit",
- "gdiplus.dll.GdipCreateFromHDC",
- "gdiplus.dll.GdipSetPixelOffsetMode",
- "gdiplus.dll.GdipSetSmoothingMode",
- "gdiplus.dll.GdipSetCompositingQuality",
- "gdiplus.dll.GdipSetPageUnit",
- "gdiplus.dll.GdipSetInterpolationMode",
- "gdiplus.dll.GdipGetSmoothingMode",
- "gdiplus.dll.GdipFillPath",
- "gdiplus.dll.GdipDeleteGraphics",
- "gdiplus.dll.GdipDrawPath",
- "mso.dll.#6899",
- "gdi32.dll.GetClipRgn",
- "gdi32.dll.SelectClipRgn",
- "gdi32.dll.SetWindowOrgEx",
- "mso.dll.#732",
- "mso.dll.#5804",
- "mso.dll.#9465",
- "ole32.dll.CoCreateInstance",
- "user32.dll.ScreenToClient",
- "mso.dll.#434",
- "user32.dll.GetMessageExtraInfo",
- "user32.dll.GetCursorInfo",
- "user32.dll.GetCapture",
- "user32.dll.TrackMouseEvent",
- "user32.dll.GetInputState",
- "mso.dll.#8461",
- "user32.dll.GetClipboardOwner",
- "mso.dll.#1422",
- "user32.dll.MsgWaitForMultipleObjectsEx",
- "advapi32.dll.NotifyServiceStatusChangeW",
- "user32.dll.GetWindowDC",
- "gdi32.dll.SetLayout",
- "gdi32.dll.RectVisible",
- "gdi32.dll.ExcludeClipRect",
- "user32.dll.GetDesktopWindow",
- "user32.dll.WindowFromPoint",
- "user32.dll.FindWindowExW",
- "user32.dll.IsClipboardFormatAvailable",
- "user32.dll.GetMessagePos",
- "user32.dll.SetFocus",
- "mso.dll.#4746",
- "mso.dll.#424",
- "msptls.dll.?LsPointUV2FromPointUV1@Ptls6@@YGJKPBUtagLSPOINTUV@1@0KPAU21@@Z",
- "msptls.dll.?LsQueryLinePointPcp@Ptls6@@YGJPAVCLsLine@1@PBUtagLSPOINTUV@1@JPAUlsqsubinfo@1@PAJPAUlstextcell@1@@Z",
- "user32.dll.IsWindow",
- "user32.dll.GetActiveWindow",
- "user32.dll.GetAncestor",
- "mso.dll.#3544",
- "mso.dll.#900",
- "advapi32.dll.ConvertSidToStringSidW",
- "msi.dll.DllGetVersion",
- "msi.dll.#111",
- "user32.dll.GetScrollPos",
- "mso.dll.#629",
- "advapi32.dll.CryptAcquireContextA",
- "advapi32.dll.CryptGenKey",
- "cryptsp.dll.CryptGenKey",
- "advapi32.dll.CryptImportKey",
- "cryptsp.dll.CryptImportKey",
- "advapi32.dll.CryptExportKey",
- "cryptsp.dll.CryptExportKey",
- "advapi32.dll.CryptDestroyKey",
- "advapi32.dll.CryptCreateHash",
- "advapi32.dll.CryptSetHashParam",
- "advapi32.dll.CryptHashData",
- "advapi32.dll.CryptGetHashParam",
- "cryptsp.dll.CryptGetHashParam",
- "advapi32.dll.CryptDestroyHash",
- "kernel32.dll.FlsAlloc",
- "kernel32.dll.FlsGetValue",
- "kernel32.dll.FlsSetValue",
- "kernel32.dll.FlsFree",
- "ieawsdc.dll.HrExtractTemplateToPath",
- "msi.dll.#90",
- "crypt32.dll.CryptQueryObject",
- "wintrust.dll.CryptSIPPutSignedDataMsg",
- "wintrust.dll.CryptSIPGetSignedDataMsg",
- "cryptsp.dll.CryptGetDefaultProviderW",
- "cryptsp.dll.CryptAcquireContextW",
- "crypt32.dll.CertEnumCertificatesInStore",
- "crypt32.dll.CryptVerifyCertificateSignatureEx",
- "cryptsp.dll.CryptReleaseContext",
- "wintrust.dll.WinVerifyTrust",
- "wintrust.dll.WintrustCertificateTrust",
- "wintrust.dll.SoftpubAuthenticode",
- "wintrust.dll.SoftpubInitialize",
- "wintrust.dll.SoftpubLoadMessage",
- "wintrust.dll.SoftpubLoadSignature",
- "wintrust.dll.SoftpubCheckCert",
- "wintrust.dll.SoftpubCleanup",
- "wintrust.dll.CryptSIPVerifyIndirectData"
- ]
- [*] Static Analysis: {}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement