API tools faq
paste
Advertisement
paladin316

Docs_e5eedd3ea0def63d52e914333dca815e_doc.json

paladin316
Jun 19th, 2019
1,516
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 317.38 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: ""
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Docs_e5eedd3ea0def63d52e914333dca815e.doc"
  7. [*] File Size: 8415
  8. [*] File Type: "Rich Text Format data, version 1, unknown character set"
  9. [*] SHA256: "8c07015c98ec99493424994b5cca09cde9d4d80a6c2f97f970ef3c17858b3e35"
  10. [*] MD5: "e5eedd3ea0def63d52e914333dca815e"
  11. [*] SHA1: "f09b5e1569b204eea1768e0ebabd693473fa129b"
  12. [*] SHA512: "1d708b39855aecfb9728acb5fefde8d34a0ac837ee2b41134bc965a1bccfa01e56ffffb936499128df7cb6c36c12867576c741b228817977a0ed46b060cf76e4"
  13. [*] CRC32: "602A1FFF"
  14. [*] SSDEEP: "96:TW5BRvxnylMGUCtwE6STfu0kpMj2yhtIAK8IxlyF:WJxnylMGUCiqMpMj2yhh+C"
  15.  
  16. [*] Process Execution: [
  17. "WINWORD.EXE"
  18. ]
  19.  
  20. [*] Signatures Detected: [
  21. {
  22. "Description": "A process attempted to delay the analysis task.",
  23. "Details": [
  24. {
  25. "Process": "WINWORD.EXE tried to sleep 306 seconds, actually delayed analysis time by 0 seconds"
  26. }
  27. ]
  28. },
  29. {
  30. "Description": "Attempts to connect to a dead IP:Port (8 unique times)",
  31. "Details": [
  32. {
  33. "IP": "52.109.6.40:443"
  34. },
  35. {
  36. "IP": "65.52.98.231:443"
  37. },
  38. {
  39. "IP": "104.93.33.19:443"
  40. },
  41. {
  42. "IP": "104.93.189.220:443"
  43. },
  44. {
  45. "IP": "52.109.92.24:443"
  46. },
  47. {
  48. "IP": "184.84.243.209:80"
  49. },
  50. {
  51. "IP": "72.21.91.29:80"
  52. },
  53. {
  54. "IP": "104.18.25.243:80"
  55. }
  56. ]
  57. },
  58. {
  59. "Description": "At least one IP Address, Domain, or File Name was found in a crypto call",
  60. "Details": [
  61. {
  62. "ioc": "ontent.inf"
  63. },
  64. {
  65. "ioc": "rocess.glox"
  66. },
  67. {
  68. "ioc": "gb.xsl"
  69. },
  70. {
  71. "ioc": "ist.glox"
  72. },
  73. {
  74. "ioc": "ext.glox"
  75. },
  76. {
  77. "ioc": "ccent.glox"
  78. },
  79. {
  80. "ioc": "chicago.xsl"
  81. },
  82. {
  83. "ioc": "iso690.xsl"
  84. },
  85. {
  86. "ioc": "sist02.xsl"
  87. },
  88. {
  89. "ioc": "pictureorgchart.glox"
  90. },
  91. {
  92. "ioc": "rid.glox"
  93. },
  94. {
  95. "ioc": "..3b"
  96. },
  97. {
  98. "ioc": "chevronaccent.glox"
  99. },
  100. {
  101. "ioc": "ieee2006officeonline.xsl"
  102. },
  103. {
  104. "ioc": "e.gu"
  105. },
  106. {
  107. "ioc": "rame.glox"
  108. },
  109. {
  110. "ioc": "rc.glox"
  111. },
  112. {
  113. "ioc": "architecture.glox"
  114. },
  115. {
  116. "ioc": "gostname.xsl"
  117. },
  118. {
  119. "ioc": "mlaseventheditionofficeonline.xsl"
  120. },
  121. {
  122. "ioc": "nline.xsl"
  123. },
  124. {
  125. "ioc": "harvardanglia2008officeonline.xsl"
  126. },
  127. {
  128. "ioc": "adial.glox"
  129. },
  130. {
  131. "ioc": "content.inf"
  132. },
  133. {
  134. "ioc": "etropolitan.thmx"
  135. },
  136. {
  137. "ioc": "set.dotx"
  138. },
  139. {
  140. "ioc": "ividend.thmx"
  141. },
  142. {
  143. "ioc": "rame.thmx"
  144. },
  145. {
  146. "ioc": "eadlines.thmx"
  147. },
  148. {
  149. "ioc": "rop.thmx"
  150. },
  151. {
  152. "ioc": "adge.thmx"
  153. },
  154. {
  155. "ioc": "uotable.thmx"
  156. },
  157. {
  158. "ioc": "erlin.thmx"
  159. },
  160. {
  161. "ioc": "ype.thmx"
  162. },
  163. {
  164. "ioc": "ircuit.thmx"
  165. },
  166. {
  167. "ioc": "g.n9"
  168. },
  169. {
  170. "ioc": "avon.thmx"
  171. },
  172. {
  173. "ioc": "roplet.thmx"
  174. },
  175. {
  176. "ioc": "eathered.thmx"
  177. },
  178. {
  179. "ioc": "vent.thmx"
  180. }
  181. ]
  182. },
  183. {
  184. "Description": "Performs some HTTP requests",
  185. "Details": [
  186. {
  187. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
  188. },
  189. {
  190. "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
  191. },
  192. {
  193. "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
  194. },
  195. {
  196. "url": "http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY"
  197. },
  198. {
  199. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
  200. },
  201. {
  202. "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
  203. },
  204. {
  205. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
  206. },
  207. {
  208. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  209. },
  210. {
  211. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
  212. },
  213. {
  214. "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
  215. },
  216. {
  217. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
  218. },
  219. {
  220. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
  221. },
  222. {
  223. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
  224. },
  225. {
  226. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
  227. },
  228. {
  229. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
  230. },
  231. {
  232. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
  233. },
  234. {
  235. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  236. },
  237. {
  238. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
  239. },
  240. {
  241. "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
  242. },
  243. {
  244. "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
  245. },
  246. {
  247. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  248. },
  249. {
  250. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
  251. },
  252. {
  253. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
  254. },
  255. {
  256. "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
  257. },
  258. {
  259. "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
  260. },
  261. {
  262. "url": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes"
  263. }
  264. ]
  265. },
  266. {
  267. "Description": "A document file initiated network communications indicative of a potential exploit or payload download",
  268. "Details": [
  269. {
  270. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\xab\\x922v7\\xffg\\xbb#\\xed\\xf9+\\xeb!b`y\\xe2\\x17d\\xe2\\xf0l\\xd4&\\x88#\\x99\\xbc\\xbehk3~)\\x16bzr1\\xe0i\\xd8\\xacc!\\xeb\t#t\\xcb\\x94p\\x0b0n=\\x19\\xcfo\\xb6\\xc5\\x92\\xdae\\x8d\\xf3\\xb5\\xbbw6\\x8ab\\x81\\x9b\\x14q\\x02\\xf8\\x9b\\xf9\\x14\\xafy\rb\\x93\\x18\\xd4g\\x15\\x98~\\x91\\xb9\\x1c\\xd22!s\\xb4\\xd0\\x8b\\x19\\xe6}c\\xa4\\xe9i\\xcc\\xfb\\xdec\\xe5\\x06\\x8a\\xfa\\xb1t\\xa9\\xb9s\\xb0j\\xa9@t\\x8b\\x85\\x19t\\x18\\xb4\\x9f\\xa7w\\xcd8\\x0f\\x0cl\\x1ao\\x9e\\xe7\\xc6m\\x93\\xeb\\x9b)\\x01\\x02)\\xc9\\xb3\\xe7\\xaa\\x00\\xaa&\\xb8m\\xe64\\x13p\\xc2o\\xc2p\\xce\\xaf\\x8c\\xe9r\\xaf\\x1ar\\x12\\xdbj\\xc6\\x84#\\x0e/\\xda\\x7f\\x8f\\x84,\\xcc\\xbd&\\xd2\\xefv\\xc8\\xceh\\x922\\xd1q\\x06\\xf4\\xa9vk\\x1cep\\xa7\\x8b\\xa0\\x7f:\\xb7j\\x96>\\xa0\\xab&\"\\xe3\\x0ch\\xf6i\\x9a)\\xee\\x11\\x1b\\x0f\\xb5\\x9c\\xf9|f\\xcd\\x1f\\xffj\\xf0<d\\xf3"
  271. },
  272. {
  273. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00~\\x01\\x00\\x00z\\x03\\x01]\t\\xf7\\xf5a\\xc9\\xc2\\xf0e\\xa8\\xb4\\x9b\\x1e\\xb8\\xa4\\xb0k\\xae\\x04\\xd4\\xd1\\xb4w\\xc1\\x16\\xdc\\xb9hm\\xa6\\xaa\\xd1\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x009\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00 \\x00\\x1e\\x00\\x00\\x1broaming.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  274. },
  275. {
  276. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xb5\\x8c\\xac\\xe8\\xe7\\xa8\\xb3\\x14j\\x02x\\xde:v\\xb2w\\xe1u\\xbey\\xab|\\xba\\x0b\\xdf\\xc7\\xf7p?\\xfdi\\xa7\\xf5\\xce-{l\\xe2m\\x17\\xe7'\\x10&\\xd4\\x08!\\x8a\\xdbb\\x14\\xc1\r\\xdb\\xd1]x\\xc4\\xb8\\x8d\\xe1v'\\x9f\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xd3\\x1c;\\xcco\\x9d?\\x1b9r\\x05o\\x02\\x04j\\xcb\\xc7\\xd9 \r\r?!%8+\\xd7\\x86qn\\\\xf0u\\xe6\\x8dn\\xe0\\x89\\xd5\\xad=\\x03\\xe0\\xc6d2\\xf3="
  277. },
  278. {
  279. "http_request": "winword.exe_WSASend_get /mfewtzbnmeswstajbgurdgmcgguabbtbl0v27rvz7lbduom%2fnyb45spuewqu5z1zmijhwmys%2bghunoz7oruetfaceai4elabvpzalrznpjlrv1u%3d http/1.1\r\ncache-control: max-age = 89056\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: fri, 22 mar 2019 18:30:24 gmt\r\nif-"
  280. },
  281. {
  282. "http_request": "winword.exe_WSASend_get /mfqwujbqme4wtdajbgurdgmcgguabbrpc1vzt9qvn7bzy3iidtbhla4mkqquwiif1tycsck3fd7%2fhijo5ox%2f%2bn0ce3saagyvv14%2fmepdgh0aaaaabk8%3d http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: sat, 23 mar 2019 17:46:18 gmt\r\nif-none-match: \"dd54d75d468"
  283. },
  284. {
  285. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p}\\x8f@i\\x7f\\xe4\\xc1\t}ka\\xf0\\x936\\x9f@\\xc1\\xea\\xcba\\x11tt\\xb2\\x9bzh8 h\\x89\\x08\\xf8r$\\xb9\\x95<@\\xfd\\xbb\\x1c\\xf2\\x16x\\xdd\\xf3)\\xe62\\xf6\\xb1(\\xa4\\xd5\\x04\\x07\\xafp|\\xb2\\xe5\\x9bw\\xa2\\xeai\\x11\\xaf\\x86g\\xa3bklb\\xb4`bia\\x0e\\xfe\\xd6\\xe2\\x94\\xdc/\\xfbb\\xfb\\xf9-@\\xb5~\\xf0\\n\\x93\\x86\r\\x1b\\xf9\\xa0\\xdek\\xe1\\x84\\x1f\\x94\\x9d\\xcb\\xfb\\x1f\\x81;\\xb33\\xf8\\x05\\xfa\\xd3\">\\xbes\\xe1\\xf6v_\\x1ea\\xab\\x01\\xf5\\xcc\\xd1\\xc8@\\x86\\xf6\\xac\\xc6\\x05\\xec\\xcb&%\\x8b'\\xb4\\xfcl\\x01ij\\xc1\\x1e\\x86\\x0e\\x8d\\x81\\\\x11\\x06\\x13\\x87\\x08\\xce\\xb4\\xa8\\xaa\\xfc_\\xdd\\xf6\\xc1^r3hg\\x0c\\x18k:\\xedm\\xac6o?\\x1a/\\x12\\xbc\\xa3{6*[\\xb9\"3xo\\xdah,\\xa9[s\\xcc \\xd8\\x1d_\\xc2\\x88k\n\\x83\\xfe\\xa4\\x87s\\x1dhi\\x1a&\\xd9\\xd53l^\\xb4\\xf0j\\xe4ft-d\\xa3\\x85\\xec\\xa9\\xc9\n"
  286. },
  287. {
  288. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x02 \\x1e\\x8c\\x92b\\x0b-d\\xf8\\xb3\\xbd\\xa9\\x8e\\xa6wb6\\xd6l\\x8f\\x1et\\xae\\xae6je\\x1d\\xd8.e\\x04v_v\\xd3\"r\\xee\"\\x9c\\xa5\\x0c\\x90\\xcanp%\\xa3)\\xd9\\xfd\\xbd\\x1avi\\xdc\\xa7\\xcb\\xdcb\\xe3%-\\x85\\xd2\\xe0\\x94d|\\x02p\\xced\\x9a\\xb7!\\xec`@\\x02\\x9b\\x86\\xe9\\xacx\\xf4x\\xf4\\x89)=*\\x8d\\x17\\xb4\\xdb\\x88\\x7f\\x10\\x90\\xec\\x82\t!~o\\x7f\\xb9\\x0e \\xa7y\\xffi\\x197\\x92l\\x84\\x0c\\x89'\\x90\\xfa\\xa3c\\xe3b\\xfc\\x0f\\x80\\xfd\\xd5n\\x10\\xc5\\xb9\\x18\\xb6kk\\x1b\\xc4\\xc7 2z'qmn\\xbdg\\x1d\\x0e\\xe9\\xa7\\xee\\x89j\\xc1\\xe9\\x91\\x82\\xd9\\\\x8bj\\x93\\x151\\xb5(\\x9ck\\x91\\xb8k\\x88\\xb5\\xd5\\x0c\\u@w\\xcbo\\x04v\\xb3y\\xc92s\\xce\\xa39\\x0f\\xd09\\xf0\\x9b8r\\xc6\\x9a\\x96?\\xf2p\\xfa{\\xbe\\xa6\\x90b\r\\xb2\\xfb\\xb5nx\\xa4\\xe4\\x86v'mo5\\x8bb^\\xfd<b\\xcb\\x97\\xdc\\xbe\n,[\\x05\\x16+\\x1c'o\\x8b"
  289. },
  290. {
  291. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00z\\x01\\x00\\x00v\\x03\\x01]\t\\xf7\\xfd\\xbe\\x80\\x8ba<\\xf1\\xe2\\xa2\\xc16\\xc2>\\x05\\xbb\\xb1\\xdd\\xf7$\\xbf\\x80\\xb5s\\xc17\\x9f\\x9ft\\x98\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x005\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1c\\x00\\x1a\\x00\\x00\\x17odc.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  292. },
  293. {
  294. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00}\\x01\\x00\\x00y\\x03\\x01]\t\\xf7\\xffd\\xa2\\xc2\\xa5\\xf8\\xd6+\\x03\\x03\\x9e\\x1a$\\xfc\\x92\\1\\xa0e\\x10\\xee\\xeex\\xc8\\xcf&\\xd6y\\xa5\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x008\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1f\\x00\\x1d\\x00\\x00\\x1atemplateservice.office.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  295. },
  296. {
  297. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04n\\xc0\\xedb\\xcae:\\xc1\\x07\\x0c\\x17\\xfd\\x06\\xdb\\xd4q\\xf6|\\xa9\\xa1v%\\xb80\\xbbe\\xb4\\x8e\\xe8\\xb2\\xe1~%\\x12\\xa0\"fn\\x0f>p]~\\x06\\x9a\\xd5\\xcbvz4\"sr\\xb4\\x07\\xc4j\\xa8\\xcf\\x06\\xd6<\\xc5>\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x84\\xab\\x8c\\x08]\\xc2\\x98\\xeb\\x02\\x9c\\xbe)\\x05\\xc5\\xf5'\\x9f\\xa1\\xedp~\\xeb+\\xe0\\xb6x\t\\xca\\x1f\\x02r\\x91\\xbf\\x1e;\\xef`\\x86\\x1b\\x12\\x8d\\x9a\\xb6\\xbdn\\xf3\\x8f\\xf0"
  298. },
  299. {
  300. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\xd8\\xed\\xce\\xf0\\x9c\\xbcrd\\x8cik\\x8ak\\x98)\\x848\"\\xf2\\xf7>\\xa1\\x9d\\xcas,\\x9d\\xfb_\\xe2\\x8e\\x9bo\\xc5\\x192\\xe9\\xdc\\x8ek\\x96\\xca\\x124qq\\xab5\\x9e@\\x9f\\xbfs\\xda\\x9b,\\xa2\\xf7&u\\x08\\x04\\xe9\\x90rtm\\xbb\\xac\\x8fqua\\xf8(\\xc4\\x9b\\xf2\\x872\t\\xe30\\xdc\\x8db|\\xf5\\xe4\\xbf\\x1ab\\xf0\\xb2\\xb2\\x9b\\xee\\xe3vwh\\xa8\\xa4-\\xb9\\x1e\\xd0\\xbd+\\x84\\x99\\xef\\xa0j\\xd1\\xa2\\x0f\\xff;&\\x01\\xc4\\x89\\xd5\\x0e\\x93\\x08\\x87\\xfbqlj\\x14\\x13\\xd66\\x9cm\\xd4!\\x0b\\xaf\\x98\\xe5\\xd0\\x1bf\\x12\\xb4\\x98f\\x00\\xecn\\xe8\\x1f_\\xe3:z\\xd7\\xe0\npg\\xb9\\xb0c6.\\xc8\\x17c\\x0fq\\xe4\\x1f\\xa9\\xc3$r\\x84jr\\x00\\xd9\\xe2\\x1b\\xf4:\\x08\\x0e\\x0e\\x8b<;j\\xd5\\x913\\xa5\\xf7=\\xa0\\x7f\\xb3\\xb6\\x1d\\xb0\\x91\\xa5\\xba#\\xee\\x9a\\xbd\\x17\\xc6\\xe2\\xce\\xe3`p\\xb1\\xaa\\x05\\xd7\\x17j\\xba\\xa7\\xd1\\xee\\xb5i\\x80\\xd2|\\xf9\\xc2\\xc0_\\x96@jx\\xbchj\\x13("
  301. },
  302. {
  303. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00b\\xf0\\x01\\xba\\x12\\xeci\\x19\\xc7s\\xcb+\\xa0\\x82w\\x0b\\xfe\\xec\\x14\\xeapq\\xa6onh\\xe8n\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  304. },
  305. {
  306. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xdd^\\x1ds\\x1e\\x11m\\xe5\\xe1\\xc7\\x06\\xd0\\x0f\\xb4\\xd5d7\\xad\\xba\\x1e\\xbf\\xe4+\\xe7m(\\xa3\\xb5\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  307. },
  308. {
  309. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00)\\x11\\xbe\\x8dv\\x03\\x10\\x0f\\xcf\\xf8\\xc6\"l\\xed\\x13\\x16g\\x81\\x8c\\xcao\\x921#\\xadrl=\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  310. },
  311. {
  312. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xf4\\xcf4\\xa3\\xd4\\x88\\xb4\\x85\\xbci!\\xc2l\\xcc\\x87\\xe8\\x04\\xe4\\xbe\\xb6k\\xbb\\x9d\\x18\\xd3\\x15\\xd7\\x19\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  313. },
  314. {
  315. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xfb6\\x98\\x87\\xbed\\xea\\x8d\\xb9ru`\\x0c\\xafw\\xa4z\\xe0\\x03\\x8d?\\xae\\x08,\\xc1\\xa5\\xac\\x19\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  316. },
  317. {
  318. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00j\\x9b\\x92\\xaa\\xe2\\xe1\\xd1\\x84\\x03\\xe3\\xb8d\\xfd\\xf6;\\x00\\xf1]h\\x97w\\x8d\\xe5\\xe0\\xbc7\\x0c\\xe3\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  319. },
  320. {
  321. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\x93 \\x04~z\\x99n\\xcb\\xf5<.\\xb2\\xb5.\\xe8j2\\xa0\\5og]\\xed\\x1d\\x9f\\x8e\\xd0\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  322. },
  323. {
  324. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xe3bf\\xa3'\\x87\\x98\\x15@\\xdb\\x13\\xfe\\xa649\\xc7\\?y\\xbb8@jg\\xac\\x98i\\xfe\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  325. },
  326. {
  327. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xdc\\xa3u4\\x80=w>\\xb0{\\xc5w\\x86\\xde\\xd6\\xcb\\x8e\\xf3\\x89\\xba\\x0b\\x96\\x8e\\x82.w\\x91\\xc6\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  328. },
  329. {
  330. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00m\\x19\\x10\\xb0u\\xb2\\xc4(a\\x1d\\xaa\\x15\\x11\\xe4\\x0e;\\x98\\xd2q\\x9f\\xa5\\xbe\\x7f\\x98\\x96\\x96`\\x82\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  331. },
  332. {
  333. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00g\\xd4:\\xc5\\x86\\xb07\\x82\\xfd1\\x82\\x17\\xe6z\\xb1\\x0e7\\xc7g\\xd7\\xd7\\xcf,p\\xff\\x96\\x00\\xe5\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  334. },
  335. {
  336. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xf4\\xe3\\xb2\\x7f\\x1b\\x02\\x98\\xdb\\x85\\\\x11v\\xd0<w*\\x9c\\x06a[8\\x898\\x96ii\\xb3\\xab\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  337. },
  338. {
  339. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00q\\x7f\\xd3\\x9e\\x91\\x8a\ti\\xa1\\xdap\\xa3\\xcd\\xc2/\\x8e\\xbf\\w\\x18\\xd9ai\\xf7\\xc4]\\x92\\x05\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  340. },
  341. {
  342. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00:\\x8b>i\\x0ea\\xd1\\x80\\x0c/\\xd5\\xe7%\\xe3t-\\xb8\\xe5\\x89%']of 4\\x88\\x97\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  343. },
  344. {
  345. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\x15te\\x95p\\x97fh\\xf1\\xed\\x0e\\xf8\\x8de\\xe2\\x11\\xe7\\x1b\\x8b\\xc8\\x87v\\xda\\xf5xg\\xa7\\x95\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  346. },
  347. {
  348. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xec.\\xfe\\x83u\\x90\\xe8\\xa1eb\\x15x\\x02\\xbf\\xbdl\\x9fksi\\xeb\\xb7\\x13\\xa0.\\xac0\\xcc\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  349. },
  350. {
  351. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00oh\\x81qy+&d\\x03\\xe7i\\x03\\x9bf\\xa8*\\xfc\\xd5\\x84\\xc4=\\xc8\\x95\\xe62\\xed\\x8dg\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  352. },
  353. {
  354. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00a!^\\x8f\\x88\\xdd\\x85c\\xe0\\x8a\\x02\\x9e&\\x82\\xd5\\x9b(+u\n\\x8ews\\x10y\\x9f\\xfcd\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  355. },
  356. {
  357. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\x97\\xb7<+\\xd4\\xa7\\xf6\\xf6\\xe8]\\xe1\\xea\\xaa\\xec\\xa3l\"\\x18z\\xefx\\xf2{\\\\xe4\\xf2\\xa1\\x1b\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  358. },
  359. {
  360. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xcc;n\\x1f~0b\\x861\\xd2\\xdd\\xee\\xce\\xcc\\x0bgh#\\x8c\\xe4\\xd0\\xa4c\\xe67\\x9e\\x0b \\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  361. },
  362. {
  363. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xd84)\\xad\\xa7\\x7f\\xbb\\x84\\x1f\\xd3\\xe4\\x83i\\x98\\x8d7\\x85\\xf9\\x86j\\x82\\xf6\\xafi\\xc8a\\xd9\\x1c\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  364. },
  365. {
  366. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00k0\\xd0\\xac\\xc3g\\xfb\\xcd\\x0b4\\xecr\\x1c\\x92<h%?\\xc6\\x80\\xd1\\x86zq\\xeas\\xf1\\xaf\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  367. },
  368. {
  369. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xc3\\x98\\xf0\\xa9\\x96\\xac$1v\\xa2|i\\xefuq\\x10\\x81\\xe5x\\xdfms\\x98\\x99;o\\x83o\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  370. },
  371. {
  372. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xc4_\\x85\\xfe\"\\xf3\\xa8y\\xb6y\\xa8\\x99[\\xc8r\\xbb\\x8a\\xe5rg\\xe1\\x0c\\xbac\\xbcm\t\\x1c\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  373. },
  374. {
  375. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00r*\\xd4&\\xe5u\\x0b\\xe8\\x9b[\\xad\\xc5l\\xa8\\x0e?\\xa1\\x97\\xa3b\\xfb$\\x10\\xea`\\xe1\\xe9t\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  376. },
  377. {
  378. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00r\\xbf\\x17\\x00i\\x84:msi\\xd3\\x9e\\xeac\\xed\\xd0w\\xc6\\x01ip\\x88s\\x184\\xac\\xe3w\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  379. },
  380. {
  381. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\x12hq\\x19\\x17\\x1b\\xe4,j\\xb0t\\x10p\\x9d\\xb1&\\x9a\\xb0\\xe4[\\x92<\\x80l\\xbe\\xb1\\xd3\\xcb\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  382. },
  383. {
  384. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xed\\xde(:\\xb41\\xd4a\\xf2d.\\xf5;\\xf1\\xf9\\x9a\\x1a\\xda7\\xb5\\x0fj\\x80\\x08\\xac2\\x8b\\x8c\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  385. },
  386. {
  387. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\x1e\\xc1\\x9b;~o,\\x06\\x89\\xa0\\xca[xd\\x1c\\x04\\x8b\\xc9\\xc3\\xe3\\x9c]\\xe4n9\\x0bc\\xff\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  388. },
  389. {
  390. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\x8b\\x90\\xf2v9\\x06\\xe7\\x8a\\x93d\\x8f\\xef\\x94}x\\xc6\\xfa\\xe0_\\x8bq\\x00f}\\x84v\\xa8\\xeb\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  391. },
  392. {
  393. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\x17\\x83\\x81\\x03\\xb9\\xd2q\\xbb\\xb4l\\xd4r\\xac\\x16w-\\xab\\xa2k\\x831c\\xcfp\\x9ft]\\xc7\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  394. },
  395. {
  396. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00zbj_\\xb1u\\xb7\\x97\\x0cj)\\xf9\\x9b\\xd3p\\xc6\\xab7\\xc2\\x88\\x13\\xd9\\xc1k\\xfcc5t\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  397. },
  398. {
  399. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00w0ec\\x83o\\x8ap\\x84\\x97\\xc7\\x02\\xbb\\xbf\\xd9\\xb7\\xbbg\\xdd\\xc7\\x8f0\\xe4?\\xee\\xfe\\xe7\\x1f\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  400. },
  401. {
  402. "http_request": "winword.exe_WSASend_*\\x00\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00mp\\xef\\x0e\rn\\xd6\\x0f$\\xd0\\xea_4\\xd7\\x94$\\xb6\\xf6c\\xc4\\xe3p\\xf7\\x0f\\xe8\\x01\\x8b\\xdc\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  403. },
  404. {
  405. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04:ph\\xc3\\\\x99pa\\x9d\n\\xac\\x8e\\xd6\\xcf\\x01,(\\x1afm)\\x19\\x8ay\\x0c\\xc2\\x9d\\xb1\\xe1\\xa3\\x07\\xbd\\xd9\\xeb\\xc76fb\\x8c\\x91\\x9c\\xb7\\x01\\x18q\\xe9\\x93l+lc\\xbd\\x92@8\\x85\\x19&]\\xf4\\xa6\\xf6\\xea\\x18\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000:\\x90~\n\\xb7p{\\x96\\x9fvd\\xc1\\xf9\\xe165\\x9b8\\xb4\\x07(\\xd8\\x9f\\x0fo7e6\\xf3\\xb0m\\xa0%\\x06\\xd1p\\x99\\xf8c \\xc0o\\xc9/\\x00\\xad/\\x00"
  406. },
  407. {
  408. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04%\"\\x9cw\\xed\\x9c'\\xa9\\xbf\\x93&\\x93\\xd0\\xc73\\xa8\\xd5wlh\\xfag\\xbd[jo\\xdf\\x92\\xa6a\\xe2\\xd8\\xe1t'!\\x950\\xeb\\xed\\x17\\xcb;iu0\\x1c\\xe9\\xa4 \\xfd:6\\x01\\x7fq\\xf7\\xa6\\\\x02\\x9ah\\xe3\\xf2\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x1d\\xaet\\x92\\j\\x14\\x9f\\x9a\\xf8\\x9f\\x0cx^\\xdf\\x87|\\x08\\xc8\\xd81\\\\x02\\xf9u\\x9c\\xaa?\\xe5f\\xaae\\x0fv\\xbc\\xcb\\xc7w\\xdeen \\xdf\\x8dyc2\\xcd"
  409. },
  410. {
  411. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04e\\xff%\\xd0\\xdb\\xd1\\x8c\\xa7g\\xc2\\xc3h9\\x17\\x8c\\xb7\\xc0\\xa6\\xc8\\xb6c:\\x1f9c\\x10\\xf1\\xe0|\\xe4\\xe3\\xc8k\\xd6\\xb5\\x9b\\x86\\xc1\\x16h8\\x00\\x15\\xc6\\x9ed\\x87\\xb3,\\xb0l[@\\xc7\\xd8\\xb6\\x86\\x1a\\x83\\xda\\xe3\\xf3\\xc8\\x0c\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xe3\\xd8\\x80\\xb2q\\x83\\xc3\\xdb\\x81\\xf7\\x83\\x9f\\xee\\x8a\\xc4\\xe6\\x069|\\xd8\\x9fk\\xa1\\x1c\\x1ae\\xee\\x9b\\x00\\xd8\\xcej\\xfe\\xbd\\xb51\\xb6\\xbe \\xd1\\x8f\\xd0\\xfc\\\\xcfb\\xad\\x95"
  412. },
  413. {
  414. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xb7\\x11\\x11\\x9d\\xae\\xe9\\x1d\\x12\\xb3jj\\x16\\x8a\\xe8\\x8e\\xa8\\xc4e\\xbbu1\\xe6\\x02\\xa3s\\xd3\\x85\\xd4\\xd3\\x8d\\x84\\x93\\xea\\x9a!\\x80^c\\xd7\\xb2b\\x01\\xaf\\x13\\xfc2\\x1bl\\xedc\\xbbui\\x83\\xbboo\\xc4o\\xc0\\x8a\\xaci6\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x12\\xd9\\x90?b\\xd3z|8k\\xb57ko\\x03\\xa1\\xd4\\xa4\\x8c\\xd5\\xf5]\\x81^\\x8dq\"\\x98\\x04\\xb5\\x0e\\xcb\\xe2\\xc9\t\\x7fu\\xea\\x1d9t\\xa7\\xae~\\xad\\xa3ah"
  415. },
  416. {
  417. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x042\\xd8\\xed\\\\x86\\x91\\xa9l\\xd8\n\\xe7\\xbd\\xb5q2\\xbd\\xa56\\x9d\\x10\t\\xfe}\\xdf3\\xa8\\xda.\\xb00\\x9a\\xcb\\xb5\\x1b\\x827\n\\xe1\\x80\\x00\\xd9\\xe3=@{l\\x0b\\xd9\\xbf\\x841z\\xf3\\xdf\\xe88\\xe9\\xf6w32\\xf1\\x1b\\xc4\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000>#\\x1f\\xad\\xf7\\xa6\\xe0\\x1c\\xd7\\xcajf\\x18o\\x8e~}\\xb0p\\xd0\\xfb\\x0fj!/\\x1e\\xd8b)\\x82\\x95\\x03\\xf5\\x07\\xee\\x13\\xa2\\xc8\\x9fr\\xb3^ k\\xb8\\xe5:\\x0e"
  418. },
  419. {
  420. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04,\\xc6\\xad\\xe4\\xe7(\\x07%\\xe5\\x02~c\\x16\\xb34\\xa7\\x9c\\x9f\\xeae'\\xe2#\\x08e<\n6v\\xec*\\xc9\\xee\\xe7n\\xeb~\\xaab\\xebmf\\xab\\xc7\\x98zb\\xa1k\\xb6 ,\\xbba\\x0c\\xb0\\xe6\\x97\\xb2}\\xae\\xf7\\x9ex\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x91\\x9f$\\x922_\\x9d\\xd0\\xb9[c\n\\x19\\x10\\xe5't\\xd0\\xd1\\x84\\xff\\x06f\\xf9\\xf0\\x13\"\\x8b\\x83`\\xf42\"\\x19l\\xc1\\xb49;\\xf1@\\xc48\\x97\\x97\\x19r\\x00"
  421. },
  422. {
  423. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xdb\\xff%\\xbc\\xd5\\x03di\\x14\\xc6\\xc2s\\x9ao\\x05\\x8c\\xd4\\xe8\\x12n\\x0ek\r(\\xabf\\x11\\xb9\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  424. },
  425. {
  426. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04w3\\x11\\xf0\\xa7\\xfe\\x01\\x9e\\x16\\xb6\\xc8\\xed\\x9d\\xdbz\\xe3\\xae\\xdc\\xb7\\x06\\xc3\\\\x10\\x0c?&yb\\xc2e\\xe2\\xc3\\x0cq\\x93\\x14\\x84\\x03\\x14\\x9a\\xc1\\x93\\xfd\\x01e?\\x0f\\xd9\\xbak\\xb8\\x8d\\xab\\xc6\\x01\\xa0\\xef\r\\xaf\\x98\\xc2\\xc5\\x9a\\xdd\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000}\\xd3\\xa5\\xa1n\\x9dk\\xf2bu\\x92'\\xcb\\xb3\\x07\\x1c\\xe4\\x8d\\xc8gc\\xe5\\x0f\\xc5\\xb9\\x13\\x00+\\xdci\\xb5-\\xa2thp\\xfa`\\xefn\\xd2\\x9d\\x99\\xbb\\xcba\\xb3\\x0e"
  427. },
  428. {
  429. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04h\\xe7]\\xb2\\x99\\xa8\\x0e\\xbd\\x95tl^\\xac\\x80#\\x03m\\xef\\x05!6\\xa8*s0\\xba\\xd2s\\xea\\x03\\x95\\x05\\x8ee\\x9b\\xc5he\\x9d\\x05\\xec\\x99\\xe5h\\xa9\\xbbi\\xcfap\\x92\\xba\\x87\\x02\\xf6\\xd6\\xfd2p\\xf5\\x0b\\xa0\\x92\\xcd\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000i\\xeb,\\xc0/\\xa0st$\\x86\\x1c_\\xe8m\\xb1\\xf8\\x8f\\x85\\xa2\\xfc\\x02_\\xdb\\xd6\\xc5io}\\xb1\\xe4k\\xa1i\\x03hj\\x0f>\\x8e^\\xd5\\xf4\\x1f\\xe8u>\\x83\\xc2"
  430. },
  431. {
  432. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x8c\\x8de\\xc5\\\\xf3\\x18\\xde^\\xd5\\xb8\\xe0\\x02\\xdbt4\\xa4\\xc4\\xb3'\n\\xdb\\x0c\\x19\\xab\\x80\\xbf\\xc3\"\\xe7\\xdd\\x04\\x80q\\x85\\xcd\\xd1\\xach\\x81]\\8+\\x87!\\xba\\xf6r\\xc3\\xeass.\\x19\\xd5ja\\xdf\\x9a\\xce\\x96z\\x05\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xff\\x00\\x00\\xa8\\xb0|}\\xefs\\xf6(\\x85\\xd3\\xa1\\x03\\xfa\\xf3(\\x9b x=\\x90/\\xbf\\xf4\\xb6!\\xb00qg\\x9e\\xb5\\x18\\xc4\\x0f\\xca\\x8b\\x05\\xe1\\x0e\\xc7\\x93\\x1fq\\xa8("
  433. },
  434. {
  435. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04&\\x04\\xcb#\\x0fd\\xedp\\x7f\\xea\\x026@\\xbc\\xe1\\xb7\\xf6\\xaf\\xc7\\xe2\\x1a@\\xad\\x95\\x97ot*.\\xcb\\x16h\\x933\\xd5\\x95=et\\xcc\\xbb\\xe5\\x89z)k\"\\x95\\xf7\\xb4h\\xa2w\\xf8f\\x86\\x1d\\x14\\x12\\x06\\xb5\\x0f\\xd9v\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x0003\\x8ehm\\x8f\\xa8\\x89\\xfe,\\xda_\\xc5j\\xe8@3\tm=\\xa3\\xfb\\x14\\x956\\\\xb9\\xe5h\\xdf\\xee7\\xd2sj\\x0ci\\xf6\\xfa\\xfb\\x1fa\\xfdm\\x16\\x13\tc\\x11"
  436. },
  437. {
  438. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xe7wh\\xff\\xca\\xafq0\\xfb\t\\x95\\xc6\\x13\\x8a%\\xe1\\x8cz\\xb5f\\x0b\\xc6\\x90/\\xc6\\x9b\\xfe\\x9e\\xba\\x01\\xe6\\x0c\\x88\\xd6\\xe0@v8k;d\\x0b\"%\\xd8d0<\\x8e\\xbf\\x17lx\\xbe\\x08}\t!x\\xfa\\xa9\\xdf\\xe3\"\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000@\\x162\\xe2\\x84`\\xe7\\xa3\\xc7z\\xd3s\\xdfa\\xd9\\x9e;\\xb2\\xd9g_\\xf6\\xbc\\xe7\\xdc4de(\\xd9\\xfb\\x0f\\x18de\\xc7\\x16\\xcb\\x01\\xc0\\xc31?2)bzy"
  439. },
  440. {
  441. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xa0}s\\xa6\\xb4d\\xb9\\xb1d\\xcbl\\xb5\\xb7\\x1e\\x86m.\\xf0\\xf2$\\x99\\xe2yhus\\x96r\\xfd\\x83\\xa3c\\x16\\xfb\\xe2\\xb4\\xb5\\x0cnn/\\x03\\xf7\\xe7\\x7f\\xeb\\xe4=a\\xa4\\xeas\\xae\\x14s\\\\xcb\\x9e\\x9b\\x9cf\\xb0\\xdap\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x96g\\xcf\\xc0\\xfc>e+a\\n\\xaf\\x02\\x14\\x07\\xae\\xabu\\x06 y\\x8c0\\x8bx#`\\xf8e\\xbcb\\x88p\\xbd\\xe3u\\xb4\\xee\\x04\\x1b\\xe7\\xee\\xae|n\\xf2\\xde\\xa2"
  442. },
  443. {
  444. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x0e\\x9a\\xd8\\xac\\x07x\\xe4\\x93jp\\x83o\\xd0\\xc4\\xcf\\x83\\xe6l\\xe26a\\xd3\\xf3\\xf7\r\\xd3\\x8f\\xa0b>\\x0e\\x0c\\x18\\xec\\xefy\\xcc\\x07\\x8f_\\xb5\\x81\\xd6\\xdf\\x03\\x01\\x00\t\\xa8\\xf3\\xad+\\xd7\\xa7\\x8b\\xc9g\\xd1\\x1d\\xf6\\xc0\\xc0i\\xfc\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xea\\xca\\xefp#\\x96\\x88g\\xa9\\xdb\\xa8\r\\xd9\\x96\\x11\\x94\\x0br\\x81\\xe1\\xcc\\x11\\xfce\\x06\\x9f*\\xd5\\x01\\x11\\xf6\\xd9=\\xf8\\xaf|\\x88\\x10>\\x07(\\xf8]h9\\xa8\\x95\\x85"
  445. },
  446. {
  447. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xac\\xcc8h\\x0b\\xdfs\t\\xdasd\\x19}g\\xaa\\xad\\x92\\xc6\\xe3\\x9cvnd\\x15\\x1e\\xba\\xcf\\x89\\xb1q\\xc8wk\\xbb\\xe7\\xb8\\x14\\xad\\x7fa\\xdbo\\xdeor\\xd2\\xddx\\xfd{r0<\\x93\\xd9\\xf7\\x92\\xa8\\x0f\\x05\\x19\\xd5s+\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x96\\x1ey>\\xe5i\\x9e\\xfd\\xf9o\\xcb\\x1bk\\xc7n\\xa4&\\xf5cz5k\\x91\\xb4\\xaak\\xab\\x1crhdz\\xc7\\xec\\x17\\xc3\\x93\\xd5\\xfdv\\xaf\\xd1\\x0b\\xb5\\x9d\\xacw\\xf1"
  448. },
  449. {
  450. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x96\\xe4\\x1a\\xd0\n\\xca\\x90z\\xa1\\xc4$q\\xb4\\xe2\\xd7\\xc5a\\xd1\\x18'tj3\\xfdo7\\xf6\\xd0\\xc2\\x898\\xb6v\\x8bp\\xcf\\w\\xc77\\x16\\xbc\\xac\\x04\\x02\\xb0\\xd7g\\x14\\x93\\x0f^\\xea\\xb7\\x9c%!x\\xd1\\x18\t\\xa5ce\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xc7q\\x85\\xb8\\xa3?\\xc5\\xe2\\xa1\\x17o[r\\x9f\\x93\\x16\\x9c\\xfb\\xed6s;\\xad]\\xce\\xc9\\xf9a\\x1c\\xd0\\x80\\x97\\xb8sh\\x08.\\xef\\xe8,-t\\xc6\\xf91\\xc7\\x98i"
  451. },
  452. {
  453. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x1d\\x121\\xef\\xfah\\x9d(\nt\\x90]\\xb0p\\xf2a\\xcc\\x1d}v\\x0ca>2x\\xebj\\xc8\\xae\\x0e\\x8f\\x86\\x94\\x11\\xf8j\\x10n%<\\xd6\\xeb\\x90\\x18\\xff\\x1f\\xd5@n\\xab,f\\xe3\\xf9^\\xa1\\x9a\\xd5\\xef=\\x03\\xd4\\x1bf\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xba\\xc4e\\x1f\\xcfl\\xa6m\\xffb\\xb9z*\\xdf\\xf3i\\x0ct\\x92\\xe5\\xfa\\xe8;\\xd3\\x12\\xf1\\xf4\\xa4\\xca~\\xb8\\xebm\\xbd\\xc3\\xddc\\xed\\x8e\\x1c\\x7fd\\xbcj\\xa0\\x10\\xe9\\xda"
  454. },
  455. {
  456. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04ys1`\\x91\\xea\\x92{o\\xa1\\xcee\t\\xb3\\xfdg\\xc7so[r$\\x969\\x87\\x99\\x9c\\x91\\xe4r\\x06:`\\x12\\x9cso\\xa1\\xbat\\x95\\x9b&f\\x9f\\x12\\x94\\x1d\"\\x8ex\\x85w\\xae\\xb6?\\x802\\x8ch\n\\xf2\\xa9%\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xe8}8\\x81f0\\xbam\\x80\\xee\\xdb:9\\xde\\xc7\\xb9\\x81\\x98\r\\xdf9\\x92~\r\\xb5\\xccg0\\xb6jr\\xbb6\\x83g\\xf2\\x90>\\x1d\\x8d\\xa7\\x02\\x02\\xa7kz\\xf8v"
  457. },
  458. {
  459. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x044\\xdbt\\xc9m\\xbe\\x00\\xad\\xbd}!\\x9e\\x88\\xab\\xa7\\x89\\xcf\\xfew#p3,\\xc3\\xf7\\xd8rp\\xd3\\x8f\\xc0\\xa8\\xb5>\\xca\\xfd\\x86\\x1el\rq\\x08\\xe8hw\\x90\\xc8\\x82\\xe1@d{\\x88\\xbe\\xc7\\xbd&\\x06\\xf8\\x8a\\x08\\x94\\xa9\\xf2\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x87_\\xbb\\x023\\xbd\\xe0t\\xb1\\xde\\xfbk\\xd2t\\xf36\\xe7\\x8a\\xb3\\xe5v=\\xbd\\x03\\xbe\\x88\\xd8\\xbe\\x95\\xb33e\\xc7\\xed\\xbd\\xa7o\r\\xe7.\\xa4t\\x0br\\x81\\x0f\\xf1\\x8c"
  460. },
  461. {
  462. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xc3\\xcf\\xe7\\xd4\\x19\\xb6\\xca\\x18\\x99\\x03\\xbeo\\xa2\\x16\\x05\\x8ck\\xdf[\tfq\\x93\\xe7\\xee\\x9dr\\xb0\\xc0\\x0frs6m=\\xe6\\xbb\\xfc\\xda\\xa0\\x84i\\x86\\x8dc\\xf9\\xa7fm\\x99\\xf2\\x0b\\x9a\\xa8\\x9c\\x1c\\xbfv\\xe1(\\x1b\\xc4\\xd4\\x16\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x1e\\xae_\\x04dli\\xaf\\xe1/\\x1b\\x11\\xb8a\\xc3y\\x9fk\\x8d\\x16\\x01u\\x841\\x83\\xa1)\\x81i:\\xff\\x87\\xd52j-)$\\xb8\\x94ny\\xceo\\x8d\\xda\\xe8\\x9a"
  463. },
  464. {
  465. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\x91r\\x7f5\\xe9|\\xd7-\\xdduk@\\xad\\x95\\x95\\xe9\\x1f\\x9a\\x08\\xae\\xa9\\xd1o\\x19d\\x83\\x974\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  466. },
  467. {
  468. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04>;\\x88\\x1d0\\xcbnw\\xa2q\\xf0\\xe8\\xd0\\x8c\\xa3\\x87\\x1a^\\xb2\\xd0zdh\\xe3'\\xf6\\x11d\\x9e4\\xc6\\xa5\\xf9\\xfd\\x83\\xf6a\\xc6b\\xe5o\\xc6]h\\xb8e\\xb0\\xe3i\\xb5ogo\\x96\\x1f\\x94\\xdb\\x14\\xa9\\xc2/{\\xbb\\xed\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x0006\\xa5\\xb6*9vw\\xf5\\x05\\xad\\x16\\xc3+\\xbe\\xbdt\\x90\\xb9\t\\x04\\xc1\\xb4\\xc8\\x83o\\xcc\\xa1]t\\xc57\\xd7z\\xb6\\x14\\xf2+~\\xb9\\x9e^\\xc9\\xc5\\xb2\\xe4\\xa2\\x83\\xe8"
  469. },
  470. {
  471. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xff\\x8e\\xeb\\xed\\x08\\xfe\\xca\\x1c\\xe7k\\x98\\x1cxr\\x8bm,\\xd4\\xcd\\xac\\x08\\x93\\xda(\\x1ce\\xe3\\x93\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  472. },
  473. {
  474. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04u\\xbd\\x05\\x84\\xdd\\xef\\xc5\\xc8h^o\\x0fl\\xfc\\xe7\\x86c \\xb7\\x7f_\\x11\\x85\\xc8i\\xba\\x13d\\x93\\xa9\\x96\\x7f\\$x\\x9ch\\xd0\\x00>hb:\\x83\\xc0z\\x0c\\xf1\\xd0\\xcb\\x94\\xd4'\\xc9p\\xe2\\xbb\\xcc'c\\x83\\xc0\\xbe\\xf1\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000v\\x0bp\\xe0\\xb8r\\xd2\\xd8\\x06\\xb5r\\xb6i\\x97\\xc5\\xbb)\\x7f\\x82\\xa2\\xaa\\xcdqm8_\\xa1\\xa2s\\xccn\\x88~\\xfc\\x0f\\xd8\\xea\\xae\\xa9=\\xb9\\xb8c~e\\xb9r\\xd2"
  475. },
  476. {
  477. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00)savl\\xb6\\xc7\\xb2'\\xdfp\\x15\\xb1 \\xb4\\xd5o\\x85p\\x84\\xed\\x1a\\xf0\\x80\\xa9\\xcd:k\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  478. },
  479. {
  480. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00m\\xe31\\xcbk\\xf9\\xa6\\xedc\\xb3g\\xd4\\x05=w\\xd8\\xb8\\xd9r\\xde\\xcd\\xa7`\\xd6\\xcd4w\\x99\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  481. },
  482. {
  483. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\x08{}\\x03%\\x8db\\xe4\\xa4g\\xc3\\x0b\\x02\\x85\\xb2)_y\\x91\\xff\\xd8j>}\\x84k\\xe2\\xe2\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  484. },
  485. {
  486. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04n\\x18\\x96\\xd2\\x9f\\x82\\xcf$\\x7f\\xf1\\x8e\\xf0\\x9b\\x81\\x1cy[\\\\xb9\\xa5rr.t\\x8dec<\\xd4fu\\xc4\\x13\\xde\\x1b\\xed\\xaa*\\xbf,\\x1c!\\x99\\x82\\xfb\\xdc<t\\x13\\xe8w\\x92\\xa7+n\\x14=0\\xf1\\xb3\\x97\\xb6/\\xd6\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xd9\\xcba\\xed\\xedf,n\\x15l\\x87\\x1fl\\x98\\\\xd3\\x9d\\xea\\x1ev\\xb1\\x12\\xa8'y\\xe5\\xc4\\x13\\xa2\\x94\\xe8\"=\\x93\\xa9}\\xce\\x83\\x82\r\\xd5tc\\x19\\xba\\x8c:;"
  487. },
  488. {
  489. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x046\\x1c\\xcbm\\xc4d9\\x1a\\xa3\\xc2\\x1c\\x00\\xf3\\xcd\\x8c\\xbb\\x98\\xc4\\xd2\\x9b\\xec\\x13\\xe1\\xe8\\x19\\x84h\\xb0\\xb7\\x80\\x1dc\\xce\\xa3\\xa6r\\xc3\\x1cn>2\\x0c_tg\\x9d\\xea\\xca\\xd1\\xb5\\x98\\x87oq\\x86no\\xf1sf\\x89f\\x1fj\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x1a\\xf1d\\xa2\\x07~ql\\x0f\\xb4\\x84n\\xd9\\x88m\\x15a\\x9f\\xaa9\\xa1\\xae\\xb5\\x8e\\x8azw\\x1a\\xc7\\xa8\\xa4\\x01\\xaa\\xc4/\\xdd\\x89\\xca\\xcb\\x12\\xd9[=\\xc1g\\xc4\\xd4\\x80"
  490. },
  491. {
  492. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xe9\\x08\\x8aa0gj<\\x9a\\x8fc\\xb3f\\x89\\xaa\\x91s\\x90k\\xe8\\xa6\\x19xk\\x93\"\\xb4\\xdbr\\xb1d\\x85a\\x96\\x05c\\x1ej\\xdc\\xf1y\\xb9\\xeaaij{\\xbci\\xaa\\x93h\\xc5\\xb65*v\\x81x\\x98tw\\xb3a\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xa5\\xaa=*\\x7f \\xa6v;\\x19\\xba\\xf0]\\xed#\\xdf\\x98i\\xe6\\x17\\x99\\xfc\\x10to\\x96\\xb5\\xb5 2#\\x06\\x0fcm6\\xd3\\x18\\x07xix\\xb9\\xe1^(k\n"
  493. },
  494. {
  495. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x83\\xf9\\xed\t!\tv\\xb6\\xd4\\xc1\"\\xd8i\\xcd\\xb6\\xe8\\x95t3\\x8a)t\\xf9i\\xc7\\x90\\xe3\\xde\\x10\\x86\\xa6\\x0eb#\\x9d\\x06t1\\xc8\\xf0/\\x8d\\xf0\\xd3\\x0c\\xb7\\x15g\\xb7\\xd3\\xdd\\xec\\x0b;\\x86/\\xa5\\xe0\\xff\\xf2c0h\\xe7\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x9e^\\x1d*5\\x15>\\x18x\\xbd\\xca.\\xb9g\\xa4\\x8d\\x19\\a\\x18\\x9d\\x00\\x1c7\\x0ez\\xe2\\x1bt8\\x8f\\x02\\xc3\\x16\\xe1 \\x17\\xdc1j\\x02\\xeb|\\x91\\xb7\\x0c\\xbb_"
  496. },
  497. {
  498. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xb6\\xe0\\x95\\x05wi\\xa3\\x11\\xe69\\x07\\x0f\\x96\\xd4\\xf9u \\xe5x\\x17\\x15\\x84\\xa0\\xc1\\xbfp~j\\xc8\\xaeh\\xe6*\\xc2\\xb65\\x11b\\x8b\\x92\\x1b[0\\xd3\\xcf\\x04b\\xea^\\xeeo \\x89q\\xdd+\\xb0l$\\xc7a\\xe8\\x7f0\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000t\\xe9\\x0eb\\xfb,\\x82t\\xbf\\x03\\xefb\\xae\\xb1y#\\x8aei\\x935-\\x9e\\xf0\\xc1\\xc2\\xc2s\\x81\\xa9\\x16\\xc3\\xd1\\xdf<m*n\\xb9\\x1dlp#.\\x11\\xe4!s"
  499. },
  500. {
  501. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04xw\\xc0k\\xff\\xfc\t\\xb3\\xf5w:\\xdf\\xf6/$\\xb8\\xbf\\xf1\\xaf\\xc2-f3\\xa82b\\xb0\\xb2+-u 3\\xff\\xad\\x1d\\xb8\\xcd\\xc8\\x7f\\x1a\\xba\\xd0\\xfa\\xcb\\xbf\\xba\\x1e\\xd0\\x88poc\\x08\\xee%\\xa9\\xfe\\x98\\xa7\\x0c\\xeem\\xfd\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x1cm\\x11\\x8c\\x0e\\xcf\\xd6\\x96\\xae\\x11\\x97\\xf0@\\x80di^\\xeb\\xc8\\x0b\n\\xbe\\xa6\\xec\\xe0\\x8f\\x12'%x\\xe5\\xd7\\x16\\xbc\\xae\\xfa\\xc7[\\x8a\\xf3\\xaa\\x9a\\x1e\\x92\\x8b\\xc7\\x17:"
  502. },
  503. {
  504. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x044\\xd06]\\xef\\x17`\\xf2\\xe2n\\x0cs\\xcc\\xc1\\xbeg\\x97\\xd0@\\x18\\x15\\xc4\\x1bi\\x11\\xe5\\x04z\\x88j\\xbbt\\xdcj\\xc5az\\xdb~ow}~\\xe2n/\\xc6\\xdb=7\\x13\\x1f\\x08\\xa4h\\xd5\\x1e\\x87}\\xfc\\x93\\xf1\\xe0\\xa7\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xd7\\x88\\x9c>jc\\x04\\xcf \\xf2\\x80\\xa4\\xa3w\\xb6\\xdc\\xbb\\xd0\\x97\\xden|-\\x1clx\\xae\\x7f\\x1d\\xf7\\xce\\x10\\xc5?sriub>\\xbdl\\xaa\\xc2s\\xe3>$"
  505. },
  506. {
  507. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x1cr\\x92}'\\xb0\\x9ck\\xa7\\xfc\\xdc\\xae\\xec\\xab\\xe2a\\xe4t\\x94\\x04t\\xbcn\\x12wff\\x8c\\xc6\\xc3\\x9a.w2\\xfa\\x1e\\xba%\\xbfl\\xae\\x05\\xa1z\\xbd\\xc4\\xe0\\xa8\\xbc\\xc7\\xd3\\xe5\\xe8\\x0c\\xaf\\xb8\\xb9\\x06\\x95\\x07\\xda\\xe3\\xad.\\x96\\x13rt\\xc6\\xb3\\x99j\\xa3\\xa9\\xc8\\x0ew\\xddx0no\\x93\\xd6\\x92c\\x1f\\x01 \\xfb\\x7f\\xde\\x04\\xc4\\xac\\xc4\\xc2q\\x14\\xf0e*\\xe5cgu\\x0ea\\xed\\x1d\\xfc\\x89\\x88yr\\xbb\\xac\\xbd\\x81\\xa74oz\\xca\\xb1\\x85u\\xdb$`\\x9d\\xdc)\\x9d\\xec\\x82\\x1f\\xf1\\x11\\x0b\\xfb\\xef\\xcb\\x06\\x02\\x81\\xf2\\xfc\\xd3\\x1e;\\x833\\x8a\\xc8\\xb9\\xc3u#u\\xb9#\\xa1\\xfd\r\\xe0l\\xba\\xce\\xc9^\\xc1s\\x7f\\xf7\\xeb\\xac\\x8e\\xcf\\x7ff#\"\\xd5\\xb4\\%\\xd5sa\\xe7\\xcar\\xc1\\x18\\xe8e\\xfa\\x97\\x8a\\xfe\\xae\\h\\x1b\\x0b\\xfd\\xd7\\xb7e\\x87\\xdf\\x8fl\\xfc'\\xe7\\xc3\\xec\\xb8\\x11\\x1b\\xd6.\\xd70p\\xf2\\xd7!\\xec\\x11\\xa1 x>\\xeam\\xdd\\xa3u\\xc9p';\\xefh\\x9140\\x94"
  508. },
  509. {
  510. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x01\\xcd\"\\x86\\x99{\\x83\\x0b0\\xda\\x03\\xf0\\x1c\\xcd\\xb2\\xb6\\x13\\x15\\xdd\\xe5\\x8c\\xd1[q\\xbftty>\\x82\\xac\\x1e\\x00y1t!\\xbc:\\x7f\\xce\\x80\\x0bwc(\\x9b\\xb9b[\\xbc\\x10ear\\xe0\\x064\\xbc\\em\\xb3\\x97\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xf1j\\xe6\\xbe\\xb4\\x81\\x85]\\x12\\x84\\x90c\\x91*u\\xbc^(d\\xf6&\\x17+\\x11\\x95b_\\xf0\\x06\\x1e\nt\\x9d\\xa1\\xda\\x93\\xa7\\xc8\\xfe\\x800\\xb5ar\\x16\\xa1g\\xc4"
  511. },
  512. {
  513. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xa8\\x0fp\\xf3o\\x00lw\\xe0\\x922\\x98\\xec\\x85\\xc5\\x15\\xc3:oklr\\xa6\\xc5\\xd9v\\xe9\\xc9\\x14\\xdc\\x8d\\x0ccon\\x07c\\xfc\\xe9\\xbd?\\xe9\\xd6?\\xad\\xf3\\x9b\\x1917\\xd9o\\xa7\\xcc@\\x8f\\x8a\\x8a1\\x80\\x14\\x8c\\xd6\\xdd\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000kh\\xa7\\xbcu\\x9b\\xb1ov-t\\xc2\\xe1-w\\xddj\\xaf\\xeew\\xf2\\x14x^\\xdf\\xae\\xa3\\xc2\\xf4m\\x88\\xaa%\\xd2z0<d\\xf0\\xc7\\xad\\xec=\\xec\\x97\\x9e\\xf1\\x99"
  514. },
  515. {
  516. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01(\\x10\\xf3@we\\xaa2e\\xac\\x9c\\xec\\x08d\\xdb\\xdf\\xd7\\xc9\\xea6\\x8d\\x82\\x95\\xb5\\x91\t$\\x87\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  517. },
  518. {
  519. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x0b\\x16\\xdb\\xcf\\xcb)\\xe9\\xf3\\x88\\xf3@\\xd3\\xf7\\xe8\\xc8\\x04\\xa6\\xac9\\xa9$\\x87\"@\\xe5\\xfew\\x94#a\\xfd\\xa5\\xe2\\xdc\\x87\\xbe\\x8fml\\x08\\x0c\\xfe\\x1c\\x96\\xdab{\\xc9%\\xb9\\x9bo\\xeed\\xce\\xde\\xc8\\x01\\xc3\\x8d\\xac}\\x1b\\x9e\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x0006\\x0e\\xa8\\xb3\\x0b-\\xdd\\xdd\\x8a;\\x7fr\\xd7 \\xaf\\xf6\t\\xe9c\\x07ph\\xa4\\xea\\xc9i\\xe5\\x11\\xcb\\x19\\xe6\r\\xa1\\\\xc6\\xfd\\xee\\x9b\\x11\\xe5\\x9c\\x1d?\\xad9so\\x85"
  520. },
  521. {
  522. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xf3\\x9a\\xc2q7\\xfe\\xfc\\xa5\\x99'\\xa8\\xdfs\\x8b\\xca\\xab\\xcd\\x18c\\x13\\xf6\\xfb\\xab\\xb4q\\xbb\\xdb\\x84\\xa9\\x15=\\x87z\\x99xv\\xa9v \\x94@kl;p\\xaf\\xd9gw\\xf3\\xa8ww\\x0cq\"\\x89\\xc5\\xda\\x8a\\x8f\\x8b\\x1e\\x9b\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xd8\\x1dtl\\xf0\\x879m\\x98\\xa3\\xcd6fg\\x7f\\x11\\xec1e\\xf2\\xb6'\\xea\\xb2\\xe9i$\\x02\\xdc'f\\x06\n\\xabv\\xe3\\x99\\x977:w\\x01j\\x1d\\x9dr*j"
  523. },
  524. {
  525. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x14i\\xe46\\x02\\x9a?\\xe1\\x86$\\xb8:v\\x7fr\\xfe\\xe8\\x04\\xef\\x108\\x9f\\xc1\\xf1\\x96\\x88\\x19\\x13\\x81\\xa5\\xf6\\xb5\\xcab\\x83s\\xac\\x12]\\xfd>\\xb6\\x96\\xb0\\x1e\\xbe9\\xd7f\\x18\\x97\\xf2\\xe1\\xfdt}\\x92h\\xe0n\\xcf\\xa0\\xbc\\xa3\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x14\\xde\\xd8j\\xbb\\x87\\xd8u3\\x0c\\xafk\\x91\\x8b\\x0b\\x17\\xddx\\xc6\\x05\\xbf\\xae_m\\xf9q>\\xfb\\xc4\\xabi\\x1ex\\xb6\\xe3\\x9bhyh\\xc4j\\x8d\\x9fl\\x16>\\x06\\x7f"
  526. },
  527. {
  528. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xfep\\xae\\x9a1\\x04\\x19h\\x84\\x1e\\xd69\\x86\\x12\\x84-\\xbcv((\\x99\\x1e{\\x15\\x0er<\\xd5\\x02\\xf2\\xc1\\x0c\\xf1\\xce\\x0e/\\x8bl\\xa5\\xc2t\\x16\\xa2\\x84\\x8dd\\xcd\\xd40\\x07`00\\xe0 \\x82b\\x0f\\xb1\\x81)\\xb7\\x05\\x8a\t\\xe9\\xc1e\\xe2\\x14\\xfbz\\x9e\\x0f2i\\x80[\\xed\\xe5\\x14\\x873\\xc4\\x83\\xda\\xe5\\xc0\\xa7\\xb6 \\xaf\\xfd}\\xa7\\x93\\xe0\\x84p\\xf9\\xd3\\xc3\\x9a\\x9c\\xc3$ie$j/\\xd5\\x80\\x04mf\\x8e\\x07\\xa5\\xd2\\xdem\\x85}\\xe5\\xf9\\x90\\x1e\\xfd\\xa2\\xe9\\xeddk\\x03:\\xc3u2\\xb8\\x0f\\xd6|jki8\\x16\\x06^\\xeao\\x89\\x88\\x80\\x8dq\\x8dt\\xaf\\xb7\\x84i\\xac[5\\xf1\\xbf\\xb9d\\xfb\\xbb\\xf7\\xd6\\xfb\\x1bx]\\xcc\\x18qm\\x81f\\xc5\\x1f\\x90\\x8d\\x7fm\\xffm@\\xfe\\xe9\\xe5f$u*r\\xa1\\x8f\\x8c\\xbbn<\\xbde\\xfe\\xe8\\x87nv.\\xa6\\xc4q\\x1a\\xf5\\xcd\\xdc\\xc6\\x97\\xbctl\\xc2\\x14\\x81\\x84\\xf0\\xe7\\xbd\\x93\\xcf\\x92\\x07d\\x8a\\x9d\\x0e03:\\x96\\xe3\\xd4\\xd9i\\x80"
  529. },
  530. {
  531. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xae\\xa9\\xb1\\xfd\\xa9\\xd7\\xc2\\xff\\xcb\\xd1\\xd7\\xac\\x06\\xd6\\x1eun\\x19x\\xaf\\xdc)e\\x81\\x9f\\xa7\\xcec\\x9b\\x87\\xa7\\x08\\xa8lk'#\\xf2\\xd9\\xa0\\xa0c\\xc8\\x18\\x81\\x17\\xbazj\\xc6`mk\\x054\\\\xef(,\\x8a\\x98f4c\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xcd\\x7f\\xae\\xf9\\x89w\\xdf\\x1fp\\xd7c\\x15\\x0cc\\x107\n\\xa4\\x13p\\xb7\\xe2p\\xabu<\\xb6\\xe8\\x0b\\x8a`\\x9d\\xa7\\x86\\x08[\\x7ftg\\xa6\\x84\\x9fu/\\x03\\x83\\xff\\x0f"
  532. },
  533. {
  534. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x1c\\xb4\\xb9$\\xfe\\x91\\x13g\\xc4x%\\xc6~<\\xd9\\x05t%\\xdc&v\\x13fr@\\xbc5\\xb0xp\\x92\\xbdv\\xc2\\x8d\\xe2\\xf5g\\xc1}\\xd7\\xb3\\xcay#yy\te\\xf0jk\\xfd+\\xed\\xcb\\x8b\\x84\\x0f\\x16\\x94\\xde\\xd7y\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x83q\\xa3\\x1d\\x1c\\x1cs\\xbb\\xda\\xed\\xe1\\xd3\\x94\\x16^\\x94\\xd5\\xac\\xd0x\\xc0\\xff\\xc6)\\x8e@\\x81\\xca\\xe4\\xf1\\xb8\\x00\"\\xc0\\xe7\\xb6\\xb1o?\\xbb\\xcb\\x13\n\\x8a|e}\\x07"
  535. },
  536. {
  537. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe9\\x9f\"\\x90\\xc9o\n\\x89t\\xeb\\xbc\\xc1\\xaa^z$\\xb4r,\\x13\\xc9\\xcb\\xfb\\x944\\xfa}\\x12\\x7fv\\x11qt\\xc5.\\x13\\x07\\x1eo\\xca\\xd4)\\xa2\\xd6\\x94\\xaby\\x9a\\xdd\\xde\\xad>\\xf2\\xbb\\xe0\\x89\\xd5\\xaa\\xa8\\xc7f>\\x83\\xe9\\xf1l\\x8b\ri\\xe4ti\\x84\\x8ev\\xa6d\\xe1b\\xe7\\xbcu\\x92f\\x91\\xd8~2ct.t8\\xdc\\x8e\\x11z\\x0f\\xf0\\xe2\\x8b\\xc8\\xbc\\x90\\xdc\\xdb\\xdc\\xc5\\x94\\xc0\\x90\\xa9\\x90\\xda^\\xeb~\\xed\\x07'3cj\\xc0\\xf9\\x19!&\\x93\\xd4\\xd3\\xa3]{\\x19\\xa4k\\xfai3\\x9d]\\x15\\xac\\xf0;{\\xd8e\\x1fy\\x88\\xe8\\x8c\\xc4p\\x14\\xa7\\x04\\xec\\xfc\\x97t\\xab\\x17 \r\\x18\\xc7\\xba\\xa0\\xae\\x0b\\xdd\\x00h\\x1a\\x80c\\x8d\\xba\\xfdm\\xa9\\x9c\\xa5\\xa5e)\\xb0\\xfd\\xd2\\x97$\\xb7\\x9e\\x83\\xfd\\xf6\\xf4\\xdbs\\x12\\xc6\\x1e\\x9113\\x03%\\xcc\\x84l\\xca\\x17\\xc9\\xeb\\xd2c\\xf4\\x97\\xf2\\x07\\xe8\\xf9t\\x0f\\xc0\\xd7\\xc0t\\x06\\xd4\\xda\\x84s\\xbd\\xda?\\xd0\\xf3\\xa87\\x1f\\xc7\\xbb\\xe4d5\\xacf"
  538. },
  539. {
  540. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xaa\\x89u\\xbd\\xc5\\x8dxw\\xc7~o&\\xd1b\\xf1\\xd0\\xa9^\\x8b\\x99\\x1b\\xbe\\x85i6\\x06'\\\\x93\\x9b\\xf4\\xb7\\xc8\\xe2=\\xadn\\x81\\xf6w\\xee\\x1b\\x8ef\\xb9^<\\x93\\xe3e\\xa2\\x1d\\x89\\x12y\\xaa\\x08\\x83b\\x05p\\x1c/pj\\x96j\\xd78\\x85\\xe3&\\xb4\\xef\\xb8t\\xdfd\\x8d\\xb5y\\xf3;\\xf063\\xe0x\\xe7.n\\xc9,\\x8cip\\xda\\xeb\\xdf\\x9e\\xfd\\xa1\\xb3m\\x0ed,\\x81nq\\xd3\\xb3\\xb0&j\\x80\\x81\\x8e\\x8de0\\xae\\x8e\\x08\\x9ae\\x97*\\xcd\\xf6k\\x93\\xff\\xc0\\x9f\\xf2\\x9db\\x1a\\x95\\xf8-\\xe0\\xc5w\\x85\\xd5\\xa59]vxi\\x80\\x8c,\\x05\\xce\\xd5j\\xf4\\x9fs\\x1d\\xef\\x19\\xe5d\\x83\\x08b<]\n\\x00o\\x9f&\\\\xa2r\\x0bt\\xee\\xae\\x92\\x15\\xcfn\\xb1\\x9b'7\\xa5\\xfd\\xcac0n-<\\xc2\\xba>&\\xa8\\x12d\\x9d\\xcd\\xa6\\xad\\x83i\\xcb\\x8d\\xe4\\x81\\x056\\xc5\\x1c\\xa6\\x81\\x13;_\\x9d|\"\\xb8\\xe4\\x81\\x1a\\xdd[\\x9d\\xe8\\x86mc\\xb3\\x01s\\x9f\\xabkt\\xd1e+"
  541. },
  542. {
  543. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb0\\xff\\xe5\\xdc\\xeb\\xa0>|\\x829\\xb9#\\x13l\\x87\\x14ht\\x06\\x7f\\xd1a)\\xe86v\\xbb\\x7f*~k\\x00~\\x87\\xadh;\\xbe_`=\\xae\\xe8\\xb4a\\xd9\\x98\\xd8\\xe8\\x92\\x85l0\\xea\\xaa\\x05\\xf6f\\x90n\\xdd)i\\xf4\\xe4\\x92\\x9dz\\xb0oz\\x941<s)x\\x86\r\\xaf,\\xf6 \\x03\\xc3\\x94\\xdd\\xe6\\x15a\\xd1&l\\xd0\\x17c\\x19\\xb8\\x00\\xf2\\x97\\xe1m\\x97o\\x00\\x8ch4c\\xfa\\xd9\\x1f\\x86k\\x84jo\\x03cx\\x1f\\x8a\\x04?\\xb6u\\xd3\\xa6\\xc3 \\xf0\\xd0\nva~\\xab\\xb9\\xe5\\xef\\x99\\x00l\\xd2s5\\xdc\\xea\\xdby\\xd5\\x0f:t\\xe8c\\x81\\xea*\\xec\\xdd\\x9e\\xa9\\x82qy\\x03\\xf3\\xc4\\xdb-\\xf6\\x02\\x15\\x9fb\\x08\\xa2\\xf89\\x8d\\xea\\xda\\xae\\x80\n\\x11\\x8d\\xe3\\x87\\x90\\xc6o\\xad\\x82\\xdb\\xdbsb\\x82\\xa6]\\xe4e\\xc5\\xd0\t\\x87\\x1b\\x89\\xba|i\\xa3\\xf9*\\x02\\x12\\x97o\\xa9\\x91\\xaf4\\x87\\x02e\\xae\\xdb\\xe3\\xb35\\xad\\x91\\xb2}\\xc4^\\x9fet\\x8f\\xb9qy\\xf2$k@<"
  544. },
  545. {
  546. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xc3\\x83\\x16\\xc5\\x0e\\xbb \\xbbb\\x15\\xb9q\\xbc\\x84\\x8b\\xd1g\\x1c\\x01\\xb2\t3wa\\xf1_\\x9a\\xbd\\xael\\xa2\\xfaj\\xfe\\xe3\\x96j\\x1db\\xb4\\xcen\\xab\\xb4\\x98\\x19\\x10\\x81\\x12k3\\xb4%[_+\\x85s-\\x0fv\\x80\\x1a\\x18\\xb6\\x0c\\xf3y|\\x8d\\xf4+\\xc6\\xe1\\xd2\\xe2b\\x95\\x80{>\\xfex9\\xff$\\xdc\\xb2$\\x1b9[\\xd4\\xa1\\xf4n\\x18\\xe8_\\xb9\\x94<bd\\x864\\x00&\\xechzqrq\\xb8-\\xf4\\xd6\\xb7-\\x17\\xf40\\x1f\\x8e.\\xee\\xa8\\x80\\x0f,&7\\x8d(:c\\xabpc\\xab`\\xec\\xf8gh\\xa7x-\\xb0\\xdf\\xc4\\x97\\xba\r\\xd1\\xed\\xfa\\x14\\x94\\xf9\\x1c\\xf54\\xbc\\xc2`59\\xf1\\x80\\x1b\\xea\\x8cd\\xf1\\x90\\xe0\\xc7+f<o\\xe4}\\xcfg\\xd8r\\xbe\\xdby8\\xc0\\x18\\xf3\\x1a\\x94\\x93t>\\x8a)g\\xec\\xe5\\x85\\x97b\\xe0zt\\x9eah\\xbb\\xbb\\xb8\\xbc\\xd9 \\xa4l\\x90\\xf4\\xa4s\\x17 c\\x85\\x0e\\xa1i\\xd8\\xb8j-\\xaf\\x05\\xef\\xec/\\xd5^\\xa9\\xa8m\\xd6s{"
  547. },
  548. {
  549. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010,\\x88\\xb6\\x80\\x97l\\xac\\x8fj\\xd3\\x14\\x0cb\\xa5]\\x83}b/\\xb8{\\xa8\\x8d\\xd6;s+\\x7f\\xa3\\xf2c\n\\xa0\\xdde\\xdf\\xda[\\x07\\xb5\\xf3w\\x9b\\x02\\xf2\\xf7\\xe9\\xf5m\\x9a\\x89\\xbdn:\\xd0!\\xba\\xa0\\xb1\\xa8\\x8f8\\xc3\\xd2t\\xd6-\\x98\\xd4q\\xfa\\xe1cz(\\x1b\\xd9,\\x81\\x078\\x9ci*\\x823v9\\xcc\\xdf*\\xbf\\xde\\x8d\\xb8\\x92gc\\xe7\\x94\t@\\xde\\xb4h\\x87\\x062l\\x85!\\xaf\\xa8r\\x87\\xb8\\xc2\\x7f\\xde\\xcd\\xc1&\\xee\\xe2\\x85\\xb0$\\xf9\\x91j8\\xeaon\\xf3c\\x91\\xaaz\\xb4\\x9aq\\xd7w\\xbd5q\\x93\\xa9c\\x99\\xd1b&}\\x89\\xfdmsd\\xde\\xec\\x82\\x8b\\x8b\\x19\\x97\\xa6\\x0f=swm\\xe9\\x97\\xcca\\xfc\\xaa\\xd3y\\xfd\\xc3\\x1c%a)\\xac\\x0e\\xb8r\\xb5\\x8c{\\xe1b\\x80!\\xe1\\x9a\\x89\\xe3\\xb0\\x13bk\\xb10n\\xdaw8\\xa3i@\\x\\xc4\\xa3\\xd0\\x1bl0\\xf7\\x14n\\x02da,\\xd6j\\x1aq~t\\xe2*w\\xf36\\xdee\\x0f\\x8a\rh\\x0f t)"
  550. },
  551. {
  552. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x0107\\xd0\\x88\\x18?\\x90q\\xbb\\x1e\\x92w>\\x98mp\\x98w\\xc5\\xa7\\x96\\xf1\\xcd\\xbfa\\x9e\\xd0\\xf5\\xd9y\\xe8\\xea\\xe0\\xc1\\xe6\\xe5\\xee\\xaenw\\x18\\x8a&\\xe2\\xbd\\xfc\\xa8%\n\\xaced\\xd7s\\xe9\\xdf\\x8b\\xf2\\xf9\\xf8\\x89&\\xb2=\\x9f-\\x14\\xba\\x97s\\xe5\\x9b\\xe6}\\xb9\\xbc\\x9b\\xf3\\x83]\\xf0\\x98\\x85\\xb6\\x87<\\xe9\\x88\\xe7\\xaey\\x1cgd\\xc1\\xda\\x0c\\x9ad6z\\xf5nf\\xe4r\\x17)\\x85\\xae\\x13\\xee[l\\xfa\\xa3\\xdf\\x92\\x85\\x8f4[\\x85\\xdb\\xaf\\x08\\xf3\\xc5\\xeb%\\xc3\\xacp\\xe3 \\xd6\\xb2\\xfb\\x85\\xd7\\xa2f\\xd7\\xe5\\xefmq\\x7f\\xca\\xa7\\x08\\xa6o\\xd3\\x1f\\x92\\x8f\\x195w\\xa7\\xe7\\xe3i\\xf6\\xe9 \\xce+\\x8e\\x90\\xcb\\xc0\\x99\\x1f\\x06e\\xed\\xbdr9\\x94%\\xc3f\\x83\\x1c(\\x00\\x8a\\x07\\x9a/id\\xf8\\xe4\\xb3\\xfb\\xf8\\x95*d\\xea\\xb5\\xf3\\xcc\\x84p\\xb85\\xf9\\xf4\\xce\\xb5sry\\x048lt4\\x0c\\xd5\\x9c=_\\xfa\\xa0\t\\xda\\xe3er\\xe8\\xe9\n\\x83\\\\x9bv\\xd4\\xf5\\x87\\x12\\xcdb!\\xf1j\\xee"
  553. },
  554. {
  555. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010)n\\xad\\xd0\\xb6&\\xb7\\x8c\\xb3:&}\\x077\\xa6\\x94\\x0c\\x89>\\xb4\\xb0\\xb9k\\xdc\\x87\\x80o\\x8d\\x17\\x16z\\xf9\\x12\\x1ad\\$)\\x8f#\\x7f\\xec\tk\\xc7d\\xe9]$nh\\x81\\x05\\x82\\xc8\\x9cnm6w\\x7f\\xb2\\xe8\\xd8\\xe1\\x00\\xb8\\x80\\xd9\\x0c\\xdd -\\x813\\xe7\\xbd,j\\x98-\\xe4\\xf59\\x00j\\xbf\\xee\\x82c\\xc9\\xf76\\x8f\\x96q\\xf9)\\xc5\\x1c\\xec\\xca\\x11n]\\x00ube\\xc5\\x977\\x80\\xa5\\xf3\\xb5\\x8e8\\xba[m#\\x7fd\\xcc\\xd6\\xea'\\xd5\\x18\\xbc\\xf2\\xf7\\x0bg\\xa4gswl\\x81ab\\x060#7c\\x1d\\x91f\\xe1a{\\xa2\\x08\\xc6\\x84\\xb8.+\\xa20@\\xf4\\xbd\\xeb\\xfbw\\xd5\\xdb\\xed;\\xcf\\xc9q\\xed\\xff\\x08\\xb0\\xa3\\xd2\\xcb\\x83\\xc9\\xddz\r,\\xb8\\xfez\\xfe\\xd0\\xfac\\x1d%\\xad\\x97\\x7f\\xa6\\xd3\\xe6n\\xb4\\xdd\\xff\\x15z\\x1d\\xaf7\\xbc\\xe8\\x03\\xc5\\x1c%\\x94>\\xac\\x14&\\xcb\\x8e\\x9f\\x8e\\xe4\\xf5\\xa5q\\xf8\\x99!\\xba \\x83\\x91l[-f\\xd9!o`\\x08l\\x91\\xe9"
  556. },
  557. {
  558. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xff\\xc3\\xcb[\\xedt\\xbd\\xf3m\\xc3\\xc6\\x07\\x9e\\x892?5\\x96j\\x98\\\\xbe\\x9bl\\x1b$\\xca)\\x0e\\xa7\\x01\\xae\\x10\\x8e\\xe7l\\x1c+\\x10r\\xcc\\x1f\\xb7v\\x94\\x04k~\\x80\\xc36xo\\x1f\\xcd_\\xc1~\\x94\\xc0\\xd3\\x81\\xcdx\\xb9\\xe1\n\"/\\xb7u\\xfa\\xf6\\xca$\\x90\\xb6~\\xb1\\xb9\\xcdi\\xb7k+\\x1e\\xd3\\xc0\tj\\x08[\\xa2\\xf3\\x92\\x9d\\xc2t\\xce\\x9a\\x8ba\r\\xf1\\xaet)&\\x99\\xaa\\x0e\\xd6\\xd3\\x903por\\xf2[x,6+/kb\\xc01t\\x95\\xfc13zzr\\x12\\x8aje\\x18\\xb6\\x8a2g\\x0c\\xc4\\xf5\\xa4\\xfbefx\\xccca\\xb5\\xb43k\n\\x08|\\x06\\x89\\xf1\\x96*\\xe1v\\xedsg]\\xb7\\xac\\xb0/-\\x9f\\xfcno\\xcd\\xee\\xc6\\x10\\xda\\xdd\\xber}p\\xbb[v\\xcd\\x96b\\x0ey\\xe3/\\xf2\\x0bz\\x88\\x7fw\\x0b\\xae\\xd6}\\xed\\xaa\\xa4<&4\\xa1\\x8f\\x8f]\\x98\\xa29\\xc1\\x90\\x00\\x18\\xb8\\x84x\\xf0\\xb1\\xe2\\xfb\\xbe\"s\\x9c=u\\x0b\\xde\\x17\\x165\\xb0\\xe4"
  559. },
  560. {
  561. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010&5\\xc3\\xe7\\x94\\xb0\\x9d\\xc7k\\xbf\\x14d\\x14\\x95x\\xf2{\\xfe\\xea8\\x80k-\\xff\\xbcg\\x03+`\\xe8\\xe6\\xb4\\\\x94\\xb5s\\x83\\xcd/\\xde\\xf2\\x05=\\xd1\\x88b\r\\x81\\x7fk\\x91\\x9a\\xf0\\xd3s\\xa95,uv\\x13\r\\x9f\\xd3\\x19\\x0f\\xbb\\xc2\\xf6\\xb1x\\xbd\\xee\\xa5\\xaa\\xf7\\xb0c\\xbfp\\xd3*\\xf4\\xe4\\xb6\\xcf\\xf7\\xbf6\\xe7\\x8b^\\x08\\xd7g\\x8f:\\x9d\\x88~k\\x86izsc\\xb5\\xa1m:\\xfb\\xd0+k\\x86\\xbbj\\x84_\\xcfyotxo\\xdb_p\\xf0?i\\x07\\xc2@pt\\x11\\xae\\xd9\\xc3\\\\x98\\x11v\\xa1\\x18c\\xd6a\\x8a\\xb2k\\xc0\\xe4\\xd5 \\xb0\\x97q\\xce\\xf7\\x84;(\\x9b[\\xd1\\xea\\xc2c\\xb6\\x9d\\xd1\\xb3\\x15\\xe1\\xef\\xe0[jum\\xe2\\x8ej\\xfftm\\xa3yk\\x0f\\x8a\\xf7\\xc8\\xb8*9@%\\x1b\\xb4\\x92\\xe3\\xd6\\xc72]kj\\xe3\\xc3\\xaa\\xa4\\x07>\\x8a\\\\x7f\\x13]\\xbd\\xd7e\\xcc\\xa4k\\xbb\\x11/\\x00s\\xe78\\xd6yjjc4\\xba^\\xd7\\xae\\x0b8\\xd5\\xd8\\xc5ly"
  562. },
  563. {
  564. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xefv\\x0e\\xba\\xa3\\xe0\\xd5\\xab\\xce(y\\xaf\\x1c\\xd8n\\xdc\\xc6mw\\x87\\xe9\\xde8\\xb8e\\xc2\\x9fi\\x99\\x02\\x84\\x8c\\x8f\\xaar\r\\xe2\\xac\\xfe\\x15\\xed\\xd0l\\xc0\\xf4e\\x8a\\x1b\\x87\\xdb\\xbb\\x89\\x9a\\xc2\\xbb\\xac\\x97\n\\xac\\x92\\xc4u65v\\xb8\\x08\\xe6?\\xd3\\x91,b\\xfe\\x8a\\xab[c\\xae\\xde\\xfay;\\xdd\\x91\\x85\\x91\\xb6\\xba9]\\xc0m\\x1c\\xc3>\\x88a\\x86\\xc5\\xdf.\\x11x<b\\xb3\\xad\\xa2\\xb0\\xa6\\x03\\xac\\x95\\x1a\\xe5{m\\xa7\\x0b\\xc6a\\xaf6e\\xcc\\xad\\x81\\x99\\xee\\xdbv\\xe5m^\\xbc\\x12\\xcd\\xc4\\xe4\\xb1\\x8f\\x06\\x19\\x889\\xd4\\x80\\xb4\\x93o\\xc2b\\xc4\\x84\\xd1l\\xa8\\x80\\x05o\\xf24\\xb7@\\x83\\x90\\xe4\\xf7\\xe5r\\xf4(\\x82\\x93mg\\x98/l+\\x97\\xa6\\xb5\\xc4\\xfc\\xe7\\x84x\\xf2\\x1b\\xeb\\x93y\\x12\\xe4b\\x14\r\\xa6w\\x07=\\xb4\\x89\\x8f\\x85\\x8fr\\x08\\xe5\\x18\\x0bp7\\xe23\\x98y\\xa8qh\\x9f\\x1b\\x92(\\x0e\\xfbo\\x8fk\\xb8\\xef\\xd6f\\x8a\\xf6\\xe5k\\xd8;\\x9ck\\xd6\\x95\\x819\\xfd?\\xc5\\xa2"
  565. },
  566. {
  567. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xca\\xa1\\xd7y\\xc74\\x9byf@&k\\x81\\x83+p\\xd8-4\\x8eis\\x0c\\x85\\xc5\\xa2n27`\\x86\\xa5<\\x9e\\\\x15v\\x83\\xf9\\x15o\\x0b'9\\xd1\\xbe9\\x9c\\\\x0ek\\xdd)\\x85\\xa3\\xf2;\\x9c\\xc0\\xb4\\xed\\x87\\x93i\\x93\\xb3l\\x1c?\\xa8o\\xf5~f\\x8e\\x11\\xcd\\x04\\xc8\\x0bol\\x076ve\\xc3\\xd6\\xa5\\xc71\\xc9h\\x1b\\x95\\xa1<\\xbd0\\xfe\\xf2z\\xd9\\xec\\x82\\x9b\\xf9w\\x80\\x80[\\xf5\\xbf\t\\xca@u-\\x0e\\x88\\x0ethyqz~\\x94]\\x96a\\x12\\x97\\x7fr\\xb2\\xe2&\\x15\\x88b$\\xf8\\xa8\\x00<\\x96\\xf4\\xd3i\\xe9\\x1c\\xb70\\xa1z\\x8d\\x01afl\\xe5\\xf7\\x1a]\\x99e\\x08\\x87\\xf2\\xea)z>\\x02#t\\xd2\"\\xcd\\x80d \\x9cgh\\x06\\x83j\\xd8\\x08\\xbdg<x`\\xe4n3\\xbdd\\xb02\\x9f?\\x02\\x93y\\xdf&\\xf1\\xa6\\xa2\\xee\\x90\\x95\\x08\\xb2\\x17\\xa9\\x90\\x89\\xe3\\xa8\\xee\\xdc\\xf9p*\\xfe#<w\\xf7;\\x93\\x9ei\r\\x10\\x9c\\x01\\x03\\xf0]v\\xaf\\xe5q^^"
  568. },
  569. {
  570. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x90sw\\xf70n?\\x12\\xfa.]{4\\x17\\x87\\xd6m\"{a7\\xa5&s\\xe5\\xba\\x94\\xdfq\\x99\\xc5a\\x10\\xdb\\xab\\x9a\\xc4)\\xeb\\xd3#7\\x89\\xd9\\xc9\\x1ed\\x0f\\xb92\\x08\\xc27/\\xc2w?x\\xec_x\\x18yz\\xd9\\xaf\\x13_b\\xfdu\\xe8\\xc0\\xcb1\\x8d\\xbd\\xcea\\xe5;\\xcc\\xdcl.|\\x15\\x1a\\x9e\\xff\\xca\\x82\\x05\\xbc!\\xfd9\\xc0\\xd0!y\\xc5\\xa4\\x1e\\\\x7f\\xa7\r\\xedgu\\xfe]\\x8e\\x02\"\\x96\\\\x7f\\xe8\\x95>\\xde\\xcf\\xe8\\x94\\x17(\\x84\\x10?\\x18z\\xe8cj9\\xd8\\xee\\xdf\\xf1\\xe7\\xfa[gq5\\x15\\x9e\\x05\\xf58\\xbb\\x10\\xdb\\xc2g\\x94r\"c\\x04\\x8b\\x03\\xd5v\\x01\\xfch%\\xbf)\\xf0\\x94\"\\x1fh{l\\xdb<\\xbb3\\x84\\x0c\\xe2\\x9fd\\xbb\\x1e\\xb62~\\xc6?:|\\x9c\\xc0#\\x00\r\\xe2\\x1e\\xd2\\xc7k\\xdd\\x0c\\xf1\\xfd\\x17_\\xff\\x17\\xef'5]uv\\xa9\\xe6w\\x168\\x12d\\xb7+\\x96\\x89\\xd1y\\xe6\\x14\\xf3\\xea\\xaf?\\x0c\\xc9\\x01\\xb5\\x04\\x92\\xc1\\x82\\xaa5|"
  571. },
  572. {
  573. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xba7\\xb4\\xdd\\xbd\\x10\\x10\\xb3\\xd5*\\x81r?+e\n\\x1em\\xbe\\xf8\\x05ma6q\\xdc\\xe5\\x9f\\x0e?\\xc2\\x06;\\xb2\\xf3\\x89,\\xf8\\xf8\\xfd3}\\xce\\xd1\\x9b\\xb1dj\\x8faw\\xf5xh\\x85\\x90+\\xf4\\xb7\\x80.nqv\\xf6\\xcfy;tq7(\\xb8j\\xc7b5\\xef\\xf7ynk\\x82\\xc1\\xaay3eq\\xa8.r\n\\xc8\\xce0\\xf0\\xd8\\xd9.w4\\x96x0\\xaf\\xe3\\x07\\xde\\xbb\\x1c\\x9d\\xe5\\x9d\\xdd\\x05=\\xef\\xc8{5`o\\xa7\\x8a}\\xb2\\xa1!(b\\x07;xr[\\xf2\\x1be\\xbb\\xcc\\xfc\\xfe\\x05,\\xce+\\x19w\\x1d]3\\x0b:\\x8c\\xbd\\xb4\\xe2\\x98\\xec\\x88oj7\\xb0\\xe4\\xed\\xba\\xaf\\xa5\\xc1\\xbf)\t\\xaa\\xda\\x85\\x84\\x98\\x8c@\\x16\\xb2\\xad\\xa2\\xaf7\\xa3fs\\xaa\\xaex\\x95\\x8fz\\xf7\\xd9g\\xe7r\\x17r\\xf6p@\\xd7\\xaaj\\xe2\\x0f\\xbf\\xe0f\\x86*\\x0b;\\xdd\\x90!\\x9e\\xe2l\\xc8nu\\xfa\\xbc\\x87\\xbe\\xde8(n\\xfa}\\x01\\xe4f\\x17\\xa3\\x9e\\xeay\\xb5m\\xe4 d1"
  574. },
  575. {
  576. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x0103\\x92\\x93\\xbb\\xd0\\x13'\\x18nu\\xae\\x0e\\x18\"\t\\xaf\\xba\\xd6,\\x9e\\xb7\\xac6j\\xf1\\xa1\\x97\\xf0|m\\xdd\\xcf`\\x85\\x18\\xdcbt\\xe9>e,\\xe00\\xae\\xf7\\x81\\xa8\\xe1\\xf5p\\xe01l\\x19n\\x01a5\\xef\\xfb\\x8bo+\\x87\\xe1\\xe2\rs\\xfb(\\x0f\\xb7\\xbe_\\x10r\\xdcaj\\xf9\\x06\\x1b\\xf9\\x1e\\xa7\\\\xdbf2\\x1c\\xcb\\xb0&\\xf3\\x04\\xd5\\xf8\\xb9t4\\x08\\xe3\\x0e$r\\x97\\x056\\x15\\xf7)\\x90\\\\x8a\\xa5v\\xe1\\x7f\\x06\\x01=\\xab\\xe3+\\x8b\"h\\xf3\\xd3\\x11y\\xe1c\\xadm\\xdb\\xa0\\x97\\x85\\x17\\x92\\xb4ws\\x91\\x83\\x99\\xc8\\xb3\\xea\\x8e9w=h4\\xb6h\\xfd\\x8d\\x12\\x8c\n&\\xd9;4\\x7f\\x19ci\\xfd\\xd5\\xed\\xf6\\x9a\\xd8b\\x06v\\xe2\\xee\\xd2~\\x83\\xc2]\\x05\\xa6&\\xf1}a\\xc0d6$\\xdc\\xe4\\xaa{nq4_j;\\xf95\\xa6b\\xd2\\xf8hy\\x03\\xdf\\xff\\x90wt\\x9c\\xb5\\xbe\\x1e\\xc0\\x06\\xb0\\xb2{\\x82\\x8c\\x84\\xc8w\\xb5\\x8c/\\xae\\xd1\\xa1\\x01\\x8d1\\x84\\xab\\xd5\\x9a\\x8f\\x86"
  577. },
  578. {
  579. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xb7\\xd5z\\xca\\xa1\\xf0\\x99\\xee\\xa2\\xc4\\x10\\x87\\x98\\xa3\\xefc\\xe5\\xcf\\xc7\\xd7*\\x96\\xe94\\x90\\xec\\xd8\\xe3\\\\xedcga\\x05d\\xe8m_\\xc1\\xd9v\\x9a\\xc1w\\x99\\xeet\\x99j\\x83gv\\xde>f@c\\xb1\\xf5\\x1f\\xe2b\\xadx\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xa6x\\xa7=\\xe1\\x1d\\x83`o\\x1d?\\x16\\x94\\xfe\\xd6 \\xe7\n\\xa0\\x0ew}6\\xde\tey\\xe8b\\xbd\\x9bsx\\x80\\xe7\\xbbj\\xbfn\\xb1^@\\x8d\\xdd\\x14u\\xafe"
  580. },
  581. {
  582. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xfc,\\xd1=\\xad\\x9ao\\x1f\\x1d\\x13c\\xabh0\\xf1\\x85\\x15\\xbd\\x1a8\\x86\\xda,\\x1f\\x94\"\\xd9|\\x8e\\x1d\\xed\\x1f\\x8di\t\\xe1\\xbc*\\xfb\\xdc\\x9a\\xd7\\x1a\\xdd\n\\x8fqutg\\xe7`p\\xa6\\xa8y\\xaf\\xc4\\xc7\\x85\\x1d\\xc7\\xa2;\\xf3\\xca\\x90jzo:\\xe2^\\x1b\\xfc\\xb2e\\x1fx\\xb0\\xfc\\xb4m\\xaa\\xda\\x8bm\\x01a2\\xe5\\xa6d<y\\xa9\\xca\t\"\\xe2\\x040\\xed\\x90d6\\xe0\\xe2r\\x8fb~v\\xbe\\xc9\\x13\\xb3\\x9f\\x05f\\x9c\\xce\\xf7\\x04\\xfa\\x89\\x8a\\xdb\\xb9a\\xa9\n\\x07\\x03\\xf8m\rou\\xb9\\x06\\xf4\\xc6=\\xec\\xdfp\\xfc\\xae\\xe7\\xa0\\xe1\\xae\\xe1\\xf7~\\x99@\\xd1\\xe04\\x00\\xf7\\xa1#\n\\xea\\x00c)\\xa2\\x06-\\x1d\\x0fk\\x9e\\x19\\x99[\\xea=9\\xe1\\x94\\xc1v\\x18\\x0b\\x8al\n\\x9c?>\\xfc\\xa6\\xa5\\x00\\xb0\\xcdc\\xc7s\\xf6\\xd8\\xa6v\\xda\\x7f\\xb24\\xec\\x1c\\x1by\\xcf\\xb9\\xd8\\xe4\\xacw\\xc7d&s\\x89l\\xc0\\x93\\xd0@<\\x0c\\xc8\\xe0\\xaby\\xee\\x16\\xa7m\\xaam\\x93\\x96\\x0b\\xd5\tq\\xd4"
  583. },
  584. {
  585. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010,k\\xdc\\x8fp\\xd0\\xf6'\\xba\t\\x92\\xe9\\xa1\\x05\\xd1g;\\x05\\xc2\\xe1\\xa0!\\x80w5o\\xc7\\x18)\\xa3\\x87i\\xc5\\xdf\\x08i+\\x972\\x02\\x95\\x18\\x13\\x7f\\x9f\\xbbz\\xd9b{\\xcbi#k\\xbf\\xa0\\x0ed\\xb7\\x0bj\\x93goz\\xe8x8?\\xde\\x7fx\\x8d\\xc1\\x1f\\x8a1iq\\x7f5\\x93\\x7f\\x11\\xf0\\x1e'\\xce\\x90\\xe1\\x9a\\x10\\xfcb\\xcf\\xee\\xd2\\xc1\\xc1\\xcc\\xa9\\xdc\\x8c\\x83\\x1c\\xcc\\x1e\\x85\r\\xb4\\xaa\\xb4\\xda\\x13azpk\\x14y\\xae\\xdew\\x83\\xdb\\xb2\\xed\\xe6/\\x8c\\xdc\\x0f}).\\xec\\x99\n\\x87h\\xb6\\xd0\\x97\\x0e6m{r\\xfc\\xe7\\xe9\\x04\\xcc\\x1c\\xd3\\x14.\\x8a\\xd5\\xbe\\xa3\\x85\\xe8\\xa8\\x07\\xdbz\\xd0o\\x13\\xf5\\x90\n\\xce\\xc2\\xaewi\\xcc\\xee\\xaeg%\\x92\\x14\\x880\\x17\\xce\\x1bw\\xc7\\x0c\\x84\\x8c\\x9d\\x92\\x835s\\x99q\\x11vm\\xa8o\"q\r0\\xff\\xf5\\xe8\\xb5\\xa5p\\xf4z\\x80%|\\xeb\\xff2\\xf24\\xa5\\xf2\\xe0$\\x0c\\xc1a\\xab\\xe4\\x19q\\xb5\\xe8\\xc5\\x1c\\x0br\\xc6eb#\\x15@\\x1f"
  586. },
  587. {
  588. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010n\\xc7u\\x99fo\\xbf~\\x8at\\xde\\x0e\\xdf|\\xe3\\xeb\\xcep\\xf8g\\xff\\xe4\\xdas\\x8d\\xd1\\xd5l\\xb8\\xeb;;\\x8b\\xb5\\x92m\\x94p\\xa6\\xab\\x07)=\\xe4\\xa2\\x1d\\xd8!w\\xa2\\x0fd,\\xc6\\x18?\\xd8m\\xe4\\xc1p1\\xc8\\xc5w\\xa4\\xbb\\xde\\xaa\\x08\\xa0o\\x18\\x16\\xf3\\xba\\x02&\\xba\\xa2\\x9c\\x00\\x01r\\x95\\xbb\\x81\\xae#@(\\x85.\\x89\\xe2\\x83j|\\x12\\x1cb\\xd7\\xcf\\xac\\x1ftp16q\\xbf\\xa7\\xb2\\x95#\\xfao\\xba\\x15\t\\xca\\xa4~)v2\\xcbz\\x1c\\x8ah\\xbc)s\\xf1\\xc2b\\xf3\\x1c.\\x9cz\\xe8o\\xf4\\x01\r\\xc2\\x822\\xc7&\\xaea\\x9e{\\x80\\xf6`\\x1c\\xbf\n\\x1a\\xa3\\x80\\xb7\\xa7\\x10`\\xcf`lsh4%\\xf1\\xbbns\\x02\\xe5\\xa13\\xc9j8\\x19i\\xcf\\xc1\\xf1b\\x97\n\\x0246\\x1b\\xb6{\\xc8\\x0e3z\\xc0b)\\x16\\xb3\\xb7\\x96xw\\xa8t8\\xb3\\x84\\xa7h\\xe9\\x0b\\x80\\x97\\xfbq\\xf7k/\\xb0\\x16\\xdaf\\xcda\\xc1\\xbd\\xba~\\x03\\xeaw\\xd6x\\xa6\\xdd/\\x9e1\\x9a"
  589. },
  590. {
  591. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xd3\\xf6\\xff\\xb0]\\x8di\\xf2\\xc5>\\xe05\\x18{b\\xb9\\xe8d\\x0b\\xb2p\\x03\\x07d\\xa3}t\\xa1\\x9a\\xa6b\\x94\\xfa\\xaf\\l\\xe6?m\\x7fm\\x1a\\x03\\xff\\x10!\\x054\\xb2\\xf1(=\\x93z\\x9f\\xd7_\\x99y\\xe5\\x10j\\x99\\xf7\\xcf'\\x9a16\\xe7>n\\xb9\\x7f\\\\w\\xb3\\xbd\\xdf\\x13\\xc1\\x91\\xc3\\xd6\\x01\\xce\\xd1v,\\xe1\\xe8\\xee\\xad]\\x8f\\xf4\\x0c\\x0c\\xd8\\xfe\\x9c/\\x95\\xd9\\xe1\\x86d\\xbf0f\\xea\\xect\\xe8\\x1cl\\xed\\xda\\xeb\\x8b$\\xe3\\xe9\\xa5\\xca\\xc3(2m\\xedivo\\xd3]\\xd9\\x94\\x94\\x82d\\xd2\\xd4+\\xcb\\x85\\xe7\\xbf\\x9e\\xfa\\xaf\\xb7\\xb5\\x90\\x99\r\\xde\\xce\\xf2o\\xdc\"efg\\xe5z\\x96p\\xb7\\x97\\xf8\\x91-\\xd7&rone\\x97|\\xaf8\\x1a\\xa9\\xc8\\xe7\\xd7\\xa0\\x9a\\x10\\x9a\\x98d\\xa1\\xa8u\t\\xcfa$\\x05\\xb5\\x8a\\xfa\\x1ab6\\xe9\\xf2\\xd5\\x85\\xdaq\\xe1:\\x18\\x81iw\\x8cs?\\xf2\\xd56\\xbe\\xa8\\x9cjn[\\x9a\\xbbr\\xbd^\\x1ab\\xea\\x1d\\x03\\xe8\\xcd\\x8bk\\xbbvu\\xeb"
  592. },
  593. {
  594. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb9\\x18w\\x19\\x1c4c\\x94!\\xf1d\\x93;?h@7\\xc3\\xa0\\x06i\\x16\\xcd]z\\xa9g\\xe1n\\xb7\\x89\\xa5\\xe7\\xdes\\xf1\\x90\\xb3\\xa8\\xf7\\xce\\x18m\\xb6\\x7f\\xa4%><\\xc7v\\x0c\\xd7\\x01\\xcc\\xe7\\x91j\\x95\\xa9\\x81\\xd1s\\x96\\xc2\\xe1we\\xfb\\x07\\xb3n`\\xed\\xc6\\xde\\x04\\xee\\xd9\\x10\\xc8w\\x19/\\xa4b\\xbd\\xd5\\xb1\\x06t\\x99\\xcd\\x88!.$g\\x83\\x1atm\\x85\\xb8\\xb6\\x17\\xb7m\\xc5\\x18\\xfd9\\xb4aippg\\xb4\\xd4\\x86\\x1br\\x9e\\x85rs4\\x86\nq\\x9f\\x91{\\x87\\x98\\x82\\\\x9b6gm7\\xe8\\x93\\x1d\\xb2e\\x84\\xd7/\\xa8\\xd4@\\xa2e\\xea\\xab\\xe93,\\xd0\\xed\\xed5z)4\\x15\\xe3\\x92k6\\xe38\\x9e.mq1\\xa4\\x80\\xacbz\\x99p\\xb1&\\xd8=6\\x8d3\\x8f\\x8c\\xb9\\x8b\\x91\\xe6`&1iz;\\x19y\\xf3\\xd7yw8\\x17\\xe2t|)a\\xb30\\x1fu\\x10}\\xb5\\xbc\\xd9\\xe4d.\\x82\\x18\\x8a\\x19|\\xa1\\xfd.h\\xe4e\\x00c\\x14'\\x1d<\\xcb\\xc4;"
  595. },
  596. {
  597. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x11\\xa28x\\xfd\\x84\\xa5\\xc2\\xa6\\x8d\\xebp\\x95\\xc8\\xf0nt\\xd5\\xa1\\xe3;\\xb4\\x1fv\\x0f,|\\xd7\\xe0\\xc8\\xfc\\xc8x\\xd3\n\\xad\\xe3\\xc4i\\xe1\\xe5!u\\xf4\\x16)q\\xd6\\xcd\\x1d\\xda\\x82\\xd2\\xed\\x9au\\xae=\\xc7\\xa4\\xb2\\xfc\\xd8\\xe0\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x17r\\xd7\\x87\\^\\xcf\\xbb\"s\\x8c\\x801i\\x05j7j\\xe7\\xfd\\xd3\\xfe5;b\\x82\\x91f&w\\xc4\\xfb\\xc2\\x08\\x90^\\xc5\\x03 \ny\\xb6\\x88v\\xcb\\xe1cl"
  598. },
  599. {
  600. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04#\\x0e\\xaf\\x85\\x92\\xbaj\\xcb\\x15\\x93\\xab\\xcb\\x07w0i\\\\xa1\\x18|\\xfb\\x86\\xba\\xc5\\xd4j4\\x08\\xa9h\\xb6\\xbe\\xca\\xbe\\xc2\\xf1\\xb3rdp\\xab\\xde\\xef\\xe3ea&\\x95\\x01##;\\xfb\\xe2g\\x92\\xf9\\x90\\x01\\xc0\\x07\\xd7\\xfe\\xd8\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xc5\\x0b\\xcc\\xb4kw\\xc2\\xba\\x8f\\xfa\\x06\\x03\\xf3x\\xbb\\x87\\xa6\\x84\\xd7d\\xca\\xb9\\xf4m\\x91_&\n\\xe5\\x1cs\\x8fm|_:\\xf5\\xad\\xe7\\xd3\\x99\\xe5\\xa2\\x04n\\x907\\x84"
  601. },
  602. {
  603. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xcem\\xade\\xb0\\x1c9\\xb3\\xd4\\x01\\xd0\\x06\\x1e\\xef8\\xd8\\x15\\x97n\\xfc\\xed\\xf6\\xd2pb\\x00\\x14\\xf8(\\x9f\\x1fk\\xeb9\\x0b\\x94\\x07w\\xa0\\xebx! h\\xe6\\xc4\\xf2\\x95t)\\x86\\xa6\\x01@_\\xd1\\x8d\\xd7\\x0c$\\xa7;a\\xb0\\xa5\\xc3\\xa6@\\x8e\\x03p\\x9b~\\x9e/\\x0c\\x8c\\xee\\xbe\\x1f\\x80%r\\xed7\\xdf\\xb3q\\x00\\xff\\xad\\xbf-e2g_\\xd8su\\xe7\\xa6\\xbb\\x8a\\x0bd\\xed`\\xd4\\xce\\x9d\\xc1\\xa96\\xc45vcd\\x90%\\x00ix\\xb3\\xad\\x90\\x10\\x05\\xcfe\\xe3\\x83\\xb2:\\xa2-\\xa4r\\x83cc:\\xa19\\xf2f\\x8b/\\xc0k\\xe1\\xcb\\xca\\x9f\\xd3\\xd7o&\\xb6\\xe5\\x18]\\xe57-\\x0e\\x8c\\x86\\xf5\\xeeyu\\xe1\\xb47\\x13\\x7f\\xc6j\\x97\tm\\xf8\\xba\\x07/\\xd9\\x17\\x00}\"\\xe9\\xa8q\\x935z\\xd3\\x93\\xcbef3\\xd9/\\x8f>d\\x12n\\xbe\\x1d\\xf9\\x933\\x9d\\xf45\\xbe\\x91\\xfe\\x14s\\x15z@l\\xfd\\xac\\xa6{\\x9d\\x88\\x7fx%\\xf5t\\xc0\\xec\\xa5\\x1e\\xf0\\xe8\\xc7>\\x0f\\xf5^\\xf3"
  604. },
  605. {
  606. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010z\\xc6\\xdb\\x01\\x94\\x83\\xe7\n\\xba\\xc5\\x9a\\xd7i\\xfb\\xfcv\\xc0\\xb1yc\\x00\\x81\\xf2\\xf3u\\xf3al\\x8d9\\xa7vh\\x10\\xc4'uhu4\\xc9|o\\xe3\t|\\xdab\\xffr\\x92u!tc\\x18\\x85cpc^_\\x95\\xeb\\xb7\\xb3\\xec\\x7fa\\xab\\x0ex\\xe8\\xe7\\x1d/\\x1d\\x81\\xa7\\x0e\\x1d\n\\x95\\x1e/\\x12:;y#\\xd0sz\\xa6h\\x99\\x9a\\x8e\\xcc\\xa2\\xf3\\xc0n\\xdc\\x8dc\\xa0\\x9fb\\x1e4\\x97\\x18\\x14za~v\\xab&|\\xe5\\xe9\\x1f\\xda\\x17d\\xcc\t\\x99\rp\\xfb\\xe5\\x81\\x19\\x85\\xac]\\x1d\\x12\\xd3\\xac\\x1a\\xf6\\xa5!\\x00\\x97\\x06\\x18(\\xb8(u%\\xdf\\x01v\\xdf\\xf6k\\x8c\t\\xaetv]\\x01\\x18\\x01\\x90l\\x8b\\xd7u\\x1bq\\x9e\\xf6\\xf5 \\xad\\xa2\\xfa;o'\\x12\\xf0b!\\x1f\\xfb\\x84\\xb0\\x97gv\\x85\\x15'b=\\x8b\\xc5!\\x8c;\\x85\\x1e\\xb9:\\x01\\xb5\\xa4\\xac\\x85\\xc0v\\x16\\xfa&\\x8dq\\x9c\\xd6\\xf0ew\\x8c\\xec\\xbd\\xd3\\xf0e\\xbfh6~q\\xef\\xde`\\x84\\xbd\t}!\\xff\\x92"
  607. },
  608. {
  609. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x16\\xbd\\xf7\\xfb*\\xce&s\\xca\\x16%\\x82de\\x05\\x9b+l\\xc3\\x920m\\xd58\\xe1b\\xa5\\xe6\\xb0\\x18\\xc9e\\xd3x\\xb6\\x90e\\xfe|\\xbb2\\x1b}cj\n\\xcb<\\xac\\x80c\\x95\\\\xcf\\xeaa\\xda)\\x9b\\x82k\\xe2y\\xfbb\\xdf\\x98\\xe6\\xb3\\xb0z\\xd9|\\x97\\xbc\\xa1\\x88\\xced\\xef\\x979s\\xb1\\xf6\\xaa\\xdb\\xa2\\xb7\\xe8\\xea\\x0c\\xf2xl\\xea\\xcct\\xb1f\\xb6\\x1d\\xd2\\xdf\\xf4\\xb5\\xf0c\\xd2\\x8e\\xaa\\xaf^9w\\x8eu\\xa9\\xe5z\\xc3\\x81l\\xbbx\\xc1h\\x0e\\x0e$\\xad\\xd2\\x18_\\xb0\\xb4\\x8a\\xa3\\xb3@\\x96\\xe7\\xb6\\x1b\\xf3h\\xa1\\xc6\\xbb\\xba\\x85\\xc7\\x8dj\\xd4\\x06\\xbd\\x96\\xbe\\xbe\\xa9*\\xf5 \\xa3\\x97,\\x16v\\xb9\\x17\\xaa\\xe9+f\\xac<d\\xdd\\xbe\\x99\\xbcq\\x1e@\\x87m\\x14\\x18\\xbdyk\\xdd\\xd9\\xf9\\xd2\\xd0\\xfep\\xe9\\xd6wl\\xeb\\xeem\\xc7\\xda\\x84\\xd0\\xcad\\xe06\\xbf\\xfa\n\\xe7\\x97\\xad\\x18\\x9a\\xbae\\x90\\xea\\xfb\\xe4\\xcb\\xa5\\xc8\\xec~\\xd0\\x1e\\x94jn\\xec\\xdf;\\xec\\x0c\\xfd\\xdb\\x03\\x80&\\xb1\\xd4\\xd3"
  610. },
  611. {
  612. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x041-\\xd9v\\x92\\xc1\\xec\\xec\\xe5\\xa7\\x11\\xd0\\xa6\\x1a\\x10\\x9b\\x94\\x08\\xf4\\xd4\\xa4seuv|\\xab?\\xcc\\x1b>\\x0fr\\x0f\\xc1'\\xf2\\xbd\\xf3\\xa5\\xaef\\x12\\x14\\xcc\\x89\\x05\\x85\\xb3\\xe7\\xbfmk\\x10`\\xd7%\\xd2\\xb0y\\x1ei\\xec\\xda\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000d\\x88fv\\x8c\\xb9\\x1e\\xbblo\\x17\\xc87/\\xb00\\xc3\\xcerz\\xe2\\xe9\t\\xa3j^\\xd5.\\x0c`|\\x7f\\xc2\\xcf\\xdb?\\xebtc\\xa3!\\x0f\\x965\\xb9\\xac?%"
  613. },
  614. {
  615. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe4]\\x99\\x8b\\xda_\\x00\\xb6&\\x97\\xb1\\xe3bb\\x0e\\xad\\x88\\xcc\\xe6\\xfc\\xa3\\xe2\\xc4\\xf3\\xf2%n0\\xfb\\xd5\\x8c\\xc7\\xfd\\xfb&x\\x1d\\xf0\\xe3\\x89\\xfe\\xff\\xdd\\x80j\\xce r<#\\x02\\xff\\xc2\\x16\\x91\\x1e\\x8a\\xf6s\\x0bk\\xee\\xfe\\xe0\\xbb\\x1a\\xb1l\\xa7xy\\xbb\\x14\\xe0|d\\xbf\\xed@\\xa8xyee\\xe8\\xa7h\\x0cxi\\x10\r\\x1ai\\x1b\\xb3\\xd8j\\x02\\xe4a\\x8168r\\xee\\xc3d8\\xf7\\xab`9s\\xbd\\x1e!6\\xb0\\x0cu\\xd9z4\\x12\\x9fj\\xdb\\xdbu\\x8bk\\x14=\\x86\\x9dujecy\\xa2\\x86\\xd1.\\xd6\\x8a$\\xf3\\xb2f\\xbfw\\x920[\\x05\\xd8\\xe7\\xec\\xf5\\x15zh\\x14'j\\\\xad#}x\\x95f\\xb32\\x9c\\xda\\xb0\\x03\\xb0\\x11\\xe8\\x97b\\xb8\\x94fk\\xb8\\xd5v\\xa6\\xb9\\xfb\\x9a!\\xe5].\\x7f\\xa7xr\\xbd\\x12x\n\\x19\\x8f\\xfd\\xd2\\xf9\\x9f\\x0c\\xe1\\xed\\xca\\x13$\\x1b\\x8b\\xff\\x89\\xc5_\\x11g\\\\x8c\\x8c\\xca\\xa4r\\xde\\x14\\x7f%n\\xe2h^\\xe5i\\xf6q\\xc0w\\xd3\\xe3\\xa4"
  616. },
  617. {
  618. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x824\\xf8\\xaf!fl\\xd2\\xa4b_\\xa8\\x0b\\xad\\xb7<\\xfap\\xeb\\x85m\\x12m\\xed\\xe2\\xc6\\x84\\xf9\\xb9i\\xb1\\xa1\\x89\\xdb\\x82\\xedy7e\\x16po\\xef.\\x8e:\\x1d{\\xbf\\xa2\\xbc~\\xa9\\x1f\\x98zf\\xb5d*\r\\xca\\xe0\\xe7\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x88\\xff\\x93\\xa7\\xcf\\xd9\\xc6\r\\xe8]i\\x07\\x96\\x12\\x97u\\x88\\xa7\\x92\\x15mrt\\x82i\\xc2\\xa9\\gk\\xc8\\xca\\xac<\r\\xd9\\x9b\\x9c\n.\\x8e\\xed\\xcc\\x10\\xb9\\xb2t\\xdc"
  619. },
  620. {
  621. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe6@\\xf5gzh\\xbchu\\xa8\\xb8^\\x95l\\x93;\\xc2\\xf6\\x8c\\xd4.`\\x13\\x0cp\\x96s\n4\\xf7]\\x14g\\xddc4>\\x84\\x9c\\xc8\\x9a0{yx\rn\\xc1wr\\xe0\\xbd\\x0e_ow\\xaf\\xa2\\xcb\\x17\\xdadk\\x91#\\xec\\xdf*\\xd7@vo\\xec%\\x03i\\x95[j\\xe9o\\xe8\\xc7\\x97s^\\xc3<z~a\\x82\\x12\\xc2\\xd8\\xac\\xdc\\xc2\\xe9\\xb0\\xca\\x05\\xf6\\x07\\x1d\\x03rm\\xe3$\\x1a\\x9d\\xdb\t\\xff\\xbf\\xe3l~\\x17\\xcb \\xfb\\xa0\\x81\\xce\\xc7\t\\xc1,\\x08\\xafu\\xe2y\\xaf\\x87-\\x86\\x85c\\xd0\\xabt\\xd3\\xc7\\xfd\\xb7\\x0f$\\xff\\xc7}zh\\x8d\\xb3\\xbd\\xd7-\\x18\\x12ac\\xa8\\x1b\\x06\\xc5\\x8db\\xf3\\x8a\\xc8\\xcav\\x94p\\x988\\xfc\\xd8\\xdf\\xdc\\xa3\\xfbb/\\x9f\\x1e\\x18\\x9f\\x80^\\xe6\\x94\\xf2r\\xf4\\x82\\x93\\x9d\r\\xb5\\x07f\\x02\\xdd]:e\\x1f 4\\x0e\n\\xf9\\x80\\x0b?\r-1\\x81t\\x1e\"v\\xcc\\xca\\x19\\x7f\\xbc\\xb8\\xb2|\\x04\\xf7\\xcc\r!\\xf0\\xcd?\\x9c\\xc1\\xb6cq\\xad_\\x05"
  622. },
  623. {
  624. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xa8\\xb2\\x15\\xf9{\\xdd\\xd8{\\xe1\\xc9\\x90\\xcea\\xdf!\\xa9\\xdd\\xf3\\xafg-\\xd8\\xae\\x08\\xf7\\x11\\xe9|i\\x19\\xb3\"\\x19\\x8fw\rc\\x19\\xd4(a\\xf4d#m\\x17\\xbek\\x08\\x15yvp\\xc4\\xb1$l\"\\xde\\x93e\\xd8r\\xca\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xad\\x9b\\xc6\\xe7\\xb5\\xba\\xcf\\xd2n\\x8c\\xc18\\xeeu\\xe3s\\xaat\\xad\\xe1\\x04p\\x1c\\xe6\\xd3#x,$\\x89\\x1c\\x01wl\\xabp\\x8egq\\x99\\xea\\xf4\n\\x9f>fj-"
  625. },
  626. {
  627. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010r\\xd9\\x9c\\xbc\\x98m\\x87m\\xb5q@\\xed\\xbd=\\x9f)\\xb3\\x14\\xddo\\x9d\\x89-~\\x9b\\x98\\xbf\\xec'\\xc6\\xcc\\xc8o)r\\xc5\\xf9\\x8a_j\\x89\\x82\\xec\\xc1\\x8d\\xffa\\x97r\\x90\\xc0\\x0b\\x84\\xcc2&u\\xe5\\xf2tc\\x13\\xf2xg6\\x1awc\\xc6pt\\xb6\\xbda\\x00n\\x13cv{g\\xce\\xcfx\\xf9\\x1bzy\\x05\\x19\\x1bmdp\\x89\\x1c\\xefg\\x10\t'j\\xfe_\\x95^\\x05\\x1a\\xbac\\xb1x?7l\\xbf\\xc6\\xac\\x8d\\xd5\\xe6\\xa7\\xd6\\xbbv\\xc6\\x06\\x8e\\xcaca\\x12<\\xbc\\x8d\\xa5\\xcd\\x9es\\xda\\x8fnv\\q\\x11\\x8c;))[\\x9f\\xd1\\x03s\\xadzu\\xeei\\xe3\\xa1[\\xcd\\xf3\\xccv\\\\x9d4ao\\xaf1\\xce\\xa7\\xce\\xd5\\x84\\xc5:\\x1dgkb\\xd6 w\\x16-?\\x00_[t{\\x89\\x14nc\\x85\\xc2\\x14k\\x16\\x11\\x81\\xf8\\x8d\\xd1\\xb8\\xb3b\\xd3\\xb6v\\xda\\\\xda\\xf2u\\xec\\xd0s\\xee\\xbc\\xd1\\xe6\\x18\\x0f\\x8e\\x19\\xde\\x1d\\xd3u\\xbd\\xe2g\\x08\\x04`h\\x8bk\\xe4\\x87 d\\xdf"
  628. },
  629. {
  630. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010 /\\xafl\\xdca\\x90@j\\x07j\\xbf\\xa4\\xb9\\xc66\\x19dtl\\x87gowse\\xdc\\xd3\\x81sv\\xdf<u\\xf5\r\\xc8a6=\\xbe\\x0f\\xf7\\x18\\xf7\\x8d\\x97p5\\xb9-nc\\x0b\\xc3\\xac\\xe9@\\x18\\x08y\\x97n\\x1da\\xe6\\xee\\x8a\\xfa;\\x03}\\xa9\\xd1\\xa2\\xe44h,[\\x02)\"_':\\x9dx\\x8f\\x1f=\\x9cn\\x05[ni\\xc4\\xf1\\xcat\\xbfw\\xf0\\xd7\\xc5\\xd1t\\x964\\x08$\\x9c\\x0f\\xde\\xec\\x10\\xd5\\x0c\\x0cj\\xb7\\xadb5o\\x11c{a\\xf6y\\xa0\\xe5s\\x16!\\xa7\\x9b!u\\x92^~\\x1562\\x1d;!a(2y_\\xc7\\x10h,/^de\\x9a\\x1c\\xadf\\xd6\\\\xf4\\xf7\\x01\\x87\\xc5\\xd0]u\\xef\\x9b\\x1e^\\x947\\x9f\\x1d\\xe6\\x8bv\\xdc\\xff\\x98\\xeex\\x8c\\xeeu\\x08\\xca\\xff\\x12qsy\\xe2vg%r\\x8a+e\\x9e\"dm\\xf6m3e|\\xa1h\\xe1\\xb8*\\xff\\x05\\xfc\\x1b\\xeczq\\x8ab\\xec\\xa8\\x98\\x89v\\xb0xy\t9\\xb7\\xe8q\\xc3\\xc0\\xc2p"
  631. },
  632. {
  633. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xc7=\\xb1\\x18\\x16i;\\xa2\\xdbv\\x00+\\xcd*\\xaf\\x96\\xc0\\xfa\\xf5<\\x00\\xb5h\\x18\\x9b\\x0fx?\\xb8\\x17\\x07\\xf3\"\\x15\\xb9\\x7fyj[\\xb2\\xbf|\\xaf\\xd3\\xb1\\xae7+\\x11\\xc6\\xfa\\xda6\\xe1p\\x87\\x9d1\\xc7z\\xb6\\xee<\r|r \\xe63\\xcby\\xcb\\xbe\\xe0\\xd5\\x8c@*\\xc7:~\\xd5\\x7f\\xdbcu5lh*\\xe5b\\x12[\\xd0\\x1a`e\\x8e:v\\xcd\\xf8\\x1d9\\xa3\\x9e5xl\\xb2\\x0c\\xe9w\\xc3\\x1fv\\xd0\\x98\\xfa\\xed.\\x84\\x93\\xdcs\\x00\\xbb\\x8b\\xe2\\xa0\\x1b\\x9e\\xb8a\\x90q\\xf9\\xb8\\xedb\\xf8\\xacf\\xdd2\\xd0;$!\\x15n\\xe7%\\xe1\\x93\\xc4\\xce\\xe30\\x7fd\\xf0\\x058/\\x8dv\\xba\\x90_\\xa2\\xc8y\\xea\\x8d\\x85\t\\x94d\\xa3\\x00!q\\x7f\\xb26\\x93p\\xfb\\x90p\\x8c\\x8d\\xbd-\\x9c\\x83\\x9dr\\xd1j\\x1b\\xc0y\\xa4qsf\\x99\\x81\t87\\x1e\\x8cmh\\xf1\\x1f\\xaf\\xba\\x05*\\x85\\xcd\\x8a\\xa7\\xb0<th\\xdew@6\\xa5ko\\x0c\\xbc\\x0c\\xc8]\\xdf\\xa9q\\xd4h\\x87,"
  634. },
  635. {
  636. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x0107\\xf8a!\\x98\n\\x96)g\\xb2\\xab\\x13\\xe3\\xa0\\xd3w\\xcc\\xf7kj\\xeb\\xca9i\\xa4\\x96\\xa4\\xc3?\\xee\\x86\\x84\\xd2\\xfd\\xee\\xeb\t\\xe3,$\\xe0\\xd1d\\xe2\\xa0\\x0ca\\x8f\\xb2h\\x0e\\x08_,t\"_\\x99\\xe7\\xa4\\xb2d#\\x1e\\xaa\\x8e\\x16r\\xa6\\xab\\x89\\xa6-i\\xa4\\xa0jr\\xa6\\xe1\\x0c\\xd7\\xa9\\xde\\xa8\\xcc{8y\\x8e\\x05\\xa4\\xa7\\x9f\\x14s\\x19\\xed\\x1f\\x83=\\x96\\xa7z\\x125m&\\xce\\xcd{\\xae]&\\x14y5\\x84`\\xdcg\\xc7\\xca\\x06pn+\\xda\\xa0]b$\\xdb'\\x80\\xb9\\x03\\xf9\\x12\\x05\\x91\\xe2\\x1ax%\\x92\\xb8\\xa0v^\\xc3/\\x08n4\\x9b\\xd1\\x92\\xb8(h'\\xea\\x19e\\xc7\\xcf5\\x10\\x8a\\xa7>\\xab\\xd6\\xc2'\\x1e\\x14\\x93\\x06\\xaa\\xe9\\xf3zq\\x84\\x99\\x9cr\\xad\\xddqylf\\xad\\x16\\xba\\x96\\xba\\xb0>m/\\xdc\\x94\\xa1\\xf7\\xde0=>\\x82\\x1f{\\xe9\\x80 \\xfd%\\xac\\xae\\xb9\\xab9\\xdb\\x1e\\xbb\\x11\\xe6)\\xadtw\\x13\\xc6\\x07_\\xdfr\\x98\\x18w\\xa1yf\\xb9\\x1d\\xa08\\xbe"
  637. },
  638. {
  639. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010x\\xab\\xc4\\xf9n\\xc2yx[\\xa2\\xac\r\\xde;\\xa59e\\xb8\\xa3vrecoh\\x0f}a\\x01ss\\x9f\\xe4\\xdaprd\\x92\\xf1\\x9b\\xf7j\\xc2\\xd7\\xf2:\\xf7\\xf6\\x85\\x9ewpe\\x16j\\x93.z\\x87\\xb0\\xdd\\x16\\x93'\\x0f\\xf3^\\x0faihw\\x1f\\xd1@\\xd1\\x1f\\xc4\\xc8#\\x1a\\x0e,\\xb2\\xdfi\\x7f\\x98\\xcc\\xdf\\xea=\\x8a\\xa6%\\x18\\x1b\\x83\\xca\r\\xa1g\\xcf\\x92\\x89\\xf3|\\xfa\\xca.^\\xec\\xff\\xc4\\xff\\x9f\\xaew\\\\xc1\\x90\\x1e#\\xfdd,\\x9b\\xeb\\xb75\\xa1\\xa08a`\\xaa\\xeft\\xbe{%\\x1c\\xf0\\xa9p\\x96\\xb5\\xc9 o\\xcd\\xabei\\xc7\\x0c.\\xd9+\\xd1{\\xfe\\xb4*\\x0b\\xdf\\x1f\\x86\\xe9\\x05n\\xbd9\\xdf\\xc4\\xcett\\xa7\\xa3\\x1ap\\x9bu.^;\\xb9s\\x0es\\x94$\\x99\\x8csb\\x11\\xc3\\x9bh\\xa4=e\\xb6lf_g\rr\\xef\\xdc\\xb3\\xbc\\x8d\\xa4}\\x83\\xdb\\xcf\\xf3\\x9e\\xf2\\x7fw\\x9f\\x04\\x99\\xae\\xcb\\xa0\\xa1'\\xe7,4\\xd1}\\xfe\\xc79\\\\xee9\\xc5\\x8f9nl\\xaf"
  640. },
  641. {
  642. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xce\\x82\\x0c\\xa2\\x8b\\xb0\\x11\\x1cx\\x88\\x83j\\xe7:\\xe8\\x1c\\x97\\xd5\\xa9\\xf9\\xad\\xf1-\\xa8\\xb1\\x15:\\x1e\\xdeh\\xca\\x87\\xdc9\\x1co\\x7f\\x0b\\xdc8\"\\x91\\x88\\x04>?c\\xde\\x8ek\\x94&q\\x06\\x03\nv\\x84i'swprgez\\xd49&7d\\xe2\\x08\\xe1n\\xdd\\xc8\\x15c\\x98\\xffjz\\x93r\\x15[\\x0b~[_\\xd1\\xe4\\x832\\xfd\\xa4\\xc5\\xf8\\xbf\\xd1\\xbb\rx\\xc7]^\\xd7\\xcc@\\x8a\\x01\\xb5\\x94\\x13\\xc9\\x94\\xa6\\xf2\\\\xed\\xfean\\x8c\\xd6\\xb28\\xca\\xf8\\xa1\\xff\\x162\\xe2\\xd8\\xb8\r\\xc0\\x85t\\x88x\\xbe\\x8b\\xdd{_\"\\x19:\\x8c\\x06\\x8c\\xdbgr\\xd5_\\x17\\xd3\\x88\\x84uhh\\x8a\\xc1iqc\\x02hm3b\\x0c\\xe7\\xfa/\\xb4\\xcc\\xf5\\xc2&\\x12\\xbd6\\xa4`,\\xf7\\xd1\\xb9\\x03\\x86\\xc6\\xcf\\xc4\\x0b\\x11\\xfbg\\xcc\\xfa\\x9e\\xba\\xb8y[\\xbd>`\\x83d\\xf4a,\\xc9\\xe1\\xd0\\x89\\xd7\\xb6r\\x10\\xa14b\\xcew\\xf7\\x12\\xf1zb\\xa2\\xdf\\xd3\\x0e\\xa7&\\x18npe\\xbc\\x90\\xa8\\x02"
  643. },
  644. {
  645. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xd1(\\x9a\\xf0\\x12\\x01\\xcc#\\xbfi\\xe0.\\xc2\\x81u\\xf4\\x90:\\x1e\\xb1\\x9e\\xbc\\x9c\\xff\\x92\\xe3\\xb7~\\x81^\\x14\\xed6\\x16\\x05\\xf1dv\\xb9\\x89\\x84\\xaf\\x8eu\\xc9s\\xc4'\\x93\\x9c~/`\\x97\\xb2\\xb7g,\\xfe\\x95\\xfe\\x00\\x08r\\x90j\\xd6nm\\xa48e\\x15\\xb7\\xba\\xd1/\\x0f\\x8fx\\xe3\\xb1j\\xd7\\x92i\\xbf\\x00fi/t\\x16{\\xde \\xc8\\xec5\\xa0\t\\x98#!o\\x86,\\x9d\\x82[\\xa5}\\x88\\x16\\x80\\x0b\\x84\\xb2\\x05/v\\xa1\\x85#\\x8f\\xb1\\xee\\xfa8\\x00|\\x823\\x02\\xab\\xa3n\\x1d\\xdd\\xefz\\xebg\\xcb\\x8bude\\x08gaz\\x9by\\x1c)\\x0f\\xbe\\xf8g\\x01g\\xed\\x87f\\\\x96n7\\xaf\\xca\\xe3%\\x16\\xc7\\xbak\\x89\\xb2\\xc3\\xa1v\\xee\\xd8\\x9c%wh\\x89\\x19!n\\xd6e@\\x88\\x10zk\\xc5\\xb2\\x9e\\xe4`mf\t\\x7f\\xda\\xec\\xc9\\xa2\"\\x94%\\xbegj\\x9e\\xa6\\x90\\xc7\\xa3\\xcc\\xc6w\\xd3\\xcc\\xa45r\\x02\\xd8\\x1e\\xb6%$twb\\xd1\\xa7\\x8cb\\x9d\\xb3\\x07\\xb6\\x10\\xf7a"
  646. },
  647. {
  648. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe8\\x15s@\\xe0v?\\x80\\x86\\xb5\\xa3\\x83\\xaf\\xfb\\x947\\xd6\\xba\\x98\\x1b?\\xbb\\xf8\\x9a1\\x93mdw\\x8d\\xd8\\xca\\x\\xae\\xe2\\x1cf\\xa7\\xd0\\x02\\xe7\\xcd_b6\\xc0\\xc1\\xc4\\x8b\\x86t\\x06*\\x1fw\\xcb9\\xba\\x83\\x1bo\\x07t\\xf1\\x93\\xaf$\\x81j`q\\xcci\\x08=bj\\x02\ty!\\xf4\\x00\\xe7\\xccqf\\xd3\\x1f\\x19\\xb2[\\xf4\\xc6?'\\xaa[c&\\x13\\xe2a\\xf7y\\xcf\\xa3|d]\\xcfw\\xb1\\xc4\\xfe)\\x01\\xa9y\\x93\\xcb\\x07t\\xd4f\\x99\\x10\\x83\\xbe04wrwd<\\xfb\\x0e[\\xa3a*\\xfcjkn\\x96\\xb8\\x94g\\x17yl\\xfb\\xebvw*\\x12\\xdd\\x8fd\\x06\\r\\xc3j\\x99\\xb5\\x8f\\xc2\\xea\\x06\\x106\\xba\\xe0\\x03\\x89p\\x0f\\xb0p\\xbeb\\x9bn~v\\xbbbzk\\xeaq\\x17\\x8f%zf2\\xfe\\xaa1i\\xe0\\x07\\x03\\x98\\xd6\\xdea\\xff\\xa2b\\x0f\\x93f\\xa59\\xf8!\\xc2=n\\xc3\\xa7\\xd8\\x16\\xebo\\x8a\\x9a a\\xce\\xec\\x03\\xbal\\xeckr\\xc9\\xabcit\\x99\\x18"
  649. },
  650. {
  651. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010sx\\x8f\\xd4\n\\x04\\xdf\\xf5\\x13\\xec8\\xb5m\\xd8\\x10j2\\xf18\\xc4n#\\xae\\x96\\xb8\\xc2wjp!\\xf2]\\xd2\\x8f]1\\xb3m7\\x92qd(ia\\xbf\\xa1\\xa7ap\\xd6k\\xb0#\\xaex\\xd1\\xcb\\x84\\xdck\\xaa\\xdc\\xf9\\x8c,uh\\xfbv\\x02\\x80c9\\x05\\x15xzx\\xe3l\\x7f\\x1b\\xad\\xd6\\x0e\\x1f,\\x0e\\xc5\\xa6\\xa4\\xe5\\xee\\xe0.j\\x95\\xa5\\xb4\\xc7\\xc2z\\x18\\xb1$0s\\xa1j\\xbf\\xbcyh7\\xac\\x06\\x10a\\x139\\xb4l\\xcf\\x8dd\\xc3\\xcci\\x8e\\x1bq\\xfc\\xa2\\xde\\xa0'ev\\xe0bd\\xf4`o\\xac\\x16\\x97\"\\x95\\x8f(\\x8e\\x89g\\xcdd?x\\xd7q6\\xbf\\xf7\\x88\\xbcmn\\xedag3d\\xe2\\xca'\\x91\t\\x87\\x8c#\\xfd\\xee\\xd4o\\x93\\xdav\\xca\\xcbn/\\xf8\\xa9\\xe4\\xbd\\x1b\\x91cw\\x03\\xa9\\x11\\x05\\xe0\\xf4\\xdd)z7\n\\x03\r\\x13x\\xfey\\xc1y\\xa2r[\\xcc\\xad\\xb0#&\\x9ed\\x10i\\xaa\\xfbn\\x08\\x07\\xb1'e\\xd5>\\xdf\\xff\\x95\\xf1\\xf5\\x1f00\\x1a\\x1d"
  652. },
  653. {
  654. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01\\xf0\\x04\\xa7\\x80d\\u\\xd3\\xe7v\\x1b\\xf9\\xd1_\\xf3\\x85uw\\xd1\\xab<\\xdap}.\\xce6\\xcd\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  655. },
  656. {
  657. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01\\xe8\\x95\\x1d=\\xf1x?i\\x19zf\\x1a\\x03\\x7f\\xbbx\\xe6\n\\x89\\x87\\x8dq\\xa2\\xab\\xdb=t\\xf9\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  658. },
  659. {
  660. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01\\xff\\xce >\\xcf\\xa1.+y\\xbd\\xc0\\x02;$\\x9dk\\x1b\\x8a\\x81\\xe3\\xa0qa\\xd8\\xdfa\\xba\\xef\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  661. },
  662. {
  663. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01wc\\xc6\\xf0\\xb7az\\x06\r\\x8b\\xc7[\\x158\\xfc6g\\x17\\xc3\\xb6\\x1ce\\xd8&f]q1\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  664. },
  665. {
  666. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01w\\xf2\\x980\\xe3\\xcf\\xa78\\xcfl\\xf3\"\\x14d\\xe5\\xce?a^\\x95\\xc6)e\\x7fd\\x84\\xc04\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  667. },
  668. {
  669. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01\\xa3\\x91\\xf7?\\xfe\\xd1e$\r\\xaf\\x9c\\xbd\\xd4\\x8b\\x01\\xb9\\xdb\\x02t\\x0e\\x11_\\x05o)j\\xedk\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  670. },
  671. {
  672. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01p\\xc9\\xf9\\x90}enw\\xe4\\xe0%\\xfaxs\"q\\xb8f\\xa1\\xe0\\x89g\\xa8\\xa7\\xb4\\x13\\xea\\x18\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  673. },
  674. {
  675. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01\\x13\\xc1qf\\x13\\xd3\\x80\\\\x91tu0\\xf9\\xa4d\\xb9\\xbd\\x0c5\\x1cn\\x1c\\xb3\\xd0\\xccc\\xa9d\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  676. },
  677. {
  678. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x0b\n\\x83\\xc7\\xfe\\x07m\\xe8\\x83\\xf1ri\\xacg\\xdfj\t\\xc1\\xf6\\xd0\r\\xac!y\\x14\\x06#`,\\xf20(jfq\\x90\\xd3\\xa9\\xc0;a\\xbaw\\xdax\\xb1\\xcb\\xf7\\xba\\x1ftl2\\x1a\\xb1\\x16o\\x94(%\\xde\\xb8vx\\xdb\\x02\\x97\\x17_\\xbdv\\xa7\\xb5g\\xfc\\x81\\xe8x\\xa3g\\xfcb\\x1d\\xc0kz\\xfagb%u\\xe0{\\x1a3\\x9c\\xef\\x8cb\\xb5hc\\xa3m\\xa0\\x15y\\xe7okl\r\\xfc\\xc3\\x0e\\xe8\\x94i\\x07)\\xe5\\x88\\x0fw:c.\\x80x\\x0cu\\x8bl\\xb2s\\xc5 \\\\xf1\\x13\\xdb\\x04\\x02\\xe3z\\x15\"\\xb4c\\xda\\xe7^<.\\x16\\x92\\xa4m\\x95\\xd2-o\\xd8\\xe86\\xeft\\x89z\\xc4{\\x8f\\xbb\\xf2\\xfe\\x1b\\xc8m\\xdb\\xb0\\xcb\\xf39\\xb2\\x9a\\xae7\\xf4\\xd7\\xb7\\xd5\\xee\\xe8nm\\xc7w8\\x90n\\x17\\xad\\xb9\\x043?p,y\\xf9\\xb7\\xed\\xf8\\x8a\\x95rn\\x0f\\xd8(\\xdb\\x8fb\\xa8<\\x8d\\xb3\\xb3\\x97\\xe5\\x08\\xa0\\xec\\x85k\\x03b\\xe9x\\xb5hpn\\x0f\\xfa\\xfb\\xe9.\\xc6gh"
  679. },
  680. {
  681. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xa6\\xe3\\xcfn\\xf4\\xa7\\x9ae\\xcc6\\xc9\\x00\\x98\\x1a\\xc5\\x12,f\\xf5\\x11\\x14:\\xb0*s\\x9b\\xad\\x8c\\xab\\xe7k\t\\x7f}\\xa1\\x11\\x9dpt\\xca\\xf28\\x19\\xa4a\\x89\\xc6\\x04\\xaa,\\x96f\\x06b'\\x0e\\xe8\\x8b%\\x07\\x8e`&t{\\xc1]tq\\x05y;\\xb7`\\\\x92_\\xeb\\xed\\xb4\\x85z\\x86t\\xfe\\x14t\\xacq\\xd5b\\xe1\\x0b\\x85\\x88\\x84\n\\x07\\xafyy\\xf4;\\x10\\xbav{\\xa1\\xaa\\x88\\xcc<\\x08\\xa7\\x81\\x8dzt\\xbd\\x8e=\\xe0\\xaa\\xa4\\xa6\\x02e%^\\x0c^t\\xbf\\x97\\xdf\\xe9\\x0c\\xea\\xe6?\"\\x9b\\xae\\xcf1c\\xd9|\\xdc}\\xa6\\xc8\\xd29\\xe5\\xccvh\\xf54p\\x8ej\\x98\\x82\\x12.\\xea6\\x1b\\x11\\x88sz7\\xfc)\\x07\\x02\\xb2|h\\xb9\\xf9\\x81\\x7fx\\xf2\\xcb\\x18\\xf2&|yp\\xac\\xd3k\\x16\n\\x9ag>/\tq\\x15\\q\\x8d\\xf9\\xbe\\xf0\\x1e\\x0f#\\xa9cn\\xc3\\xc6\\x8d70\n\\xed\\xe4\\xb1\\xaf\\xf5\\xa5\\xb9\\xb6\r|\\x8e?3m\\x81fd\\xea(\\x1f\\x8f\\xbf\\x9cg\\x86t"
  682. },
  683. {
  684. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01\\x8e\\xc7\\xd3\\xdf\\xbbl\\xc3}\\x7fq\\xc4m\\x84\\xd7fw7\\xa4\\xf6k\\x9f\\xc3\\xcao\\xfa\\xd3}\\x93\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  685. },
  686. {
  687. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01$]\\xe1\\x822\\x01\\x04v\\x1d\\x96\\xc3io\\x14\r\\x91\"\\x04\\x82\\xe7\\x0fg\\xca\\x99\\xb4n\\xe4\\xf7\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  688. },
  689. {
  690. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01\\x9e\\xc3g\\xca\\x11\\xeb\\xb5\\xe7\nc\\xfd\\x18r\\xf2\\xc7\\xb6\\xb5\\xce\\x91\\xa2c\\xc1i\\xa6\\xdc\\x90\\xd1\\x11\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  691. },
  692. {
  693. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01<d\\x8d\\xbd\\xb0\\x8a~\\x04\\xe9b\\xb2\\x18\\x8c\\xbe\\x9a\\x94\\x0e\\\\xfbn\\xfa\\xa5\t\\xb0)s\\x10|\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  694. },
  695. {
  696. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01j4\\x89\\x081\\xbf9\\xbau\\x95\\x12`0\\x9b\\x8f)\\x9f\\x0c\\xf1^\\x92\\xc0\\x8a\\x1c\\xfdb\\x15`\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  697. },
  698. {
  699. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04r\\xfe\\xec\\x1f\\x07\\x800\\x19\\xd5\\x052\\xea\\xc0ya\\xeao\\xac\\x11f\\x1c\\xde\\xa1\\xa7zzq\\xdc8\\xbd#k\\xbd\\xc3\\xcfs\\xf8m\\xdc\\xdf.%\\x002\\x87bgh\ng\\xd6c\\x18u\\xbc\\x92\\xfcs\\xe9\\x83`\\x07\\xa1\\xf7\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xcba\\x83ruk\\x1d\\x10\\xcc\\xc3\\xba\\xca\\x1cj\\xb6zbp\\x1fl\\xce\\xea!\\xb8\\xf3\\x038\\xd4\\x0fw+\\x85\\xfe2t@gn\\xdf\\x91\\x00\\x85s\\xa6-\\x0b\\xac\\"
  700. },
  701. {
  702. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04:\\xca[s\\xf3\\xa6\\x13\\xd4\\xd9/\\xf6\\xfe\\xc6\\xbb_\\x0b\\xc1*\\xe5=\\x1f \\xfa4(6>%c`.\\xbf\\x9f%\\xf4v\\xb6\\x14j\\x92\\xf4\\x03\\xcf\\x00\\xd9\\x81\\xf5\\x89\\xeb\\x81z\\xa9_\\xf5\\xba\\x9er\\x16n\\x88l\\x9e\\xe3\\x8a\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xf9\\xc6\\xb4)`op\\xa4\\x10\\x8e\\x05\\x08+;wl\\x9c\\xda\\x8au\\xe4\\x88\\x05\\xaf).`\\xf7l\\xd27\\xf5\\x05\\xb1j\\x92\\xfbq\"6\\xd7p\\xdf$\\xbe\\xad\\xdf\\xed"
  703. },
  704. {
  705. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xc6\\xdd)\\xd1\\xa4\\xad\\xeal\\xecq\\x93]\\x12\\xc8\\xc0pg\\xd1\\xd9a\\x0c\\x84\\xddc@\\xb0\\x0e\\=\\x808\\xe9\\xc2uj\\x89\\x08j\\xa7\\x98\\xde\\xe1\\xb9\\x8c\\x0c\\x18h\\x82\\x930\\xbbl\\x1a\\xed!\\xf7[ 'w\\x04\\x04\\x91\\xd4\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x90q9\\xb4n\\xf6tjn!\\x8c\\x97o\\xc6\\x00\\xfd\\xb7\\xd2\\x9f'/,\\xc7^\\xc3\\xaa\\x1f\\xe7\\x9el\\x11\\xaa\\xdb\\xa9q\\xceu\\xb55\\x1f\\x81:{z3\\xf0\\xf7p"
  706. },
  707. {
  708. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04m\\x87\\xea\\xf9\\xd4\\xc9`&\\xe2\\x1b\\xbf6[sm\\xc9\\xd0y\\x0f\\x11\\xf3z\\x9bk\\xfeg{\\xbb\\xd4\\xa5\t\\xfc\\xdd\\x9au3&\\x9a\\x01@m\\xe3&\"\\xccxi\\x17<\"b\\x895`\\xe246/\\xdc4lt$\\x98\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x0009x/4\\xb6\\xe4p\\xa1/\\xc4\\xb6\\x8e\\x81rlp\\x06\\xf2n\\x80\\xa4\\xce\\xee\\xac\\x94\\x7fs\\x88o\\x8d\\xe7\\x14p\\xed%\\x07\\x14\\xe1\\xcb\\x8f\\x98\\xba\\x1dq\\xa99(\\xf0"
  709. },
  710. {
  711. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04}\\x0b\\xa6e\\xb3\\xa4r\\x17\\xd4r\\x86\\xa9\\xff\\xc4\\x0by\\xbe%tr67\\x13\\xed\\xa7\\xbc\\xa9\\xaew\\xc7g\\x84*\\xf4\\xcb}\\xa7i\\xf9\\xca\\xee\\xb7\\x03\\xd9\\x07\\xca\\x0c\\x00\\xebw/\\xd4k\\x9f;\\xb2\\xa5\\xf5\\x95r\\x06\\xc3\\m\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x96\\x9fn\\xea\\xde-\\x1b\\x1esye\\x86\\xfe6\\xbev\\xa58\\xd2_\\xb6:\\x96\\xd5\r\\xf6\\x84\\xba\\xf5\\xff\\xdd\\x97\\xddx\\\\xeb\\x86\\xf2\\xb4\\xfa\\x9d\\\\xdf\\xbe\\x05\\xdey\\xdd"
  712. },
  713. {
  714. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04b\\x1d~\\x86e\\x1c\\xe5\\x89^\\xeci\\xd1,g\\x16\\x89\\xc3\\x13\\x166(\\xd3\\xe1\\x92\\xbf\\xd7\\xdfx\\xf9\\x05v\\xbc\\x95\\xc0:\\xde&\n\\x1c\\xd8\\x037\\xe1\tr\\xbdy\\x14\\x92[=\\xc8z\\xb3\\xa9\\x0e\\xfa\\xf5\\x88\\x95%\\xf1z\\x82\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xa9o\\xdeg\\x03\\x9e\\x8f\\x1d \\x9cnsr\\xc9\\xbc@\\x02\n!\\x1b\\xc9\\x0be\\xaf\\xc8\\x82r\\x0b\\xdc8\\x82\\x00\\x089k\\x94,lf\\xe4\\x82n\\x8da\\xa6\\x8cf,"
  715. },
  716. {
  717. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01>/\\xb2\\x84r$6\\x91\\xfb\\x985\\xe8s\\x9d\\x8dp\\x1b\\xa0l\\xa3'\\xeb\\x989\\xecb~\\x17\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  718. },
  719. {
  720. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xdaf9uzc\\x0c\\xbf\\xbd\\xbda\\xfa\\xdf\\x8a\\x94{\\x018xdn8p$1 \\x00\\x91\\xbd\\xf0\\x9f\\\\x03\\x88i\\x85\\xbd\\xed\\xe8\\x97\\xe5w\\x1f\\xac8*\\x98\\x13\\xd6\\x96g\\x98\\xa6\\xc2~\\xf5\\xb7\\xbf\\xc1\\xb6\\xf1\\xae\\x0b\\xdf\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xec\\x96\\x86\\xb7po\\x1fo\\x83<\\x05\\xd5\\xaf\\xe9\\xa2\n\\xa1g\\xc6\\x8cm\\xcf\\xdd\\xe9\\x15\\x87(\\xeb5\\xac\\x1e.\rb\\xb0(\\xd8\\xb1\\xdek\\xc6\\xdf\\xed+\\x18hp\\x1a"
  721. },
  722. {
  723. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04v\\x04\\x13\t:\\x9e\\xe0\\xaa\\xc1\\xae|7\n\\xf3\\xdf\\xe0\\x9d{\\xaf\\x0b\\xea\\xbd\\xc5_\\x00p\\x17^\\xe5\\xaf\\x15\\x8f7\\xd5\\xe6\\xac]\\xcdw]\\xe5\\xeb\\xe4\\x93\\x94\\x9a\\xfb\\xa2w\\x08\\xcc\\xa2\\x0f\\xe7b\\x198z\\x96\\xcc\\xaaz\\x94\\x8b\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000x\\x8dqt\\x07o\\x91\\xd0ae\\xe9\n\\x07#\\xfc\\x0c\\xa9\\x9f\\x18/\\xab\\xa9\\xb8\\x7f\\xa7\\xb5\\x99\\xba\\xd6\\xcdh\\xbd\\xa3\\xdb\\xa5\\x95\\x13e\\x06^\\x18.\\xdd\\xd3@wh\\x1c"
  724. },
  725. {
  726. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04j_e\\x9b\\x9a\\xebbh[\\xa0\\x0f\\xdf\\xd6\\xabr|zl.3\r\\xe1_\\xe3\\xa4,q\\xf4\\xf0\\xf4rt\\x8c\\xdff\\xc0\\xed\\xa54\\xf9\\xe3h\\xc9\\x87'e\\x84\\xa9k\\x12\\xfc\\x8aj\\xcas&\\x1c:\\x19m\\xd9y\\xc0f\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x81\\x01\\xde:}dv\\xbb\\xe1x4\\xee{\\x17\\xdb}_\\xd4\\xc0\\xa6\\x95:n\\x1cei/&\\xc7h>4\\xbb\\xe3\\xc2\\xf8g\\x17_\\xa4l\\x00\\xcc_?q\\xc6\\xcd"
  727. },
  728. {
  729. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x99u\\xe2&q\\x85\\xd2\\xc8\\x8dq\\xdehr\\xd2\\xc0\\x04\\x02;v\\x94_\r0\\xd7\\xcbw\\x9a\\xea\\xfd\\x9bs\\xd0\\x12z\\xb4\\x19\\x18\\xfb\\xd1\\xd1\\xe9v,\\xb4\\xbd\\xb9\\xeckxk9\\xd3\\xcbvh!\\xba}ke\\x04\\x17\\x7f\\xd5\\xeat\\x87\\x87?\\x90\r\\xfe\\x9c\\x1d\\xad\\xfb\\xfe]\\x98\\x85\t\\xdc\\xfdb6lo\\x0b\\xaf\\xa9\\x9c\\x0c\\xabk-pkj\\x96\\xcbc\\x0bz\\x82r\\xf5\\xfd\\xdd\\xbe\\xad\\xc0\\x84\\x04\\xf9\\x98\\x93y\\x8db\\x06?\\xbd\t\\\\xf4,\\xbb\\xaah=\"x\\xbe[k\\xfcv\\xa1>\\xa701\\xd2o\\xact\\x8cd!\\x948i\\xe6\t\\x11\\xac5s\\xb8\\xccjaz\\xbc7^8\\xbb!s`\\xe7\\xff**\\x99ont\\\\xb5\\x13m\\xd8\\xc4\\xb7i\\x9c\\xa1rl\\xa7\\x93\\xff\\x89\\xaa\\xf5_\\xf1\\x00\\xdaxp\\x00g\\xd6\\xbbxy\\xeb\\xd6\\xf8\\xd0x\\xea\\x9e9\\xba'1y\\x14\"\\xb4k\\xad\\xa3\\xdb\\x9d\\xd8\\xa7\\x96d\\x81\\x8f\\xa4;t\\xe9\\x12\\xca\\xd0\"\\xb7{\\x9f\\x83\\x10\\x03\\xfc\\x12"
  730. },
  731. {
  732. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\ry\\xabh\\xa1\\xe9\\xf9^\\xf7\\x1f\\xcc\\x80\\xc4\\xf8\\xc3\\xd6$^\\x19_\\xcb\\x8a\\x82[bh\\x85\\xed\\xd0\\x8e/i\\xc8\\x8e\\xc6[\\xa9\\x10d\\xc7\\x8a\\xec\t\\x14(@[t\\x95\\xa0\\xff\\x07\\x04\\x90\\xcch\\xd2)\\x9bqd\\xdbtp\\xebf\\x14\\xdf\\x88\\xdd\\xb5p\\xe8\\xaa\\xd3\\xcf\\x12\\x13\\x89\\xbb\\x9d0\\xc0\\x91\\xc9\\x0b2\\x06s\\x83$b\\\\x11\\x1c\\xbb\\x94\\xd4\\xad\\xd2\\x17\\xcf\\xa0\\xae5\\xff\\xf0r2\\x80'\\x12\\xf5\\xdd\\x11\\xc1\\x85\\xe0&\\xccn\\xd7\\x89\\xcab\\x03d\\xb7\\xc8<\\xea\\xcb\"-\\x19\\x80\\x9f\\xa3\\xccq\\x1b\\x16\\xc7b\\xf4\n\\xdbr\\x8d\\xb9\\x90\\xaae\\xed\\xee$\\x1e\\x7fv\\x8c\\xf9\\x7f\\x0e'\\xc1\\xbe\"\\xeb\\x1f\\x8c/\\xc4wl\\xdf\\xb4\\xac\\xb3\\xc4\\x85\\xf9\\x9a\\xea\\x97\\x0f{\\xe1\\x86\\xfb1\\xd7~\\xb8\\xbc?\\x08\\x86\\xda\\xf7m\\xff\\xaa4qr\\xfc\\xe3\\xa2\\x86\\x15\\xd77\\x8e*\\\\xb7\\xd0\\x8c\\x01\\x98\\x83\\xedp[\\x94\\x85\\xdb\\xf7g\\xdb*\\xc1?}me\\xcd\\xbc\\x13\\x1c\\xf7\\xe25\\xda\\xcb|be\\x165b"
  733. },
  734. {
  735. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x0f\\x86\\x96\\x8e\\xb4\\xd7\\xc4\\x80\\xf3\\xa1\\x08\\xcb\\x84\\xa5\\x0e\\x97\\xde\\xad\\xc8\\xdd\\xdat\\xe4\\xff\\x13\\xb3\\xa7a\\xa6\\x07\\xb3\\x05s\\xef\\x89\\x11\\x18v{\\x9cub#\\xa6\\xa57\\xba\\xd3\\x8b\\xc1\\xba\\xf6>\\xb573\\x0bz\\xa9\\x9c\\x8c5\\xf5\\xad\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000:\\x17_uq\\xef\\xb8\\x08'\\x07[\\xd7\\xc3\\xdey\\xfc\\xd5\\x94m&\\xe4\r\\x17[\\xc3\\x8bs\\xc29\\x88a\\x0e\\xc8\\xc1:v\\xcf\\x8b\\xc0j\\x07\\x8drv\\xf1]\\xb3g"
  736. },
  737. {
  738. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x86%\\xd1\\xfd%x\\xf3r4\\x84\\xf3}:?\\xc5\\x0b\\xc2\\xe6\\xbb\\xdf\\x97d\\xeck\\xa7\\xfcb\\x00+\\xd2\\xaf\\x08*\\xca\\xee\\xcbm\\xaf^\\xf6\\xf0\\x9d\\xc7\\xd1\\xaap\\xff\\x17\\xaf\\xce\\x1d\\xa3~\"\\xc2\\x8d\\x9b\\xf4.!\\xbe+s\\x0ef\\xd2\\x8an\\xf2x\\xb15=m\\x8e\\x83^\\x05}.\\xa6\\xc8\\x83\\xe7\\xea\\x96o\\xbe8~9}m\\x00\\xdc\\xe6\\xdd\\x19_3f32\\xc5\\xb1^ze\\xcc\\x93~\\xf6\\x8b\\x02\\xa7c\\xbf&\\x91\\xb4w\\xd7\\x08\\xc1\\x0b\\xfb\\x04\\xc9\\xd3\\xf1\\xac\\xd6\\x83\\xc0\\x8a\\xd4\\x1a\\xb4\\xaf\\xe5\\x0c\\xff{\\x07\\x07\\x06k\\xed\\xd5\\x19\\x8c\\x10\\x82kw\\xa1\\xd8j\\xdc\\x8e\\xfbk\\xdb\\x8e\\xf5\\x98t.\\x17t\\x81n\\x17\\x8a\\xd9\t\\xc0\\xc7p\\xfa\\x19agt\\x82pe\\xc5\\xd9\\x1b\\x89\\xcf\\x04\\xc6\\xa6t*\\xc9\\xc1\\x14\\x06\\x18\\x8f6\\xb1\\xafl\\x0b\\xe2\\x1a\\x85m\\x9c\\xae\\x06\\xf7\\x85\\x12b\\xb7e%\\xc9\\xbc\\x02\\x1c\\xee>z\\x90\\xd8\\xed\\xbaz\\xd2\\xbe\\xc2ce\\xeec\\xc5\\x8d\\x8a\\xc4e\\x05\\xd5a\\xf6\\xee"
  739. },
  740. {
  741. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xaa\\x1a\\x1ckl]5\\xfe\\xbea\\x8d\\xeb|\\x13@\\x8c\\x99\\xe8\\x07\\x95\\x90v\\x0e\\x87d\\x8b\\xe6\\xf08\\x7f\\xbcj\\xb0\\xfac\\xaf\\xf17\\x17{\\x1f\\xcf\\xf3.\\xe1\\x1d\\xb8p@\\x04\\x1e6\\x92\\xfcf3\\xcc)#\\xbd\\xe72d{\\xc8\\xff\\xb0\\x8e\\xc8\\x15\\xdd\\xa2#\\x0f\\x0fr\\x9c\\xca\\xd5\\xa3\\x8d>f\\xe4\\x05j\\xe6\\x9c\\xb9\\xd0\\x92\\xa1\\xaf\\xea\\xec\\xe9\\xf2d)0\\x98\\xba\\xbd\\xd7\\xc6}\\xf3u\\x87-(y\\xdf\\xc5'\\xe9\\x17\\xa6\\xaac\\xe9\\x97ux\\x84\\x9c\\x15\\xb3\\x9d\\x1d0\\xbf\\x886\\xcf\\x83u|0\\xb9\\x88\\x1e\\xac9\\xcb\\xc1\\xf8~\\xb7f\\xa4\\xfb\\xd2\\x86&\\xfe:\\x87\\xc5\\xbej\tb\\x97a/\\xcd\\xe8\\xe1=yq\\x8d\\xf0<\\xdbo\\xe56c\\xe6\\xb2\\xf6\\xd6\\xd0\\xba\\xe4*is\\xb4\\xcb6\\x06\\x81\\x81\\xedo\\xd9\\x8c \\xd9o\t\\x11\\xb29\\x02\\xb4t\\x1fk\\xb6r@@\\x06g\\xe7mes9\\x05qcr\\xf8\\xb9\\x1c\\x1f\\x9bh#\\xa5_\\x9d\\x8f}p\\xb8\\x975<\\xc5z7\\x8e\\xef\\x95\\xeb"
  742. },
  743. {
  744. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010cow)\\xc7\\xe3\\xde|t\\x7f\\x12\\xfb\\xe3qa2\\x9b\\xfdq\\xb5?\\xfd\\x01&a\\xde'zz \\xbd\\xb8\\xdf\\x18d~\\xee\\x91}\\x92x\\x0bt\\x8f\\x9d\\x92\\x99jjy\\x8fb\\x9c\\x83\\xb2\\xee\\x01n\\xc5\\xc2\\x91tx\\xf7da\\xae\\xccz\\xd4\\x1e\\x10hg\\x9e\\xda}mx\\x01\\x9a\\xb8-\\xd8\\x01hi\\x19q\\xfb\\xec\\x03\\xf5vrzjso\\x99\\xd145\\x07\\x1f\\xec\\x1c\\xd5<\\x04\\x91\\x13\\xc7\\x96\\x8e\\xfb\\xb3\\xd9\\xbc\\x0c\\x94 \\x1d$-\\x9b/\\x12/\\x12\\x19\\x98\\xdb\\x0b\\xe3/a\\xbd\\x99\\xbb\\x9al\\xba\\xed\\x824\\x9egg \\xf3\\xb4g\\xf2j\\x85m\\xcbua\\x9a\\x0b\\x19\\xe9\\xe5\\xcd\\xfc\\x81ds\\xbfc\"+\\x9cr\\xd5n\\xb9n&\\x9f\\xb6\\x88\\xfc\\x1b\\x7f\\xa0\\xb1\\x19\\xa0\\xa5\\xc3\\xb5\\xb8?\\x03!\\xa2n\\xa3\\xc5\\x12|\\xf5r\\xa2\\x0e\\xe9\\xbc\\x0c\\xfd\\xe5\\xff\\xde\\x1c_%9\\xef\\xd4\\xbb\\xaf\\xb6\\x7fm\\xa8\\x1e\\xa0jts\\xe6\\xc3;w\\xfe\\\\xc0qh^+%\\xa95q[\\xf1bz"
  745. },
  746. {
  747. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x86[\\x1a\\xaa\\xc1u\\xd6\\xfe}\\xda\\xaf'\\xbd\\x94m\\x84\\xda\\xb3\\xb6\\x98\\xee\\x97\\xae\\xef\\xb4\\x97\\xe4\\xc4~\\x03\\xdf\\xf9c\\x8d\\xdby\nx/\\xbe-\\x16\\x97\\x11\\xff\\xe9\\xec\\xee\\x17\\x11\\xad\\xba\\x8c{y\\xf2\\xaf\\xe6\\xdcd\\xd5\\x9f\\xb9\\x99\\x96\\x8f=\\xd7\\xb2\\xe3\\xa6ns\\xc1-c7\\xdbi\\xe6s\\xe1%\\xd0t\\xf0\\xde\\xc6\\xe9\\xc6gm\\xd2@\\x8fs_\\xbe\\xee\\xd0$\\xea\\xe0\\xb6:\\x83\\x03\\x88\\xac\\x9b\\x12\\x11\\x91\\x03\\xd2<\\xdc\\x86ve5\\xf8\\x93e]u$\\xcc\n1\\xc6k\\xeap\\x02\\x97.d\\x91\\xba\\x14wqp\\xea\\xe4\\xe6\\xb7\\x91\\x0ec\\xf5\\xf1i\\x0e\\xf4\\xc09\\xf0\\x8b\\x8edle\\x16\\x8cd'\\x97\\xf2\\xdb\r+e\\xee#ou\\xc0\\x90\\x99j\\xb5\\x8f7j\\x81f}\\xff\\xb7\\xc7_^e\\xbd\\xcd\\xb0]\\xf0'a\\xbd\\x9f\\x9f\\x9e\\xa5\\xe0x!\\x0f\\xaf\\xba\\$\\x8e\\xb6\\x1d\\x93\\xa0\\x94\\x89r\\x10\\xaaxr?\\xe4\\xbd\\x03s\\xa8z\\x9b~\\x82f\\x1d\\xa4y|t\\x16a\\x1d\\xcc\\x0e@'\\xe9"
  748. },
  749. {
  750. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x01/)\\x9f11\\xdd\\xfa\\xb2'\nb\\xf4\\x18w\\xa1\\xc3k\\xb7\\x84\\xa5\\xf7i\n\\xaf\\xb2\\xba\\xaf\\x7f\\xaan{\\xd6ck\\xc4a\\xbea\\xfa;\\xa5\\xe9\\xcd\\xa7\\x01\\xef\\xcb\\xe3\t\\xee@hao=\\xb2\\xf5\\xf2\\x8a\\xc1\\x07t\\x1b\\xd1\\x81\\xb3l\\xdfwl\\x9cg\\x08y*2\\xa0\\xb4\\xbf\\x1aw\\x12\\xb9?g$\\xe8\\xde\\x8ct\\x89\\xd3\\x94'\\x81\\xbc\\x04\\x8b3\\x88x\n\\x15\rj\\x05\\x18\\x96\"\\xbf\\x1bys\\xbe\\xde(\\x93c\\x8f\\xaf&\\xb7.\\xb5\\x02\\x95\\x94uz\\xe1n(}t\\~\\x95\\x829\\xc99~\\xfdf\\x90y\\x15kw\\xc6\\xc5^\\xe9\\x94*\\xa7r\\xbfk\\xb1\\xd9\\x07\\xe0\\x8d\\x97\\xd7\\x7f\\x85<x\\xfc\\x80\\xd4\\x17>e\\xdb\\x98\\x9ee\\xca\\x0e\\xbd\\xc1[\\xa0j\\xbc\\xf1\\x95j\\x00\\x13\\xf6\\xdbc:\\xf0]\\xb6(\\xe0\\xad2\\xc8\\xf7'\\x02\\xbb\\xa6\\x83\\x04\\xbd\\xb6\\xb28\\xdc\\xf1\\xa48k\\xeaw\\x02r\\xe4\\x98\\xf3\\xe1u\\x93k\\xa5\\x96\\xd8c\\xa8u\\x9c\\xfe\\x9fegd\\xc1\\x15\\x19\\xcdf\\x7f"
  751. },
  752. {
  753. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe7-\\xf3\\xfcs\\x84\\xa0\\xe1x\\x9f\\xa3\\x0c\\xd6\\xdf\\x15\\x94.(\\xd6g\\xc0\\x86\\x8c.7@\\x9c\\x9a\\xa2>\\x1c g\\xe3d\\x9e\\x99\\x91.\\xc8\\xf1\\x16\\x8d\\xf8\\xd2\\xef\\xae\\xe4\\x12\\xe7\"f\\xa5\\x95\\x96\\xa0\\xa2\\xe2\\xf9\\xde\\x9d\\x85\\xc9\\xb7\\x93\\xa4\\xe7\\xcer+\\x8f)-\\x9f\\xba\\xca\\x82\\xfer[\\xa8]\\x99\\xfdg#\\xdf\\xfdl|9\\xcb\\x9bs[\\x15\\xb3\\xbc\\xb5\"\\x99\\xfb\\xf6wjsl\\x1ej\\xc2\\xd6\\xab\\x1bt^\\xb4\\x92\\x19p\\xcd\\xb6\\x95zo\\xf4\\x86\\xe6wj\\x07\\xe8\\xb4\\x9a-\\xf1dx<\\xec\\x17\\xd2\\xa2\\xeab\\x93&\\xe9n\\x7fc3d0l\\xdb\"\\x00\\\\xc3\\xe9q\\xf5\\xc8\\x00r5\t\\xcco\\x94}\\x0bzu\\xc9\\xb4\\xac(2\\xef\\xc7\\xdc\\xe7\\xd8\\x8bo\\x02\\xa4\\xaf\\x13>fl\\xa5\\x14n\\x06l\\x16\\xb9\\x02\\xf4\\x91|.\\xfb*\\xd4\\xc5\\x85\\x86\\xb6\\xaft\\xed\"\\xc7\\x866|\\x13d\r\\xdf\\xe1z\\xa0\\x08\\xd68\\xa54\\xfe\"ru(\\x80\\xb1\\x8c\\x98\\x855o2\\x80\\x92<o\\x15\\xee"
  754. },
  755. {
  756. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010f\\x06\\x9c\\x95\\xaev\\xd2j\\xdd\\xa3\\x03:\\xe4\\xc9\\xe0z\\xb0\\x91a\\xa9e\\x9a$p\\xb0\\xc0\\x10\\x0b,\n\\x8c\\xe6\\x18\\x02\\xe1e\\x81\\x19p~\\xd3\\x98\\xead\\xc9\\x96?\\xf9\\xa7\\x8c\\xa9y\\xac\\xaa]\\x8d\\xe48er\\x003i\\xb7e\\xa1x.\\xe4k\\xcbu\\xe9h\\xc4\\xb0\\xb2\\x1ee\"\\xdf\\xcf\\x11\\xeb\\x1ca\\xf3\\xa6\\x16\\xfa\\xa9'\\x8b/u\\x0c\\xcah_\\x15\\xc8.\\x08\\xe0\\xae\\xaa\\xfc\\xf4\\xf1\\xd1\\x93\\xf1i\\x80.v\\xaa\\x10\\xefy'\\x1d\\x97\\xa5:s&\\xee\\x87\\xb5\\x03\\x86\\x04y\\x82\\xe9\\xe3~\\xb1<-\\x01z\\xfa\\xf8y\\xa8gl\\x81.\\xbd#%\\xe3\\x18\\xf3k\\xea\\xde\\xfdf7j\\x87:n\\xd8\\xda \\x11\\x06\\x8d\\x81\\xa9\\x9brw\\xe4\\x1c\\xacn=z\\xddaax.k\\xa4cs1i\\x9d\\xc2\\x8bpo\\xf9x\\xf9w/\\xa5\\xf5)`\\xed}\\xf1\\xf1\\xc7b1\t\\x96~f|\\xc2\\x85\\xac\\x97\\xfc\\xc5\\xaf\\xc7\\xa1\\x88\\xc6\\x8c\\xf4\\x9b\\xffj\\xf3\\x19\\x8dcaz\\xd7\\x9c\\x16=\\x88\\xdd\\xc8t"
  757. },
  758. {
  759. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x0108\\x05\\xf1\\x9avy \\xc5\\xc2q]\\xe1|r\\xc1\\xfa\\x80\\xa0\\xb7c\\xfcv\\xbf\\xdaz\\x83c\\x19\\x16\\xc0\\x11\\xee\\x02\\x0br@\\x89\\xc5+\\xc4\\x0eaq\\x96\\x8b!o\\x1d\\xf9sy;l\\xe9&e\\xf0@!k\\xf7\\xa5\\xd9]}qg\\xbc^\\xb6\\xe8 \\xfd\\xc0\\xa6\\xf5\\x1e\n\\xd4\\q\\xfc\\s\\x08w\\xd5\\xf2\\xd0<\\xbcb\\x8by\\x02u\\xb2*\\x80\\xab#@\\xa8\\xa6\\x0c\\x0b\\xfb;\t\\xc7\\xda\\xc0,\\xfc\\x19ki\\x10)\\x1f(+\\xbd4\\xe3\\xb0\\xc8\\xce\\x08v\\xff\\xf1e\\xf7n\\xed&l\\x00\\xa6\\xc8\\x08\\xe0\\x7fl\\xd5\\x05\\xecj\\x05m\\x83+ly\\x0eqa\\xad\\xc4\\x8aj\\xf8^\\x82*\\xfa\\xae\\xe5\\xcf\\x91u\\xcdyn'!\\xdf|\\xa3\\xe38\\x81\\xb2\\xf3}i\\xff05\\xfdt\\x03\\x86\\xc9\\x08\\xbcze\\xf1\\xd4\\xeb\\xf2f\\xd1]\\xf7\\x0cl:\\xdes)\\xc2t\\xfb\\x90m\\x07\\xfa\\xd6\\x0egf#\\xe6\\x18\\xa6\\xael\\xfe\\x07\\xeaaw\\xe8\\x1ex{\\xe9\\x1f\\x86m\\xd2\\xb1\\x92\\xbc\\xc4mv\\x16"
  760. },
  761. {
  762. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x02\\x86\\xa7\\xe8\t\\x8d^\\x9c\\x93\\x8c\\xc3r\\xab\\x8d\\xd3tzah\\xcbb [`\\x04h\\xb6\rm\\xcd\\x95/\\x99y\\xfe\\xaaz\\xfbh\\xb7\\xc0s#>\\xa3\\xebv\\xdc\\x94(\\xe2k\\x98\\xb6\\x07\\x0b5\\x80\\xd8\\xc1\\xbe\\xd0\\xf7\\x19\\x17\\xd1\\xf2\\x93\\xd7\\xc1\\xcb\\x198\\x8a\\x8e6*\\x8b\\x9dj\\x1b\\xcf\\x18%'\\xc9=7\\xbfj\\xe7\\xd7\\xd7\\xdf\\x7f\\xdfq\\xe3\\\\xde\\xa3m\\x82\\xa3\\xd5y\\xf2g\\xeb\\xf5\\x0e\\x1e\\xdf\\x99_\\xb0\\xda?\\xad\\xd9c=n\\x010\\x0e\\xe9i=\\x10fz\\x8f\\xd9\\xaet\\xaa\\x91\\xa6\\x80\\xb6\\xf6\\x19:\\xd1\\xbf\\x8d-\\xc7y\\xa3{\\x14\t9~\\x97\\x00\\xcdc\\xef\\x18\\x17c\\x05\\x0breb\\x18@\\x9d\\xeb}}2\\xe0\\xe1g%s\\xfc\\xdb\\x196\t\\xc1bp>\\x84\\xec\\xc5\\xa7]\\x8b\\x9a\\xa2\\x18\\x83\\xe1\\x19\\xeb\\xcf\\xad\\xa5\\x893{\\x0b\\xc9\\xc4\\xcf`j\\x97mw\\xc8$\\x00\\xc0hm\\x87n\\xe6\\x01w\\x9eu8\\x90\\xf8s\\x85\\xae\\xa1_\\xb6\\xb4\\xcaq\\xa7\\xb9\\xd2\\xfb|=//"
  763. },
  764. {
  765. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010u\\xe8\\xde\\xbd\\x1f\\x1aiag\\xfd<\\xb6\\xc3a\\x9et\\x1c\\xe8h#a>\\xee3\\x10#\\x83`\\xff\\xdf\\xe8n\r\\x9a\\xb2\\xa1\\x01e\\xd6\\xcb\\x89\\xddd\\xa0:\\x1b\\xa6\\xdc\\xa5\\xeeog\\xbc\\x17\\xf3k\\xad` \\xabi\\xab\\x13\\xe0;\\x9b\\xb9\\xff\\xae\\x1f\\x8b\\xd9l|c\\x93\\xdb+o\\xb0\\x86\\xae\\x0e#3u\\x8f\\xff\\xf2\\xac\\xc1\\x8d\\x16ge\\xe4bw\\xa1xc\\xc6hj\\xf43\\xb1s2:\\xaa-\\xe2\\xb8\\x7fr\\x06\\x05\\xe1\\x92\\xd2\\xa4\\xfa\\xc6\\xae\\xaff\\xc4\\xe5]\\xff<k\\xcf\\xc1\\xcc\\xc1\\x19\\xa2\\xb5\\x1d\\xd8\\xc5\\x18\\xf7k<o)\\x86)el\\x16\\x8a\\x9f%\\xfah]dg\\x1c\\xdc\\xf0u\\xf8\\x87\\xe8\\xc5oi\\xdd~gx\\xb2|\\x8d7ex\\x11\\xf7z\\x1f\\xffz;\\x18u\\x17\\xffas\\xfb)v\\xf9t\\x1c\\xbc/\\xa0\\xce\\x01\\xbans\\x97\\x1d\\xc1\\xa4v\\x12\\u\\xc08\\xb1\\xd8\\x82j\\x95\\xb4\\xf3\\xe9\\x04\\xdes\\x03\\xfb\\x15mw\\xe5,\t@\\x84t\\x9c\\xbd \\xda\\x816y+\\xf4\\xd1"
  766. },
  767. {
  768. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xc2\\x9f\\xf5\\xcd\\x17\\x07g\\xe1r\\x1b0}4\\x80!\\xeb\\xe9\\xe4\\x01\\xca\\xaf>8f,\\xf9v\\xd4`%yg\\xd8\\xafj\\x80\\xa1\\xc1\\xaa\\xac\\xdb\\xb4\\xe3\"\\xfd'\\x97)\\x0f\\xdf\\xe2zf\\xd2r\\x17\\xa0\\xbdf\\x90\\x18\\x884n\\x8a\\x1a\\x89#\n\\xd7qzsf\\x1c\\xf4\\x13\\xa5\\x0e\\xc2o\\xf2\\xa7\\\\xee=t3\\x90\\xf6pv\\x9e\\xd1\\x9a\\x18\\xfe\\xc5\\xe2a\\x10\\xcau3xc\\xaa\\xd3\\xd7f\\x8d\\x7f\\xb6\\xd8%\\xe9\\xc9-#az\\xdbi}\\xee{g\\x90)\\xd0*&\nk\\xf7\\xfe\\xa3!\\x80\\x0e;\\xd3\\xfc\\xdcj\\xb6\\xb1\\xf3k\\xab\\xaf\\xd5\\xe0\\x04wm\\xf4\\x08\\x87 fa\\xff\\x08\\x85vg,\\x87\\x05)\\x82\\xc4\\xd05\\xf8no\\xa4\\xad\\xd0\\xf0e\\x0e^05\\xc4j\\x1c\\xbf\\xcb\\xdf\\x83\\x89\\xb5\\xf1\\xa6e\\x16\\x18c\\xea!\\x84\\xaa\\x19i|o\\x0f.\\1\\xced\\x98m\\x8bm\\x12\\x15vor\\x111\\xec\\x16~-\\x05\\xdd\\xdbs\\xe6\\xbb\\x92m7(\\xd1\\\\x83n\\rh\\xf8r\\x81"
  769. },
  770. {
  771. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010i\t\\x01\\x88\\x1a\\x13\\x98\\xaca\\xa5\n\\xd4\\xa8\\xb6\\xe2\\x84\\x02li\\x1544\\xedq\\xff|\\x88\\xf0\\x96w\\xad \\xe4\\x1e\\x1b\\x1a\\xac\\x0b\\x92\\x8b\\x14\\xf2\\xf4i\\x97\\xc8u\\x03\\x8d\\xc0\\xa9&\\xd2e\\xaa\\xfa\\x87\\xd4go\\x8f\\x8e-\\x10\\xe7\\x1b\\xb6\\xfe\\xac:\\x85\\xaa\\xc2\\xe5\\xa3r\\xbc|d'\\x9d\\xfc\\xf1\\x1b\\x83\\xbe\\xc7\\x08o\\xa1\\xc4u\\x19\\x05\\xc2\\x83\\x98,&\\x01\\x12\\x9a^\\x8bej\\x89\\x1f\\xefgc\\x01\\xf2mk\\xb2u-7\\xda8j\\xdb\\xa9m\\xd5\\xf7\\x84c\\xa2\\x07\\xe6\\x1a]>!\\x8f\\xee\\xbd\\xb7\\xe0<\\x07\\xe7\\x01o\\xbd-\\x02\\x8f\\xdd\\xb8_it\\x14%\\x85\\xfcc\\x82\\x11i\\xa1\\x1f\\x06}\\xe6\\xf6\\x05\\xae\\x94\\x0b\\xc2\\xbe\\x157\\xe0#\\xd5\\x05\\x11x\\xd3\\xc4\\xf4\\x13\\x1b\\xc6\\xc3\\xfd\n\\xa58\\xeb\\x85\\x19\\x92\\xfa\\x1e\\x00[@\\xb5\\xbd\\xdd\\x9e\\x845\\x8d*\\xc2\\x00\\xffq\\xd5\\xf0\\x99db\\x94\\xefu\r/1l\\xbd\\xb5o6\\xa1\\xe2\\xack\\xaf\\x0eh\\xec.\\x9e\\x86g\\xad\\xf8\\xa2\\xbepi\\xe0\\xcc"
  772. },
  773. {
  774. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04)-\\x11\\xbe\\xd6\\xda\n>\\xe4\\x10\tm\\xc91^\\xd4\\xd8\\x17\\xd0\\xa7p\\x84\\x8bdn\\x82\\xbd\\x0fq\\xfc\\x85\\xb9),w\\x8f\\xe9\\x06\\x16d\\xb7s\\xa4\\xcb\\x9f\\xa6\\x1b\\xe8\\xe3)h\\x99\\xa8\\xca>\\xa3\\x80\\x8e\\xeb\\xb0\\x84%-)\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x9d\\x7fw\\xb0\\xa3 \\xfd\\x83d\\xf3\\xb8h\\x8a\\x0c\\x0fc>\\xb9\\xd9\\xe4p\\xb6\\x01a\\x8a\\xb4\\xad\\xcdl\\x1e2\\xe08/\\xd6\\x9e\\xc4\\x85`\\xbb\\xca\\xea\\xdf\\xd5\\xef(\\x1a\\xbe"
  775. },
  776. {
  777. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x85i\\x0f\\xf8\\xd2gbr\\xc4o<\\xf2\\xe0\\xc7\\xcdn\n\\xec\\xca\\xc8dx\\x05+\\xd0d\\x7f\\x00\\x086\\xaa\\xbc\\xbdz\\x85\\xda\\x17\\xafp\\xae\\x17\\xc4\\x8cu\\x16\\xd5/\\x16\\xfav\\xa8}<\\xa9\\xb4y\\x03t\\x8e\\xbbfv\\xa7$\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xbep\\xea\\xf5\\xe4\\xa3oc\\xc3\\x02z\\x16\\x0c2g\\x96ivpa\\x94]\\xbal\\x03\\x99\\xf2\\xef&\\x16\\xe5\\xab\\x19\\x0e\nn\\x890o\\x98\\xa0\\xdeg1s\\x061+"
  778. },
  779. {
  780. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xba\\x8d\\xb8\\xfc;p\\xf75\\xd4\\xecv\\xc3\\x87\"\\xf2\\x9c\\xf4ce=,\\xde\\xcfn\\xb2im\\x91\\x1en\\xeb\\x9f\\x0c\\xebr\\xe7\\xce\\x94#@c\\xae\\xc3\\x84w\\x9e\\xa0\\x91e\\x1a\\x93\\x85z9\\xfff\\xbf\\x02a|\\x93q\\xbb\\x9c\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xc7c\\xac/\\xf1\\xe0\\xe4\\xb0w\\xcey\\x96\\x93\\xe0\\xe1\\x93\\xb0\\xff\\x82\\xe0\\xe6\\xf6\\xe3\\x16\\x13\\xae\\x85\ru\\x94\\xce8_\\xcc\\xb7i\nep\\x97\\xd2\\x8f\\x8c\\xbee\\xbf.\\xb3"
  781. },
  782. {
  783. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x7f\\x95\\x9694\\x80[w\\xb5{\\x8d\\xc4b$\\xf8f2 \\xf1\\xd2\t\\xdap\\xcbu\\xb1\\xcf]\\x13i\\x89\\xb7m`\\x19\\x87f\\xb5\\xd2\\xb5\\x80\\xdd\\x04\\xcf\\xb0p\\xbd\\xea*k\\xce\\x98\\xaau[-\\xf6!q\\xc9\\x1bu5a\\x109\\x804@qn\\xdd`\\xa3\\xc5-\\x8b\\xce\\xb1\\x13~\\xef\\xee\\x08\\x85=\\x96\\xf7\\xa4\\xfa@ \\xc4\\xe9\\xfd\\x10h\\x12\\x97r\\xb8?(\\x91\\xdeu\\xf7\\x9a\\xcanbn\\x1c\\x04\\x9d\\xa0\\x17\n\\xc9\\x05n5\\xacm\\xe7\\xe8\\x06neij\\xb6\\xb8oqc\\xcb_\\xfdk\\x06\\x08\\xd4c|\\x0e\\xa9zv\\x1c\\x9f>\\xc8m\\xfc\\x0e\\xf8?\\xb34/n\\x08\\xafq\\xd6vt7\\xca\\x9e\\xc8\\xb6\rn\\x04~\\x93\\xb5\\xf5\\x8daza\\xe7\\xd8@q\\xb0\\x81\\xe3\\xc9\\x94\\x87\\xdd\\x07f\\x8a\\xc0+q\\x8dp\\xda)$\\xfb\\xab\\xc8\\xe7\\xce$\\xdde\\x8c\\xc4\\x0c\\x13v\\xfc'\\xc8\\xd2:j\\h*\\xe1\\x7fu\\x06+\\xae\\x818\\4'x{\\xa7\\x9d\\x1e\\x12!\\x81\\xe8n\\xa6x"
  784. },
  785. {
  786. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x94\\x82|\\x8b\\xd2\\xde\\x1c\\xc1\\xec\t_\\x91d\\x0b\\xa6\\xe0y\\xf2\\xbe>\\x87)\\xb7\\xf7\\x96\\xc4\\x848\\x8b\\xb8\\x16u\\xa2\\xa8\\xd2\\x94\\xfd.\\xf9}$>\\x11\\xd1\\xca\\xb7\t+4;#\\x82w\\xd4\\xd49\\xf3.[\\x1d1\\xd2\\xd8\\x1f p\\x17\\xcbvm\\x17\\xa0\\xd6\\xf5\\xba\\x1a\\xcdzf\\xa6\\x96}\"\\xd7\\xfc1\\xc1\\xc2(\\xec\\x9b\\xff\\xd8\\xf6hp\\x81\\xa3\\xce\\xea\\xb3\\xc5h\\xfb\\x0b\\xb22\\xc9a\\xa5g\\xfb\\x18p\\x9a1\\xe6\\xc1\\x85\\x04\\x1c6\\x18\\xe0\\xd4\\x18\\x11\\xcdma\\xe0\\x00h\\xa2\\xae\\xaf\\xd3\\xd7\\xd4\n\\x01\\x8b\\x06\\x0f\\x1c\\x85\\xb2p\\x15\\x04nw\\xc01|j\\x81b&\\x9a\\xa0\\xb5<\\x8ckz\\x97\\xd29\\xad\\xb8\\xf6\\xa1p\\x7f\\\\xb0\\xe1\\xb3\\xc5l\\xf4\\xb5\\xb9=\\x0ce\\x02qo\\xe8\\xe7\\xba\\xd7;\\xa2\\xbf\\xfa\\xbc<>\\x90\\xd6?\\xda{\\x98\\xbd\\xca-\n\\x84\\xb3\\xc0i>\\xd0\\xc0\\x16\\xffx*#c\\x0395\\xc5\\xde\\x9111\\x07d2w\\xf8\\x00\\x04t7\\xa0\\xb9s\\xd1?\\x01\\x04j\\x89%"
  787. },
  788. {
  789. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x0fj\\xb3k[u\"f\\x05tv\\xfa\\x15\\x8e\\xde0q\\xd6\\xc3\\xfd\\xe2\\x0c\\x17\\xf2@w{\\x85\\xcem\\xc4\\x05t\\xcfv\\xb6x\\xc2\\xf8\\xd3\\x85f\\xad\\x97\\xafe\\x96\\x18\\xd2\\xfb\\l\\xbb\\xe1t\\x00\\xab\\x01\\xf4i\\x97\\xf0\\x0e2\\xd1\\xa02=k\\xf2\\xc1o\\x0b\\x96\\xfak\\x1fo\\xca\\xads{\\xa2\\x94\\x19\\x11\\xcbk\\xe6\\x0e\n~\\xea\\x85\\x92\\xd8\\xce\\xdc\\xc0\\xd0\\x1d;\\xb9^\\x92]y\\x00\\xbb\\x15\\x8a\\x7f\\xc0\\x02n.\\xf9.\\xb8\\x1e\\x9a\\xf2)*\\xba\\xcc\\\\xc0\\xb2q\\xec\\xaa;1$\\x8aa\\xe4\\x87\\xbd%c\\x08\\x88vsw\\x03\\x02\nj\\xb2\\x97\\x14\\x13\\x97\\xb2ir\\xc1y\\xd6\\xfd\\xe4\\x00\\xa6\\xff\\xaa\\xd4\\x111\\x88\\xa2\\xc4\\xa1\\xa4\\\"\\xcf\\xbct\\xe6\\xbb<\\xf0~sjn\\xaa\\x15\\x82\\xect\\xae7\\x1a\\xce\\xf4\\xd5\\x94[x\\x0b\\xe8k\\x86\\x1c\\xcd]\\xb4`n\\xe9\\\\x02\\xa3\\xd7\\x1e\\xbd\\x81+j\\x84\\xd8p\\x98dwwo\\xa6\\xf4\\xdd\\x19;\\xfb\\x05\\x1cb\\xd3\\x05dp\\x84rxv`\\xbd\\xc6"
  790. },
  791. {
  792. "http_request": "winword.exe_WSASend_get /pki/crl/products/microsoftrootcert.crl http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: thu, 07 mar 2019 06:00:16 gmt\r\nuser-agent: microsoft-cryptoapi/6.1\r\nhost: crl.microsoft.com\r\n\r\n"
  793. },
  794. {
  795. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x7f\\x01\\x00\\x00{\\x03\\x01]\t\\xf8\\x05q\\x16\\xf4g\\xedwl\\xf6x\\x94\\xb1\\xe3\\x14\\xb2\\x19\\x82\\xc3)tc\\x88:t\\xfd\\x95\\x84\\xe1\\xc4\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00:\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00!\\x00\\x1f\\x00\\x00\\x1cactivation.sls.microsoft.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  796. },
  797. {
  798. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x01\\x06\\x10\\x00\\x01\\x02\\x01\\x00-a\\xd1%\\\\x1e\\xee\\xbb\\xbc\\x1d\\x19\\x96\\xfa\\xc1\\xe5`\ru\\xd2\\xfe\\x19\\xdep>\\xec\\x14\\xd8\\xe2\\xd0=\\xaa\\xf8\\xc1\\x89-\\xcc\\x124g\\xc6y\\x9e\\xd5\\x92\\xe7\\xe5b\\xc6q0\\xa7\\xfb\\x7fy\\x11\\x1f7\\x80l\\xc6\\xd6\\xb3f\\x84\\xd9\\xb9\\x13\\xeb\\x881\\x85\\x11x\\xb6\\x1a\\xcac,g\\xc0\\xc4?\\xbb\\xed\t\\x90\rrp4\\x7fk\\xc74\\x8a`q\\xbaa\\x90\\x17}o\\xbc\\x8b\\xde\\x0c\\xe7\"\\xdd\\x85\\xf9\\xf5\\x9c\\xa0=~<4\\xccklhw\\xecbb\\xd5\\xf7\\x97q\\x03\\x810\\xb3\\x9a\\xcd\\xdd\\x12\\xf0\\xaex\\xd4\\xd5\\x89\\xfa\\x08\\xe0\\xb04\\xb0\\x1b\\x1e\\xba\\xd3c\\x83\\xe20\\xe4\\x8f\n\\xc7>\\xa9\\x94\\x99\\x81`\\xe9\\xcaj\\xc0dr\\xb2.;otc\\x1b\\xb0e2\\x17\\x1b\\x08od\\xb3\\x17\\x05\\xe0_\\xd5\\xe2\\xf3\\x93\\xd1v\\xd9\\xd5f\\x15l\\xb7g&\\x82rq#k\\xd2s@:c49\\xab\\xbf\\x87\\x92\\xaa\\xb5\\x04\\x053\\x8f\\xaa3\\xd4\\xd0v\\xba2^\\x03k\\xf2\\x12\rv"
  799. },
  800. {
  801. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01`\\x99p\\x8fm\\xcc\\x13\\x9b3\\xce\\x95q\\xb96t\\x14h\\xc6\\xfb\\xbdy\\x87-\\xbf\\x8e\\xab4^\\x9f\\x94>\\xdfi6y\\xc4\\x81 7q\\x9d\\x01\\x87\\xd1\\xf4\\xed@\\xab\\xa0a\\xb9\r\\x07}^\\xc6*\\xe3\\xba\\xe2\\xb0p\\xfab\\x97\\x0c\r\\x1c\\x11a\\xf9x<\\xc5b\t\\xe4:gm\\xe5\\x07\\x88\\x08\\xeb\\xe8xz\\x92\\xe3{a$yejqx~\\x8ec\\xef\\xdca.\\xd1\\x9c+i\\x9c\\x14c\\x16e0\\x7f\\xa7w\\x9cu\\xe5d\"\\x83q\\xc3\\xbd|z#\\xd1\\x9a\\xef\\x81(\\x8b@s\\xcb\\x82\\x81\\xf2[f\\x00&^\\xb1\\x1bsle\\xe7\\xd8^vp\\xaa\\xa0;\\x10\\xf0\\xac}\\x17od\\x9c\\xe6\\xd7\\xff\\x14*/\\xc8\\x0b`\\xb2\\xe9\\x042\\xae\\x1c\\x9d!\\xf9&i\\x83\\xc1\\x04n\\x16k\\x9b.\\xa6\\x8e\\x17|\\x1ad\\x80\\xdd\\xa1\\xc2s\\xe9\\x80\\xc5q\\x9d\\xb4\\xe6m'\\x0f\\xf2\\x02\\x02u?\\xf4\\xe9$l\\xf24\\x9e\\xd4\\x88\\xd2\t\\x8a\\xb4\\x8f\\xe4g\\\\x04\\xeb\\xa5\\xa5/\\x97\\xc2\\xb6\\x9f\\x19<\\xab0"
  802. },
  803. {
  804. "http_request": "winword.exe_WSASend_\\x17\\x03\\x019p\\xbfe\\xde\\x84c\\xd3]?\\xd4\\xc2\\xba%\\x95\\x9d2\\xb1\\xb0\\xb7\\x9b\\x18<2x\\xe0,\\x0b\\xff\\xdal\\xc4\\xd9\\xbe{\\xf0\\xab!\\xef@\\x98\\x17.\\xd9\\xe8\\xb2\\x9fn\\x94\\xd1\\xd9\\xe2\\xfa e5\\xbc!m1\\xd0\\x15d\\xba\\xd1\\xe4\\x17c\\x99\\x9d\\xef\\xce\\xb8\\x87\\xb8\\xd07\\x9d7\\x1e\\xa4\\x14\\x0cq\nx{\\x18\\xcc9\\x93\\xd8+x%\\xa53i\\xf76\\xf1\\xa9\\x96h\\xe5nuh\\x83\\xcea/\\x81\\xfdz\\x9d\\xa1\\x9f\\xabg\\x11\\xa6t\\x8dn\\xeek\\x96\\xcc\\x16\\xde\\x94\\x9b\\x06/h\\xdd\\x06\\xe7d\\xd6;\\xbf\\xdec`\\x96\\\\x84b\\x86k)w\\x9b\\xae]\\xf3d/m\\xf1\\xf6b2'z\\x95\\xc5\\x83h\\xcf\\x06f\\x86\\x96 f\\xb1pm\\xd2\\xd2/\\x1aw\\x9c\\xe2\\xd5\\x07\\x90\\x87\\x02\\xc0\\xc9s\nw\\x07[s|)=\\xbd\\xc3x\\x18\\xe5\\x1a`\\xc1\\xa0\\x8bg\\x91\\xe3\\xb1\\xbd\\xc31t\\x83\\x99\\xa6m9;\\xe5ws\\x06\\x8f\\x83p\\x18\\xdf\\x16\\x11n\\xf9w\\xd6\\x94\\x1ey\\xf2\\xa3\\x80\\x11\\x03\\;"
  805. },
  806. {
  807. "http_request": "winword.exe_WSASend_\\xa4\\x01\\x01\\x00z\\x01\\x00\\x00v\\x03\\x01]\t\\xf8\\x12\\x1d\\x8bc\\x0e52)\\x9d\\x1b\\xd1kg\\xf4c\\x14|r\\xf0\\xe5\\x93\\x906\\x99\\xcd\\x10\\x8cj\\x82\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x005\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1c\\x00\\x1a\\x00\\x00\\x17odc.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
  808. },
  809. {
  810. "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04{\\x90\t\\xc7\\xc05\\xf8\\xc1\\x0e\\xb1\\xbf@\\xbf\\xe4\\xffb@\\x9a\\xdf<:\\xda\\xece\\xf2w\\xff\\x03\\x96\\xd2!\\x08h\\x18i\\xea\\xb5\\xf1 \\xca^\\x05x!k\\xd29\\xf8\\x05\\x04\\xab\\x0b\\xa0\\x00\\x86\\x93\\x9f\\xb5xw\\xc3]\\xbb~\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000$)[\\xd7\\xa5\\x87%\\xbaw\\x13f\\xd8\\xf5\\xf3\\xe2>*w\\xfdq\\x1a\\xd4yg\\xe1~\\xd0\\x91\\xa4\\x80\\x83=\\x9f\\x0c\\xc8\\xd3\\xda\\xfdl\\xd3\\x19}g&vn\\x10,"
  811. },
  812. {
  813. "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\x12>k\\xb3o\\xe8c\\xf4d\\xbc\\xe2d\\xac^\\xae\\xe7j\\xfd\\xb8i[\\xa1\\xbb\\x7f\\xb8=\\x00\\x85\\x15,&i\\xf1\\xb2\\x90\\xdef\\xc1\\x0c\\x06mun\\xad\\xda\\xe9s;s^t\\x9a\\x83\\x04\t\\xc9>\\xed\\x08]a\\xfc\\xf3\\x93\\xea|\\x84\\x14u\\xe6\\xa5\\x1e{\\x80a\\x18n\\x10\\xc6\\xfe-m\\xb2\\xf2\\xb6\\x98-\\xf9=\\f+\\x7fw\\xc8\\x955\\xc6\\xf1\\x10\\x0e\\xad\\xbd\\xf0\\xc6\\xaf\\xe2\\x8d\\xa1y\\xefa\\xf7b\\x1f\\xb8q\\x03\\xed\\x1a\\x8b\\x03)\\x89h\\x02n\\x95\\xf0\\xba\\xe99\\xc2\\xcd\\xbb\\xad\\x1d\\xe1\\xca\\xd0b9\\x8cjy\\xe7\\x10\\xfc{m\\x1b\\xa2\\x81\\xd7\\x12g\\xfb\\x88\\xd6+\\x7f\\x10\\xdc~\\xab\\x8ce\\xe5\\xaf;\\xa3\\xa2\\\\x8bg\\xc8\\x00\\x87f\\xe6z\\x7fx\\x13\\xcc\\xacoi1z^\\x1e\r'\"`k\\xb9#\\x1f\\xc6p;\\xe5;\\x14\\xbec\\x9a\\x91\\xe1`\\x15\\x9d\\x8b\\xd3s\\xe7\\x92\\x80\\xfd\\xe53\\x08q\\x17\\x86\\x14eyva\\x8d\\xd0w\\xda\\xe3\tf0@\\x02\\xa4\\x1f\\xe0\\xa8\\x1b\\xcc\\x95z="
  814. }
  815. ]
  816. },
  817. {
  818. "Description": "Creates a hidden or system file",
  819. "Details": [
  820. {
  821. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\~WRL0001.tmp"
  822. },
  823. {
  824. "file": "C:\\Users\\user\\AppData\\Local\\Temp\\~WRL0003.tmp"
  825. }
  826. ]
  827. },
  828. {
  829. "Description": "File has been identified by 28 Antiviruses on VirusTotal as malicious",
  830. "Details": [
  831. {
  832. "MicroWorld-eScan": "Exploit.CVE-2017-11882.Gen"
  833. },
  834. {
  835. "FireEye": "Exploit.CVE-2017-11882.Gen"
  836. },
  837. {
  838. "McAfee": "Exploit-CVE2017-11882.bu"
  839. },
  840. {
  841. "Arcabit": "Exploit.CVE-2017-11882.Gen"
  842. },
  843. {
  844. "Symantec": "Exp.CVE-2017-11882!g3"
  845. },
  846. {
  847. "ESET-NOD32": "probably a variant of Win32/Exploit.CVE-2017-11882.A"
  848. },
  849. {
  850. "Kaspersky": "HEUR:Exploit.MSOffice.Generic"
  851. },
  852. {
  853. "BitDefender": "Exploit.CVE-2017-11882.Gen"
  854. },
  855. {
  856. "Ad-Aware": "Exploit.CVE-2017-11882.Gen"
  857. },
  858. {
  859. "Emsisoft": "Exploit.CVE-2017-11882.Gen (B)"
  860. },
  861. {
  862. "F-Secure": "Exploit:W97M/CVE-2017-0199.B"
  863. },
  864. {
  865. "DrWeb": "Exploit.ShellCode.69"
  866. },
  867. {
  868. "McAfee-GW-Edition": "Exploit-CVE2017-11882.bu"
  869. },
  870. {
  871. "Sophos": "Troj/RtfExp-EQ"
  872. },
  873. {
  874. "Cyren": "CVE-2017-11882.C.gen!Camelot"
  875. },
  876. {
  877. "Avira": "EXP/CVE-2017-11882.Gen"
  878. },
  879. {
  880. "MAX": "malware (ai score=94)"
  881. },
  882. {
  883. "Microsoft": "Trojan:O97M/Obfuse.AE"
  884. },
  885. {
  886. "AhnLab-V3": "OLE/Cve-2017-11882.Gen"
  887. },
  888. {
  889. "ZoneAlarm": "HEUR:Exploit.MSOffice.Generic"
  890. },
  891. {
  892. "GData": "Exploit.CVE-2017-11882.Gen (2x)"
  893. },
  894. {
  895. "ALYac": "Exploit.CVE-2017-11882.Gen"
  896. },
  897. {
  898. "TACHYON": "Trojan-Exploit/RTF.CVE-2017-11882"
  899. },
  900. {
  901. "Zoner": "Probably W97NativeOnly"
  902. },
  903. {
  904. "Rising": "Exploit.CVE-2017-11882!1.B40D (CLASSIC)"
  905. },
  906. {
  907. "Ikarus": "Exploit.CVE-2017-11882"
  908. },
  909. {
  910. "Fortinet": "MSOffice/CVE_2017_11882.BB!exploit"
  911. },
  912. {
  913. "Qihoo-360": "virus.exp.21711882.d"
  914. }
  915. ]
  916. }
  917. ]
  918.  
  919. [*] Started Service: [
  920. "osppsvc"
  921. ]
  922.  
  923. [*] Executed Commands: []
  924.  
  925. [*] Mutexes: [
  926. "Local\\2BF388D5-6F8C-40A0-A7EE-996D005C4E14_Office15",
  927. "Global\\MTX_MSO_Formal1_S-1-5-21-0000000000-0000000000-0000000000-1000",
  928. "Global\\MTX_MSO_AdHoc1_S-1-5-21-0000000000-0000000000-0000000000-1000",
  929. "5CAC3FAB-87F0-4750-984D-D50144543427-VER15",
  930. "CicLoadWinStaWinSta0",
  931. "Local\\MSCTF.CtfMonitorInstMutexDefault1",
  932. "Global\\MsoShellExtRegAccess_S-1-5-21-0000000000-0000000000-0000000000-1000",
  933. "Global\\552FFA80-3393-423d-8671-7BA046BB5906",
  934. "Local\\{F99C425F-9135-43ed-BD7D-396DE488DC53}"
  935. ]
  936.  
  937. [*] Modified Files: [
  938. "C:\\Users\\user\\AppData\\Local\\Temp\\Docs_e5eedd3ea0def63d52e914333dca815e.doc",
  939. "C:\\Users\\user\\AppData\\Local\\Temp\\~$cs_e5eedd3ea0def63d52e914333dca815e.doc",
  940. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRF{1D551D94-0E19-4215-913F-F6A797F919FF}.tmp",
  941. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\15.0\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=10",
  942. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
  943. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
  944. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
  945. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
  946. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab1180.tmp",
  947. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar1181.tmp",
  948. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS{B70E099B-142A-4FF5-8065-BBE6C3CCEF31}.tmp",
  949. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\AutoRecovery save of Docs_e5eedd3ea0def63d52e914333dca815e.asd",
  950. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\~WRD0000.tmp",
  951. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\~WRL0001.tmp",
  952. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF9008C172DCE5C303.TMP",
  953. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3A66.tmp",
  954. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3A77.tmp",
  955. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3AC6.tmp",
  956. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C1F.tmp",
  957. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C20.tmp",
  958. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C30.tmp",
  959. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C60.tmp",
  960. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C81.tmp",
  961. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DBD.tmp",
  962. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DBE.tmp",
  963. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DAA.tmp",
  964. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DAB.tmp",
  965. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DBC.tmp",
  966. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3F75.tmp",
  967. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4021.tmp",
  968. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4032.tmp",
  969. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4043.tmp",
  970. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4054.tmp",
  971. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4076.tmp",
  972. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4065.tmp",
  973. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4096.tmp",
  974. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4044.tmp",
  975. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4191.tmp",
  976. "C:\\Users\\user\\AppData\\Local\\Temp\\cab45F7.tmp",
  977. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4627.tmp",
  978. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD",
  979. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD",
  980. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab4A4E.tmp",
  981. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar4A4F.tmp",
  982. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21",
  983. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21",
  984. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76",
  985. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76",
  986. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5231.tmp",
  987. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5220.tmp\\TabbedArc.glox",
  988. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5270.tmp\\Element design set.dotx",
  989. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5220.tmp\\Content.inf",
  990. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab54C3.tmp",
  991. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar54C4.tmp",
  992. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328951[[fn=Tabbed Arc]].glox",
  993. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5542.tmp",
  994. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5270.tmp\\Content.inf",
  995. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55DF.tmp\\ThemePictureGrid.glox",
  996. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55DF.tmp\\Content.inf",
  997. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55E0.tmp\\iso690.xsl",
  998. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55F1.tmp\\InterconnectedBlockProcess.glox",
  999. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55E0.tmp\\Content.inf",
  1000. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5611.tmp\\content.inf",
  1001. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55F1.tmp\\Content.inf",
  1002. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab5A3C.tmp",
  1003. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD579A.tmp\\pictureorgchart.glox",
  1004. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5799.tmp\\sist02.xsl",
  1005. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5A0C.tmp\\ThemePictureAccent.glox",
  1006. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5A4D.tmp",
  1007. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD579A.tmp\\Content.inf",
  1008. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5A0C.tmp\\Content.inf",
  1009. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5611.tmp\\Metropolitan.thmx",
  1010. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar5A3D.tmp",
  1011. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5799.tmp\\Content.inf",
  1012. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5AFB.tmp\\content.inf",
  1013. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5AAC.tmp\\chicago.xsl",
  1014. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5AFB.tmp\\Dividend.thmx",
  1015. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5B79.tmp\\Text Sidebar (Annual Report Red and Black design).docx",
  1016. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5B79.tmp\\Content.inf",
  1017. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5AAC.tmp\\Content.inf",
  1018. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328935[[fn=Picture Organization Chart]].glox",
  1019. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5CA3.tmp\\ieee2006officeonline.xsl",
  1020. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Building Blocks\\1033\\TM03998158[[fn=Element]].dotx",
  1021. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5D9E.tmp",
  1022. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328975[[fn=Theme Picture Accent]].glox",
  1023. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5CA3.tmp\\Content.inf",
  1024. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328925[[fn=Interconnected Block Process]].glox",
  1025. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851223[[fn=iso690]].xsl",
  1026. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851227[[fn=sist02]].xsl",
  1027. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328986[[fn=Theme Picture Grid]].glox",
  1028. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457491[[fn=Metropolitan]].thmx",
  1029. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab5F93.tmp",
  1030. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851217[[fn=chicago]].xsl",
  1031. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Building Blocks\\1033\\TM02835233[[fn=Text Sidebar (Annual Report Red and Black design)]].docx",
  1032. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar5F94.tmp",
  1033. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457464[[fn=Dividend]].thmx",
  1034. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851222[[fn=ieee2006officeonline]].xsl",
  1035. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6022.tmp\\PictureFrame.glox",
  1036. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6022.tmp\\Content.inf",
  1037. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6052.tmp\\Headlines.thmx",
  1038. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6052.tmp\\Content.inf",
  1039. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328932[[fn=Picture Frame]].glox",
  1040. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD60D0.tmp\\content.inf",
  1041. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD60D0.tmp\\Frame.thmx",
  1042. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC",
  1043. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM10001103[[fn=Headlines]].thmx",
  1044. "C:\\Users\\user\\AppData\\Local\\Temp\\cab618C.tmp",
  1045. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457475[[fn=Frame]].thmx",
  1046. "C:\\Users\\user\\AppData\\Local\\Temp\\cab61EB.tmp",
  1047. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD620B.tmp\\Crop.thmx",
  1048. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD620B.tmp\\Content.inf",
  1049. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM10001105[[fn=Crop]].thmx",
  1050. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6306.tmp\\Badge.thmx",
  1051. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6306.tmp\\Content.inf",
  1052. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM10001106[[fn=Badge]].thmx",
  1053. "C:\\Users\\user\\AppData\\Local\\Temp\\cab6643.tmp",
  1054. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD66A4.tmp\\gb.xsl",
  1055. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6925.tmp\\CircleProcess.glox",
  1056. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD66A3.tmp\\BracketList.glox",
  1057. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD66A3.tmp\\Content.inf",
  1058. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6925.tmp\\Content.inf",
  1059. "C:\\Users\\user\\AppData\\Local\\Temp\\cab6D7F.tmp",
  1060. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6DA1.tmp\\TabList.glox",
  1061. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6CE2.tmp\\gostname.xsl",
  1062. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6C15.tmp\\ConvergingText.glox",
  1063. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6CE1.tmp\\chevronaccent.glox",
  1064. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6C14.tmp\\architecture.glox",
  1065. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D80.tmp\\VaryingWidthList.glox",
  1066. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D91.tmp\\mlaseventheditionofficeonline.xsl",
  1067. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6C15.tmp\\Content.inf",
  1068. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD66A4.tmp\\Content.inf",
  1069. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6DA1.tmp\\Content.inf",
  1070. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D80.tmp\\Content.inf",
  1071. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6C14.tmp\\Content.inf",
  1072. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6E7D.tmp\\Berlin.thmx",
  1073. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328990[[fn=Varying Width List]].glox",
  1074. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6CE2.tmp\\Content.inf",
  1075. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6CE1.tmp\\Content.inf",
  1076. "C:\\Users\\user\\AppData\\Local\\Temp\\cab714D.tmp",
  1077. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D91.tmp\\Content.inf",
  1078. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD71AB.tmp\\APASixthEditionOfficeOnline.xsl",
  1079. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328884[[fn=architecture]].glox",
  1080. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6E7D.tmp\\content.inf",
  1081. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7239.tmp\\content.inf",
  1082. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7269.tmp\\harvardanglia2008officeonline.xsl",
  1083. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328893[[fn=BracketList]].glox",
  1084. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7239.tmp\\Quotable.thmx",
  1085. "C:\\Users\\user\\AppData\\Local\\Temp\\cab744E.tmp",
  1086. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328972[[fn=Tab List]].glox",
  1087. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851218[[fn=gb]].xsl",
  1088. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7269.tmp\\Content.inf",
  1089. "C:\\Users\\user\\AppData\\Local\\Temp\\cab7549.tmp",
  1090. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328916[[fn=Converging Text]].glox",
  1091. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851225[[fn=mlaseventheditionofficeonline]].xsl",
  1092. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD71AB.tmp\\Content.inf",
  1093. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328908[[fn=Circle Process]].glox",
  1094. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7644.tmp\\HexagonRadial.glox",
  1095. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851219[[fn=gostname]].xsl",
  1096. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033917[[fn=Berlin]].thmx",
  1097. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7644.tmp\\Content.inf",
  1098. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328905[[fn=Chevron Accent]].glox",
  1099. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851216[[fn=apasixtheditionofficeonline]].xsl",
  1100. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851221[[fn=harvardanglia2008officeonline]].xsl",
  1101. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457503[[fn=Quotable]].thmx",
  1102. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328919[[fn=Hexagon Radial]].glox",
  1103. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7868.tmp\\content.inf",
  1104. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7898.tmp\\Circuit.thmx",
  1105. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7899.tmp\\content.inf",
  1106. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7868.tmp\\Wood_Type.thmx",
  1107. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7899.tmp\\Savon.thmx",
  1108. "C:\\Users\\user\\AppData\\Local\\Temp\\cab78E8.tmp",
  1109. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7898.tmp\\content.inf",
  1110. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03090434[[fn=Wood Type]].thmx",
  1111. "C:\\Users\\user\\AppData\\Local\\Temp\\~WRD0002.tmp",
  1112. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457510[[fn=Savon]].thmx",
  1113. "C:\\Users\\user\\AppData\\Local\\Temp\\~WRL0003.tmp",
  1114. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7B2B.tmp\\content.inf",
  1115. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7B2B.tmp\\Droplet.thmx",
  1116. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033919[[fn=Circuit]].thmx",
  1117. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033925[[fn=Droplet]].thmx",
  1118. "C:\\Users\\user\\AppData\\Local\\Temp\\cab832B.tmp",
  1119. "C:\\Users\\user\\AppData\\Local\\Temp\\cab839A.tmp",
  1120. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD83D9.tmp\\Feathered.thmx",
  1121. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD83D9.tmp\\Content.inf",
  1122. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM10001104[[fn=Feathered]].thmx",
  1123. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8486.tmp\\content.inf",
  1124. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8486.tmp\\Main_Event.thmx",
  1125. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033927[[fn=Main Event]].thmx",
  1126. "C:\\Users\\user\\AppData\\Local\\Temp\\cab8AB1.tmp",
  1127. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8B9C.tmp\\Insight design set.dotx",
  1128. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8B9C.tmp\\Content.inf",
  1129. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Building Blocks\\1033\\TM03998159[[fn=Insight]].dotx"
  1130. ]
  1131.  
  1132. [*] Deleted Files: [
  1133. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab1180.tmp",
  1134. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar1181.tmp",
  1135. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Schemas\\MS Word_restart.xml",
  1136. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\",
  1137. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\AutoRecovery save of Docs_e5eedd3ea0def63d52e914333dca815e.asd",
  1138. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\~WRD0000.tmp",
  1139. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\~WRL0001.tmp",
  1140. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM04033937[[fn=Vapor Trail]].eftx",
  1141. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM04033937[[fn=Vapor Trail]].xml",
  1142. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM04033937[[fn=Vapor Trail]].xml",
  1143. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM04033929[[fn=Slate]].eftx",
  1144. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM04033929[[fn=Slate]].xml",
  1145. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM04033929[[fn=Slate]].xml",
  1146. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab4A4E.tmp",
  1147. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar4A4F.tmp",
  1148. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM04033921[[fn=Damask]].eftx",
  1149. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM03457515[[fn=View]].eftx",
  1150. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM03457496[[fn=Parallax]].eftx",
  1151. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM03457485[[fn=Mesh]].eftx",
  1152. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM03457496[[fn=Parallax]].xml",
  1153. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM03457515[[fn=View]].xml",
  1154. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM04033921[[fn=Damask]].xml",
  1155. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM03457485[[fn=Mesh]].xml",
  1156. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5220.tmp",
  1157. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM04033921[[fn=Damask]].xml",
  1158. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM03457515[[fn=View]].xml",
  1159. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM03457485[[fn=Mesh]].xml",
  1160. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5270.tmp",
  1161. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM03457496[[fn=Parallax]].xml",
  1162. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5220.tmp\\TabbedArc.glox",
  1163. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab54C3.tmp",
  1164. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar54C4.tmp",
  1165. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DAB.tmp",
  1166. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55DF.tmp",
  1167. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55E0.tmp",
  1168. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55F1.tmp",
  1169. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5611.tmp",
  1170. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM03457444[[fn=Basis]].eftx",
  1171. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM03457444[[fn=Basis]].xml",
  1172. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD579A.tmp",
  1173. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5799.tmp",
  1174. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5A0C.tmp",
  1175. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM03457444[[fn=Basis]].xml",
  1176. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5AFB.tmp",
  1177. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5AAC.tmp",
  1178. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab5A3C.tmp",
  1179. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar5A3D.tmp",
  1180. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5B79.tmp",
  1181. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5CA3.tmp",
  1182. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD579A.tmp\\pictureorgchart.glox",
  1183. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4076.tmp",
  1184. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5270.tmp\\Element design set.dotx",
  1185. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5231.tmp",
  1186. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM03090430[[fn=Banded]].eftx",
  1187. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM03090430[[fn=Banded]].xml",
  1188. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5A0C.tmp\\ThemePictureAccent.glox",
  1189. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM03090430[[fn=Banded]].xml",
  1190. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C1F.tmp",
  1191. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55F1.tmp\\InterconnectedBlockProcess.glox",
  1192. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3F75.tmp",
  1193. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55E0.tmp\\iso690.xsl",
  1194. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C60.tmp",
  1195. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5799.tmp\\sist02.xsl",
  1196. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55DF.tmp\\ThemePictureGrid.glox",
  1197. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4032.tmp",
  1198. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C81.tmp",
  1199. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5611.tmp\\Metropolitan.thmx",
  1200. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4627.tmp",
  1201. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5AAC.tmp\\chicago.xsl",
  1202. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5B79.tmp\\Text Sidebar (Annual Report Red and Black design).docx",
  1203. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3A66.tmp",
  1204. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3AC6.tmp",
  1205. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5AFB.tmp\\Dividend.thmx",
  1206. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5CA3.tmp\\ieee2006officeonline.xsl",
  1207. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5542.tmp",
  1208. "C:\\Users\\user\\AppData\\Local\\Temp\\Cab5F93.tmp",
  1209. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6022.tmp",
  1210. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DBE.tmp",
  1211. "C:\\Users\\user\\AppData\\Local\\Temp\\Tar5F94.tmp",
  1212. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6052.tmp",
  1213. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD60D0.tmp",
  1214. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6022.tmp\\PictureFrame.glox",
  1215. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4044.tmp",
  1216. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6052.tmp\\Headlines.thmx",
  1217. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5D9E.tmp",
  1218. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD60D0.tmp\\Frame.thmx",
  1219. "C:\\Users\\user\\AppData\\Local\\Temp\\cab5A4D.tmp",
  1220. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD620B.tmp",
  1221. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD620B.tmp\\Crop.thmx",
  1222. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6306.tmp",
  1223. "C:\\Users\\user\\AppData\\Local\\Temp\\cab618C.tmp",
  1224. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6306.tmp\\Badge.thmx",
  1225. "C:\\Users\\user\\AppData\\Local\\Temp\\cab61EB.tmp",
  1226. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD66A4.tmp",
  1227. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD66A3.tmp",
  1228. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6925.tmp",
  1229. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6C15.tmp",
  1230. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6CE1.tmp",
  1231. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6CE2.tmp",
  1232. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6C14.tmp",
  1233. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D80.tmp",
  1234. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D91.tmp",
  1235. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6DA1.tmp",
  1236. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6E7D.tmp",
  1237. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D80.tmp\\VaryingWidthList.glox",
  1238. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4054.tmp",
  1239. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD71AB.tmp",
  1240. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7239.tmp",
  1241. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6C14.tmp\\architecture.glox",
  1242. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4043.tmp",
  1243. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD66A3.tmp\\BracketList.glox",
  1244. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4096.tmp",
  1245. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6DA1.tmp\\TabList.glox",
  1246. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4191.tmp",
  1247. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD66A4.tmp\\gb.xsl",
  1248. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C30.tmp",
  1249. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6C15.tmp\\ConvergingText.glox",
  1250. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D91.tmp\\mlaseventheditionofficeonline.xsl",
  1251. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DAA.tmp",
  1252. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DBC.tmp",
  1253. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6925.tmp\\CircleProcess.glox",
  1254. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C20.tmp",
  1255. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7644.tmp",
  1256. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6CE2.tmp\\gostname.xsl",
  1257. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4065.tmp",
  1258. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6E7D.tmp\\Berlin.thmx",
  1259. "C:\\Users\\user\\AppData\\Local\\Temp\\cab6D7F.tmp",
  1260. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6CE1.tmp\\chevronaccent.glox",
  1261. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DBD.tmp",
  1262. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD71AB.tmp\\APASixthEditionOfficeOnline.xsl",
  1263. "C:\\Users\\user\\AppData\\Local\\Temp\\cab3A77.tmp",
  1264. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7269.tmp\\harvardanglia2008officeonline.xsl",
  1265. "C:\\Users\\user\\AppData\\Local\\Temp\\cab4021.tmp",
  1266. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7239.tmp\\Quotable.thmx",
  1267. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7644.tmp\\HexagonRadial.glox",
  1268. "C:\\Users\\user\\AppData\\Local\\Temp\\cab6643.tmp",
  1269. "C:\\Users\\user\\AppData\\Local\\Temp\\cab45F7.tmp",
  1270. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7868.tmp",
  1271. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7899.tmp",
  1272. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7898.tmp",
  1273. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7868.tmp\\Wood_Type.thmx",
  1274. "C:\\Users\\user\\AppData\\Local\\Temp\\cab714D.tmp",
  1275. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7899.tmp\\Savon.thmx",
  1276. "C:\\Users\\user\\AppData\\Local\\Temp\\cab7549.tmp",
  1277. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7B2B.tmp",
  1278. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7898.tmp\\Circuit.thmx",
  1279. "C:\\Users\\user\\AppData\\Local\\Temp\\cab744E.tmp",
  1280. "C:\\Users\\user\\AppData\\Local\\Temp\\~WRL0003.tmp",
  1281. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS{B70E099B-142A-4FF5-8065-BBE6C3CCEF31}.tmp",
  1282. "C:\\Users\\user\\AppData\\Local\\Temp\\~$cs_e5eedd3ea0def63d52e914333dca815e.doc",
  1283. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7B2B.tmp\\Droplet.thmx",
  1284. "C:\\Users\\user\\AppData\\Local\\Temp\\cab78E8.tmp",
  1285. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD83D9.tmp",
  1286. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8486.tmp",
  1287. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD83D9.tmp\\Feathered.thmx",
  1288. "C:\\Users\\user\\AppData\\Local\\Temp\\cab832B.tmp",
  1289. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8486.tmp\\Main_Event.thmx",
  1290. "C:\\Users\\user\\AppData\\Local\\Temp\\cab839A.tmp",
  1291. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8B9C.tmp",
  1292. "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8B9C.tmp\\Insight design set.dotx",
  1293. "C:\\Users\\user\\AppData\\Local\\Temp\\cab8AB1.tmp"
  1294. ]
  1295.  
  1296. [*] Modified Registry Keys: [
  1297. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\&>'",
  1298. "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2E\\52C64B7E\\LanguageList",
  1299. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache",
  1300. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\RemoteClearDate",
  1301. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1",
  1302. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\Last",
  1303. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0",
  1304. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\FilePath",
  1305. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\StartDate",
  1306. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\EndDate",
  1307. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\Properties",
  1308. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\Url",
  1309. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\LastClean",
  1310. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Security\\Trusted Documents\\LastPurgeTime",
  1311. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingConfigurableSettings",
  1312. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastSyncTime",
  1313. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastWriteTime",
  1314. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle",
  1315. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle\\ReviewToken",
  1316. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
  1317. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
  1318. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery",
  1319. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\120502D",
  1320. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\120502D\\120502D",
  1321. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\OUTLOOKFiles",
  1322. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
  1323. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate",
  1324. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\General\\LastAutoSavePurgeTime",
  1325. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\ProductFiles",
  1326. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\120502D\\12F7988",
  1327. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03090434",
  1328. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457503",
  1329. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033917",
  1330. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457510",
  1331. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001105",
  1332. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033919",
  1333. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457464",
  1334. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457475",
  1335. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033925",
  1336. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033927",
  1337. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457485",
  1338. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033937",
  1339. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001106",
  1340. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033921",
  1341. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457444",
  1342. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03090430",
  1343. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457515",
  1344. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457496",
  1345. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033929",
  1346. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457491",
  1347. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001103",
  1348. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001104",
  1349. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328998",
  1350. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328990",
  1351. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328986",
  1352. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328983",
  1353. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328975",
  1354. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328972",
  1355. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328951",
  1356. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328940",
  1357. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328935",
  1358. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328932",
  1359. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328925",
  1360. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328919",
  1361. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328908",
  1362. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328884",
  1363. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328916",
  1364. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM02835233",
  1365. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM01840907",
  1366. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851223",
  1367. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851226",
  1368. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851225",
  1369. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851227",
  1370. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851220",
  1371. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851219",
  1372. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851216",
  1373. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851222",
  1374. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851218",
  1375. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851221",
  1376. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851217",
  1377. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851224",
  1378. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM03998159",
  1379. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM03998158",
  1380. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328893",
  1381. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328905",
  1382. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Licensing\\09D07EFC505F4D9CBFD5ACE3217F6654",
  1383. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109F100A0C00000000000F01FEC\\Usage\\SpellingAndGrammarFiles_3082",
  1384. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109F100C0400000000000F01FEC\\Usage\\SpellingAndGrammarFiles_1036",
  1385. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109F10090400000000000F01FEC\\Usage\\SpellingAndGrammarFiles_1033",
  1386. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Arial Unicode MS",
  1387. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Batang",
  1388. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@BatangChe",
  1389. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@DFKai-SB",
  1390. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Dotum",
  1391. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@DotumChe",
  1392. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@FangSong",
  1393. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Gulim",
  1394. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@GulimChe",
  1395. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Gungsuh",
  1396. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@GungsuhChe",
  1397. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@KaiTi",
  1398. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Malgun Gothic",
  1399. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Meiryo",
  1400. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Meiryo UI",
  1401. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft JhengHei",
  1402. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft JhengHei UI",
  1403. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft YaHei",
  1404. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft YaHei UI",
  1405. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU",
  1406. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU_HKSCS",
  1407. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU_HKSCS-ExtB",
  1408. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU-ExtB",
  1409. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS Gothic",
  1410. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS Mincho",
  1411. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS PGothic",
  1412. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS PMincho",
  1413. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS UI Gothic",
  1414. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@NSimSun",
  1415. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@PMingLiU",
  1416. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@PMingLiU-ExtB",
  1417. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@SimHei",
  1418. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@SimSun",
  1419. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@SimSun-ExtB",
  1420. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Agency FB",
  1421. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Aharoni",
  1422. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Algerian",
  1423. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Andalus",
  1424. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Angsana New",
  1425. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\AngsanaUPC",
  1426. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Aparajita",
  1427. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arabic Typesetting",
  1428. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial",
  1429. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Black",
  1430. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Narrow",
  1431. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Rounded MT Bold",
  1432. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Unicode MS",
  1433. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Baskerville Old Face",
  1434. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Batang",
  1435. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\BatangChe",
  1436. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bauhaus 93",
  1437. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bell MT",
  1438. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Berlin Sans FB",
  1439. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Berlin Sans FB Demi",
  1440. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bernard MT Condensed",
  1441. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Blackadder ITC",
  1442. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT",
  1443. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT Black",
  1444. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT Condensed",
  1445. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT Poster Compressed",
  1446. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Book Antiqua",
  1447. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bookman Old Style",
  1448. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bookshelf Symbol 7",
  1449. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bradley Hand ITC",
  1450. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Britannic Bold",
  1451. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Broadway",
  1452. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Browallia New",
  1453. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\BrowalliaUPC",
  1454. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Brush Script MT",
  1455. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Calibri",
  1456. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Calibri Light",
  1457. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Californian FB",
  1458. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Calisto MT",
  1459. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cambria",
  1460. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cambria Math",
  1461. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Candara",
  1462. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Castellar",
  1463. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Centaur",
  1464. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Century",
  1465. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Century Gothic",
  1466. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Century Schoolbook",
  1467. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Chiller",
  1468. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Colonna MT",
  1469. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Comic Sans MS",
  1470. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Consolas",
  1471. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Constantia",
  1472. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cooper Black",
  1473. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Copperplate Gothic Bold",
  1474. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Copperplate Gothic Light",
  1475. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Corbel",
  1476. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cordia New",
  1477. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\CordiaUPC",
  1478. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Courier New",
  1479. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Curlz MT",
  1480. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DaunPenh",
  1481. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\David",
  1482. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DFKai-SB",
  1483. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DilleniaUPC",
  1484. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DokChampa",
  1485. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Dotum",
  1486. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DotumChe",
  1487. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Ebrima",
  1488. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Edwardian Script ITC",
  1489. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Elephant",
  1490. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Engravers MT",
  1491. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Bold ITC",
  1492. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Demi ITC",
  1493. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Light ITC",
  1494. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Medium ITC",
  1495. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Estrangelo Edessa",
  1496. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\EucrosiaUPC",
  1497. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Euphemia",
  1498. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\FangSong",
  1499. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Felix Titling",
  1500. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Footlight MT Light",
  1501. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Forte",
  1502. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Book",
  1503. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Demi",
  1504. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Demi Cond",
  1505. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Heavy",
  1506. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Medium",
  1507. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Medium Cond",
  1508. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\FrankRuehl",
  1509. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\FreesiaUPC",
  1510. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Freestyle Script",
  1511. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\French Script MT",
  1512. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gabriola",
  1513. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gadugi",
  1514. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Garamond",
  1515. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gautami",
  1516. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Georgia",
  1517. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gigi",
  1518. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans MT",
  1519. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans MT Condensed",
  1520. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans MT Ext Condensed Bold",
  1521. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans Ultra Bold",
  1522. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans Ultra Bold Condensed",
  1523. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gisha",
  1524. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gloucester MT Extra Condensed",
  1525. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Goudy Old Style",
  1526. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Goudy Stout",
  1527. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gulim",
  1528. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\GulimChe",
  1529. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gungsuh",
  1530. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\GungsuhChe",
  1531. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Haettenschweiler",
  1532. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Harlow Solid Italic",
  1533. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Harrington",
  1534. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\High Tower Text",
  1535. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Impact",
  1536. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Imprint MT Shadow",
  1537. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Informal Roman",
  1538. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\IrisUPC",
  1539. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Iskoola Pota",
  1540. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\JasmineUPC",
  1541. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Jokerman",
  1542. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Juice ITC",
  1543. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\KaiTi",
  1544. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kalinga",
  1545. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kartika",
  1546. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Khmer UI",
  1547. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\KodchiangUPC",
  1548. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kokila",
  1549. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kristen ITC",
  1550. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kunstler Script",
  1551. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lao UI",
  1552. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Latha",
  1553. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Leelawadee",
  1554. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Levenim MT",
  1555. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\LilyUPC",
  1556. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Bright",
  1557. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Calligraphy",
  1558. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Console",
  1559. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Fax",
  1560. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Handwriting",
  1561. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Sans",
  1562. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Sans Typewriter",
  1563. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Sans Unicode",
  1564. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Magneto",
  1565. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Maiandra GD",
  1566. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Malgun Gothic",
  1567. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Mangal",
  1568. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Marlett",
  1569. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Matura MT Script Capitals",
  1570. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Meiryo",
  1571. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Meiryo UI",
  1572. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Himalaya",
  1573. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft JhengHei",
  1574. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft JhengHei UI",
  1575. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft New Tai Lue",
  1576. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft PhagsPa",
  1577. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Sans Serif",
  1578. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Tai Le",
  1579. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Uighur",
  1580. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft YaHei",
  1581. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft YaHei UI",
  1582. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Yi Baiti",
  1583. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU",
  1584. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU_HKSCS",
  1585. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU_HKSCS-ExtB",
  1586. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU-ExtB",
  1587. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Miriam",
  1588. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Miriam Fixed",
  1589. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Mistral",
  1590. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Modern No. 20",
  1591. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Mongolian Baiti",
  1592. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Monotype Corsiva",
  1593. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MoolBoran",
  1594. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Gothic",
  1595. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Mincho",
  1596. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Outlook",
  1597. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS PGothic",
  1598. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS PMincho",
  1599. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Reference Sans Serif",
  1600. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Toolbars\\Settings\\Microsoft Word",
  1601. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Reference Specialty",
  1602. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS UI Gothic",
  1603. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MT Extra",
  1604. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MV Boli",
  1605. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Narkisim",
  1606. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Niagara Engraved",
  1607. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Niagara Solid",
  1608. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Nirmala UI",
  1609. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\NSimSun",
  1610. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Nyala",
  1611. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\OCR A Extended",
  1612. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Old English Text MT",
  1613. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Onyx",
  1614. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Palace Script MT",
  1615. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Palatino Linotype",
  1616. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Papyrus",
  1617. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Parchment",
  1618. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Perpetua",
  1619. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Perpetua Titling MT",
  1620. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Plantagenet Cherokee",
  1621. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Playbill",
  1622. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\PMingLiU",
  1623. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\PMingLiU-ExtB",
  1624. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Poor Richard",
  1625. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Pristina",
  1626. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Raavi",
  1627. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rage Italic",
  1628. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Ravie",
  1629. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rockwell",
  1630. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rockwell Condensed",
  1631. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rockwell Extra Bold",
  1632. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rod",
  1633. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Sakkal Majalla",
  1634. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Script MT Bold",
  1635. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe Print",
  1636. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe Script",
  1637. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI",
  1638. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Light",
  1639. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Semibold",
  1640. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Semilight",
  1641. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Symbol",
  1642. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Shonar Bangla",
  1643. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Showcard Gothic",
  1644. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Shruti",
  1645. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\SimHei",
  1646. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Simplified Arabic",
  1647. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Simplified Arabic Fixed",
  1648. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\SimSun",
  1649. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\SimSun-ExtB",
  1650. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Snap ITC",
  1651. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Stencil",
  1652. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Sylfaen",
  1653. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Symbol",
  1654. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tahoma",
  1655. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tempus Sans ITC",
  1656. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Times New Roman",
  1657. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Traditional Arabic",
  1658. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Trebuchet MS",
  1659. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tunga",
  1660. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tw Cen MT",
  1661. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tw Cen MT Condensed",
  1662. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tw Cen MT Condensed Extra Bold",
  1663. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Utsaah",
  1664. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vani",
  1665. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Verdana",
  1666. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vijaya",
  1667. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Viner Hand ITC",
  1668. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vivaldi",
  1669. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vladimir Script",
  1670. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vrinda",
  1671. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Webdings",
  1672. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wide Latin",
  1673. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wingdings",
  1674. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wingdings 2",
  1675. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wingdings 3",
  1676. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109E60090400000000000F01FEC\\Usage\\ProductNonBootFilesIntl_1033",
  1677. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\NextUpdate",
  1678. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\LastUpdate",
  1679. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\NextUpdate",
  1680. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\LastUpdate",
  1681. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations",
  1682. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0",
  1683. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0\\File Path",
  1684. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0\\Datetime",
  1685. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0\\Position",
  1686. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Common\\Cloud Storage",
  1687. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ForceCacheRefresh",
  1688. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OnceSucceeded",
  1689. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT",
  1690. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Capabilities",
  1691. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ConnectMechanism",
  1692. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsManaged",
  1693. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsRemovable",
  1694. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceOwner",
  1695. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SortOrder",
  1696. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SupportsMultiple",
  1697. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\CapabilitiesMetadata",
  1698. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Description",
  1699. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Name",
  1700. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceId",
  1701. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceUrl",
  1702. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata",
  1703. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\KeyTip",
  1704. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\Type",
  1705. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails",
  1706. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url16x16",
  1707. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url32x32",
  1708. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url48x48",
  1709. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP",
  1710. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Capabilities",
  1711. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ConnectMechanism",
  1712. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsManaged",
  1713. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsRemovable",
  1714. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceOwner",
  1715. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SortOrder",
  1716. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SupportsMultiple",
  1717. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\CapabilitiesMetadata",
  1718. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Description",
  1719. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Name",
  1720. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceId",
  1721. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceUrl",
  1722. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata",
  1723. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\KeyTip",
  1724. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\Type",
  1725. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails",
  1726. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
  1727. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
  1728. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
  1729. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT",
  1730. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Capabilities",
  1731. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ConnectMechanism",
  1732. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsManaged",
  1733. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsRemovable",
  1734. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceOwner",
  1735. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SortOrder",
  1736. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SupportsMultiple",
  1737. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\CapabilitiesMetadata",
  1738. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Description",
  1739. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Name",
  1740. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceId",
  1741. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceUrl",
  1742. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata",
  1743. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\KeyTip",
  1744. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\Type",
  1745. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails",
  1746. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url16x16",
  1747. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url32x32",
  1748. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url48x48",
  1749. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP",
  1750. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Capabilities",
  1751. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ConnectMechanism",
  1752. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsManaged",
  1753. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsRemovable",
  1754. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceOwner",
  1755. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SortOrder",
  1756. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SupportsMultiple",
  1757. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\CapabilitiesMetadata",
  1758. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Description",
  1759. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Name",
  1760. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceId",
  1761. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceUrl",
  1762. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata",
  1763. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\KeyTip",
  1764. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\Type",
  1765. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails",
  1766. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
  1767. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
  1768. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
  1769. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED",
  1770. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Capabilities",
  1771. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ConnectMechanism",
  1772. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsManaged",
  1773. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsRemovable",
  1774. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceOwner",
  1775. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SortOrder",
  1776. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SupportsMultiple",
  1777. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\CapabilitiesMetadata",
  1778. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Description",
  1779. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Name",
  1780. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceId",
  1781. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceUrl",
  1782. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata",
  1783. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\KeyTip",
  1784. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\Type",
  1785. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT",
  1786. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Capabilities",
  1787. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ConnectMechanism",
  1788. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsManaged",
  1789. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsRemovable",
  1790. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceOwner",
  1791. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SortOrder",
  1792. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SupportsMultiple",
  1793. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\CapabilitiesMetadata",
  1794. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Description",
  1795. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Name",
  1796. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceId",
  1797. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceUrl",
  1798. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata",
  1799. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\DefaultFolderRelativePath",
  1800. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\KeyTip",
  1801. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\Type",
  1802. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails",
  1803. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url16x16",
  1804. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url32x32",
  1805. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url48x48",
  1806. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP",
  1807. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Capabilities",
  1808. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ConnectMechanism",
  1809. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsManaged",
  1810. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsRemovable",
  1811. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceOwner",
  1812. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SortOrder",
  1813. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SupportsMultiple",
  1814. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\CapabilitiesMetadata",
  1815. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Description",
  1816. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Name",
  1817. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceId",
  1818. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceUrl",
  1819. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata",
  1820. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\KeyTip",
  1821. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\Type",
  1822. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails",
  1823. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
  1824. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
  1825. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
  1826. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER",
  1827. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Capabilities",
  1828. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ConnectMechanism",
  1829. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsManaged",
  1830. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsRemovable",
  1831. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceOwner",
  1832. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SortOrder",
  1833. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SupportsMultiple",
  1834. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\CapabilitiesMetadata",
  1835. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Description",
  1836. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Name",
  1837. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceId",
  1838. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceUrl",
  1839. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata",
  1840. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\HideIfEmpty",
  1841. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\KeyTip",
  1842. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\Type",
  1843. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails",
  1844. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url16x16",
  1845. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url32x32",
  1846. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url48x48",
  1847. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE",
  1848. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Capabilities",
  1849. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ConnectMechanism",
  1850. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsManaged",
  1851. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsRemovable",
  1852. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceOwner",
  1853. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SortOrder",
  1854. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SupportsMultiple",
  1855. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\CapabilitiesMetadata",
  1856. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Description",
  1857. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Name",
  1858. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceId",
  1859. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceUrl",
  1860. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata",
  1861. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
  1862. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
  1863. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\KeyTip",
  1864. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\RegularExpression",
  1865. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\Type",
  1866. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails",
  1867. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url16x16",
  1868. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url32x32",
  1869. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url48x48",
  1870. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT",
  1871. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Capabilities",
  1872. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ConnectMechanism",
  1873. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsManaged",
  1874. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsRemovable",
  1875. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceOwner",
  1876. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SortOrder",
  1877. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SupportsMultiple",
  1878. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Description",
  1879. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Name",
  1880. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceId",
  1881. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceUrl",
  1882. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails",
  1883. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url16x16",
  1884. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url32x32",
  1885. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url48x48",
  1886. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE",
  1887. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Capabilities",
  1888. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ConnectMechanism",
  1889. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsManaged",
  1890. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsRemovable",
  1891. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceOwner",
  1892. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SortOrder",
  1893. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SupportsMultiple",
  1894. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Description",
  1895. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Name",
  1896. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceId",
  1897. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceUrl",
  1898. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails",
  1899. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url16x16",
  1900. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url32x32",
  1901. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url48x48",
  1902. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE",
  1903. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Capabilities",
  1904. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ConnectMechanism",
  1905. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsManaged",
  1906. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsRemovable",
  1907. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceOwner",
  1908. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SortOrder",
  1909. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SupportsMultiple",
  1910. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\CapabilitiesMetadata",
  1911. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Description",
  1912. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Name",
  1913. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceId",
  1914. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceUrl",
  1915. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata",
  1916. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
  1917. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
  1918. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\KeyTip",
  1919. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\RegularExpression",
  1920. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\Type",
  1921. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails",
  1922. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url16x16",
  1923. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url32x32",
  1924. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url48x48",
  1925. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\NextUpdate",
  1926. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\LastUpdate",
  1927. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\NextUpdate",
  1928. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\LastUpdate",
  1929. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\MTTF",
  1930. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\MTTA",
  1931. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Feedback\\AppUsageData_1",
  1932. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\MTTT"
  1933. ]
  1934.  
  1935. [*] Deleted Registry Keys: [
  1936. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\&>'",
  1937. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\~\"&",
  1938. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851220",
  1939. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851226",
  1940. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328940",
  1941. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851224",
  1942. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328998",
  1943. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM01840907",
  1944. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328983",
  1945. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033937",
  1946. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033929",
  1947. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033921",
  1948. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457515",
  1949. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457485",
  1950. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457496",
  1951. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457444",
  1952. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03090430",
  1953. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\120502D\\12F7988",
  1954. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\120502D\\120502D",
  1955. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
  1956. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
  1957. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
  1958. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate",
  1959. "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\MTTT"
  1960. ]
  1961.  
  1962. [*] DNS Communications: [
  1963. {
  1964. "type": "A",
  1965. "request": "blogmason.mixh.jp",
  1966. "answers": [
  1967. {
  1968. "data": "150.95.52.111",
  1969. "type": "A"
  1970. }
  1971. ]
  1972. }
  1973. ]
  1974.  
  1975. [*] Domains: [
  1976. {
  1977. "ip": "150.95.52.111",
  1978. "domain": "blogmason.mixh.jp"
  1979. }
  1980. ]
  1981.  
  1982. [*] Network Communication - ICMP: []
  1983.  
  1984. [*] Network Communication - HTTP: [
  1985. {
  1986. "count": 1,
  1987. "body": "",
  1988. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
  1989. "user-agent": "Microsoft-CryptoAPI/6.1",
  1990. "method": "GET",
  1991. "host": "ocsp.digicert.com",
  1992. "version": "1.1",
  1993. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
  1994. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  1995. "port": 80
  1996. },
  1997. {
  1998. "count": 1,
  1999. "body": "",
  2000. "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
  2001. "user-agent": "Microsoft-CryptoAPI/6.1",
  2002. "method": "GET",
  2003. "host": "ocsp.usertrust.com",
  2004. "version": "1.1",
  2005. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
  2006. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
  2007. "port": 80
  2008. },
  2009. {
  2010. "count": 1,
  2011. "body": "",
  2012. "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
  2013. "user-agent": "Microsoft-CryptoAPI/6.1",
  2014. "method": "GET",
  2015. "host": "ocsp.msocsp.com",
  2016. "version": "1.1",
  2017. "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
  2018. "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
  2019. "port": 80
  2020. },
  2021. {
  2022. "count": 1,
  2023. "body": "",
  2024. "uri": "http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY",
  2025. "user-agent": "Microsoft-CryptoAPI/6.1",
  2026. "method": "GET",
  2027. "host": "ocsp.comodoca.com",
  2028. "version": "1.1",
  2029. "path": "/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY",
  2030. "data": "GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
  2031. "port": 80
  2032. },
  2033. {
  2034. "count": 25,
  2035. "body": "",
  2036. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
  2037. "user-agent": "Microsoft-CryptoAPI/6.1",
  2038. "method": "GET",
  2039. "host": "crl.microsoft.com",
  2040. "version": "1.1",
  2041. "path": "/pki/crl/products/microsoftrootcert.crl",
  2042. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  2043. "port": 80
  2044. },
  2045. {
  2046. "count": 1,
  2047. "body": "",
  2048. "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
  2049. "user-agent": "Microsoft-CryptoAPI/6.1",
  2050. "method": "GET",
  2051. "host": "crl.microsoft.com",
  2052. "version": "1.1",
  2053. "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
  2054. "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  2055. "port": 80
  2056. },
  2057. {
  2058. "count": 3,
  2059. "body": "",
  2060. "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
  2061. "user-agent": "Microsoft-CryptoAPI/6.1",
  2062. "method": "GET",
  2063. "host": "crl.microsoft.com",
  2064. "version": "1.1",
  2065. "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
  2066. "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
  2067. "port": 80
  2068. },
  2069. {
  2070. "count": 1,
  2071. "body": "",
  2072. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
  2073. "user-agent": "Microsoft-CryptoAPI/6.1",
  2074. "method": "GET",
  2075. "host": "ocsp.pki.goog",
  2076. "version": "1.1",
  2077. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
  2078. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  2079. "port": 80
  2080. },
  2081. {
  2082. "count": 1,
  2083. "body": "",
  2084. "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
  2085. "user-agent": "Microsoft-CryptoAPI/6.1",
  2086. "method": "GET",
  2087. "host": "ocsp.comodoca.com",
  2088. "version": "1.1",
  2089. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
  2090. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
  2091. "port": 80
  2092. },
  2093. {
  2094. "count": 1,
  2095. "body": "",
  2096. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
  2097. "user-agent": "Microsoft-CryptoAPI/6.1",
  2098. "method": "GET",
  2099. "host": "ocsp.pki.goog",
  2100. "version": "1.1",
  2101. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
  2102. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  2103. "port": 80
  2104. },
  2105. {
  2106. "count": 1,
  2107. "body": "",
  2108. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  2109. "user-agent": "Microsoft-CryptoAPI/6.1",
  2110. "method": "GET",
  2111. "host": "ocsp.digicert.com",
  2112. "version": "1.1",
  2113. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  2114. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  2115. "port": 80
  2116. },
  2117. {
  2118. "count": 1,
  2119. "body": "",
  2120. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
  2121. "user-agent": "Microsoft-CryptoAPI/6.1",
  2122. "method": "GET",
  2123. "host": "ocsp.digicert.com",
  2124. "version": "1.1",
  2125. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
  2126. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  2127. "port": 80
  2128. },
  2129. {
  2130. "count": 1,
  2131. "body": "",
  2132. "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
  2133. "user-agent": "Microsoft-CryptoAPI/6.1",
  2134. "method": "GET",
  2135. "host": "www.download.windowsupdate.com",
  2136. "version": "1.1",
  2137. "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
  2138. "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
  2139. "port": 80
  2140. },
  2141. {
  2142. "count": 1,
  2143. "body": "",
  2144. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
  2145. "user-agent": "Microsoft-CryptoAPI/6.1",
  2146. "method": "GET",
  2147. "host": "ocsp.digicert.com",
  2148. "version": "1.1",
  2149. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
  2150. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  2151. "port": 80
  2152. },
  2153. {
  2154. "count": 1,
  2155. "body": "",
  2156. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
  2157. "user-agent": "Microsoft-CryptoAPI/6.1",
  2158. "method": "GET",
  2159. "host": "ocsp.digicert.com",
  2160. "version": "1.1",
  2161. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
  2162. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  2163. "port": 80
  2164. },
  2165. {
  2166. "count": 1,
  2167. "body": "",
  2168. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
  2169. "user-agent": "Microsoft-CryptoAPI/6.1",
  2170. "method": "GET",
  2171. "host": "ocsp.digicert.com",
  2172. "version": "1.1",
  2173. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
  2174. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  2175. "port": 80
  2176. },
  2177. {
  2178. "count": 1,
  2179. "body": "",
  2180. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
  2181. "user-agent": "Microsoft-CryptoAPI/6.1",
  2182. "method": "GET",
  2183. "host": "ocsp.pki.goog",
  2184. "version": "1.1",
  2185. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
  2186. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  2187. "port": 80
  2188. },
  2189. {
  2190. "count": 1,
  2191. "body": "",
  2192. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
  2193. "user-agent": "Microsoft-CryptoAPI/6.1",
  2194. "method": "GET",
  2195. "host": "ocsp.pki.goog",
  2196. "version": "1.1",
  2197. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
  2198. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  2199. "port": 80
  2200. },
  2201. {
  2202. "count": 1,
  2203. "body": "",
  2204. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
  2205. "user-agent": "Microsoft-CryptoAPI/6.1",
  2206. "method": "GET",
  2207. "host": "ocsp.digicert.com",
  2208. "version": "1.1",
  2209. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
  2210. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  2211. "port": 80
  2212. },
  2213. {
  2214. "count": 1,
  2215. "body": "",
  2216. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  2217. "user-agent": "Microsoft-CryptoAPI/6.1",
  2218. "method": "GET",
  2219. "host": "ocsp.digicert.com",
  2220. "version": "1.1",
  2221. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  2222. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  2223. "port": 80
  2224. },
  2225. {
  2226. "count": 1,
  2227. "body": "",
  2228. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
  2229. "user-agent": "Microsoft-CryptoAPI/6.1",
  2230. "method": "GET",
  2231. "host": "ocsp.pki.goog",
  2232. "version": "1.1",
  2233. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
  2234. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  2235. "port": 80
  2236. },
  2237. {
  2238. "count": 1,
  2239. "body": "",
  2240. "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
  2241. "user-agent": "Microsoft-CryptoAPI/6.1",
  2242. "method": "GET",
  2243. "host": "ocsp.thawte.com",
  2244. "version": "1.1",
  2245. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
  2246. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
  2247. "port": 80
  2248. },
  2249. {
  2250. "count": 1,
  2251. "body": "",
  2252. "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
  2253. "user-agent": "Microsoft-CryptoAPI/6.1",
  2254. "method": "GET",
  2255. "host": "th.symcd.com",
  2256. "version": "1.1",
  2257. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
  2258. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
  2259. "port": 80
  2260. },
  2261. {
  2262. "count": 1,
  2263. "body": "",
  2264. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  2265. "user-agent": "Microsoft-CryptoAPI/6.1",
  2266. "method": "GET",
  2267. "host": "ocsp.digicert.com",
  2268. "version": "1.1",
  2269. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  2270. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  2271. "port": 80
  2272. },
  2273. {
  2274. "count": 1,
  2275. "body": "",
  2276. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
  2277. "user-agent": "Microsoft-CryptoAPI/6.1",
  2278. "method": "GET",
  2279. "host": "ocsp.digicert.com",
  2280. "version": "1.1",
  2281. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
  2282. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  2283. "port": 80
  2284. },
  2285. {
  2286. "count": 1,
  2287. "body": "",
  2288. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
  2289. "user-agent": "Microsoft-CryptoAPI/6.1",
  2290. "method": "GET",
  2291. "host": "ocsp.digicert.com",
  2292. "version": "1.1",
  2293. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
  2294. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  2295. "port": 80
  2296. },
  2297. {
  2298. "count": 1,
  2299. "body": "",
  2300. "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
  2301. "user-agent": "Microsoft-CryptoAPI/6.1",
  2302. "method": "GET",
  2303. "host": "ocsp.pki.goog",
  2304. "version": "1.1",
  2305. "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
  2306. "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
  2307. "port": 80
  2308. },
  2309. {
  2310. "count": 1,
  2311. "body": "",
  2312. "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
  2313. "user-agent": "Microsoft BITS/7.5",
  2314. "method": "HEAD",
  2315. "host": "redirector.gvt1.com",
  2316. "version": "1.1",
  2317. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
  2318. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
  2319. "port": 80
  2320. },
  2321. {
  2322. "count": 1,
  2323. "body": "",
  2324. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2325. "user-agent": "Microsoft BITS/7.5",
  2326. "method": "HEAD",
  2327. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2328. "version": "1.1",
  2329. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2330. "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2331. "port": 80
  2332. },
  2333. {
  2334. "count": 1,
  2335. "body": "",
  2336. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2337. "user-agent": "Microsoft BITS/7.5",
  2338. "method": "GET",
  2339. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2340. "version": "1.1",
  2341. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2342. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-7102\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2343. "port": 80
  2344. },
  2345. {
  2346. "count": 1,
  2347. "body": "",
  2348. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2349. "user-agent": "Microsoft BITS/7.5",
  2350. "method": "GET",
  2351. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2352. "version": "1.1",
  2353. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2354. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7103-18212\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2355. "port": 80
  2356. },
  2357. {
  2358. "count": 1,
  2359. "body": "",
  2360. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2361. "user-agent": "Microsoft BITS/7.5",
  2362. "method": "GET",
  2363. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2364. "version": "1.1",
  2365. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2366. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=18213-29313\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2367. "port": 80
  2368. },
  2369. {
  2370. "count": 1,
  2371. "body": "",
  2372. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2373. "user-agent": "Microsoft BITS/7.5",
  2374. "method": "GET",
  2375. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2376. "version": "1.1",
  2377. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2378. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=29314-40414\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2379. "port": 80
  2380. },
  2381. {
  2382. "count": 1,
  2383. "body": "",
  2384. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2385. "user-agent": "Microsoft BITS/7.5",
  2386. "method": "GET",
  2387. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2388. "version": "1.1",
  2389. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2390. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=40415-63266\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2391. "port": 80
  2392. },
  2393. {
  2394. "count": 1,
  2395. "body": "",
  2396. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2397. "user-agent": "Microsoft BITS/7.5",
  2398. "method": "GET",
  2399. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2400. "version": "1.1",
  2401. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2402. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=63267-110661\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2403. "port": 80
  2404. },
  2405. {
  2406. "count": 1,
  2407. "body": "",
  2408. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2409. "user-agent": "Microsoft BITS/7.5",
  2410. "method": "GET",
  2411. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2412. "version": "1.1",
  2413. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2414. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=110662-165003\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2415. "port": 80
  2416. },
  2417. {
  2418. "count": 1,
  2419. "body": "",
  2420. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2421. "user-agent": "Microsoft BITS/7.5",
  2422. "method": "GET",
  2423. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2424. "version": "1.1",
  2425. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2426. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=165004-302452\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2427. "port": 80
  2428. },
  2429. {
  2430. "count": 1,
  2431. "body": "",
  2432. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2433. "user-agent": "Microsoft BITS/7.5",
  2434. "method": "GET",
  2435. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2436. "version": "1.1",
  2437. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2438. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=302453-495140\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2439. "port": 80
  2440. },
  2441. {
  2442. "count": 1,
  2443. "body": "",
  2444. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2445. "user-agent": "Microsoft BITS/7.5",
  2446. "method": "GET",
  2447. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2448. "version": "1.1",
  2449. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2450. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=495141-806691\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2451. "port": 80
  2452. },
  2453. {
  2454. "count": 1,
  2455. "body": "",
  2456. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2457. "user-agent": "Microsoft BITS/7.5",
  2458. "method": "GET",
  2459. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2460. "version": "1.1",
  2461. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2462. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=806692-1309037\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2463. "port": 80
  2464. },
  2465. {
  2466. "count": 1,
  2467. "body": "",
  2468. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2469. "user-agent": "Microsoft BITS/7.5",
  2470. "method": "GET",
  2471. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2472. "version": "1.1",
  2473. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2474. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1309038-2258543\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2475. "port": 80
  2476. },
  2477. {
  2478. "count": 1,
  2479. "body": "",
  2480. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2481. "user-agent": "Microsoft BITS/7.5",
  2482. "method": "GET",
  2483. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2484. "version": "1.1",
  2485. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2486. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2258544-3096732\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2487. "port": 80
  2488. },
  2489. {
  2490. "count": 1,
  2491. "body": "",
  2492. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2493. "user-agent": "Microsoft BITS/7.5",
  2494. "method": "GET",
  2495. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2496. "version": "1.1",
  2497. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2498. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=3096733-4185520\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2499. "port": 80
  2500. },
  2501. {
  2502. "count": 1,
  2503. "body": "",
  2504. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2505. "user-agent": "Microsoft BITS/7.5",
  2506. "method": "GET",
  2507. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2508. "version": "1.1",
  2509. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2510. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=4185521-5795954\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2511. "port": 80
  2512. },
  2513. {
  2514. "count": 1,
  2515. "body": "",
  2516. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2517. "user-agent": "Microsoft BITS/7.5",
  2518. "method": "GET",
  2519. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2520. "version": "1.1",
  2521. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2522. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=5795955-7539026\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2523. "port": 80
  2524. },
  2525. {
  2526. "count": 1,
  2527. "body": "",
  2528. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2529. "user-agent": "Microsoft BITS/7.5",
  2530. "method": "GET",
  2531. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2532. "version": "1.1",
  2533. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2534. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7539027-8767370\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2535. "port": 80
  2536. },
  2537. {
  2538. "count": 1,
  2539. "body": "",
  2540. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2541. "user-agent": "Microsoft BITS/7.5",
  2542. "method": "GET",
  2543. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2544. "version": "1.1",
  2545. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2546. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=8767371-10078926\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2547. "port": 80
  2548. },
  2549. {
  2550. "count": 1,
  2551. "body": "",
  2552. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2553. "user-agent": "Microsoft BITS/7.5",
  2554. "method": "GET",
  2555. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2556. "version": "1.1",
  2557. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2558. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=10078927-11935558\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2559. "port": 80
  2560. },
  2561. {
  2562. "count": 1,
  2563. "body": "",
  2564. "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2565. "user-agent": "Microsoft BITS/7.5",
  2566. "method": "GET",
  2567. "host": "r4---sn-tt1e7n7k.gvt1.com",
  2568. "version": "1.1",
  2569. "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
  2570. "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=11935559-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
  2571. "port": 80
  2572. }
  2573. ]
  2574.  
  2575. [*] Network Communication - SMTP: []
  2576.  
  2577. [*] Network Communication - Hosts: []
  2578.  
  2579. [*] Network Communication - IRC: []
  2580.  
  2581. [*] Static Analysis: {}
  2582.  
  2583. [*] Resolved APIs: [
  2584. "mso.dll.#1443",
  2585. "mso.dll.#9214",
  2586. "mso.dll.#199",
  2587. "mso.dll.#1073",
  2588. "mso.dll.#4255",
  2589. "mso.dll.#3459",
  2590. "mso.dll.#1262",
  2591. "mso.dll.#5709",
  2592. "mso.dll.#7353",
  2593. "mso.dll.#5228",
  2594. "mso.dll.#2155",
  2595. "mso.dll.#1725",
  2596. "user32.dll.RegisterWindowMessageW",
  2597. "secur32.dll.FreeContextBuffer",
  2598. "ncrypt.dll.SslOpenProvider",
  2599. "ncrypt.dll.GetSChannelInterface",
  2600. "bcryptprimitives.dll.GetHashInterface",
  2601. "ncrypt.dll.SslIncrementProviderReferenceCount",
  2602. "ncrypt.dll.SslImportKey",
  2603. "bcryptprimitives.dll.GetCipherInterface",
  2604. "ncrypt.dll.SslLookupCipherSuiteInfo",
  2605. "user32.dll.LoadStringW",
  2606. "ncrypt.dll.BCryptOpenAlgorithmProvider",
  2607. "ncrypt.dll.BCryptGetProperty",
  2608. "ncrypt.dll.BCryptCreateHash",
  2609. "ncrypt.dll.BCryptHashData",
  2610. "ncrypt.dll.BCryptFinishHash",
  2611. "ncrypt.dll.BCryptDestroyHash",
  2612. "crypt32.dll.CertGetCertificateChain",
  2613. "userenv.dll.GetUserProfileDirectoryW",
  2614. "sechost.dll.ConvertSidToStringSidW",
  2615. "sechost.dll.ConvertStringSidToSidW",
  2616. "userenv.dll.RegisterGPNotification",
  2617. "gpapi.dll.RegisterGPNotificationInternal",
  2618. "sechost.dll.OpenSCManagerW",
  2619. "sechost.dll.OpenServiceW",
  2620. "sechost.dll.CloseServiceHandle",
  2621. "sechost.dll.QueryServiceConfigW",
  2622. "cryptsp.dll.CryptAcquireContextA",
  2623. "cryptsp.dll.CryptCreateHash",
  2624. "cryptsp.dll.CryptHashData",
  2625. "cryptsp.dll.CryptVerifySignatureA",
  2626. "mso.dll.#4314",
  2627. "cryptsp.dll.CryptDestroyKey",
  2628. "cryptsp.dll.CryptDestroyHash",
  2629. "sxs.dll.SxsOleAut32MapReferenceClsidToConfiguredClsid",
  2630. "bcryptprimitives.dll.GetAsymmetricEncryptionInterface",
  2631. "ncrypt.dll.BCryptImportKeyPair",
  2632. "ncrypt.dll.BCryptVerifySignature",
  2633. "ncrypt.dll.BCryptDestroyKey",
  2634. "crypt32.dll.CertVerifyCertificateChainPolicy",
  2635. "crypt32.dll.CertFreeCertificateChain",
  2636. "crypt32.dll.CertDuplicateCertificateContext",
  2637. "ncrypt.dll.SslEncryptPacket",
  2638. "mso.dll.#6484",
  2639. "mso.dll.#8499",
  2640. "mso.dll.#9871",
  2641. "mso.dll.#4743",
  2642. "mso.dll.#5452",
  2643. "mso.dll.#2088",
  2644. "mso.dll.#5274",
  2645. "mso.dll.#3195",
  2646. "mso.dll.#8165",
  2647. "mso.dll.#9175",
  2648. "mso.dll.#5315",
  2649. "mso.dll.#8140",
  2650. "user32.dll.IsWindowEnabled",
  2651. "ole32.dll.CoGetCallState",
  2652. "ole32.dll.CoGetActivationState",
  2653. "advapi32.dll.RegisterWaitChainCOMCallback",
  2654. "ncrypt.dll.SslDecryptPacket",
  2655. "winhttp.dll.WinHttpReceiveResponse",
  2656. "winhttp.dll.WinHttpQueryHeaders",
  2657. "winhttp.dll.WinHttpQueryDataAvailable",
  2658. "winhttp.dll.WinHttpReadData",
  2659. "webservices.dll.WsCreateError",
  2660. "ntdll.dll.EtwEventWrite",
  2661. "ntdll.dll.EtwEventRegister",
  2662. "ntdll.dll.EtwEventUnregister",
  2663. "webservices.dll.WsCreateHeap",
  2664. "webservices.dll.WsCreateReader",
  2665. "webservices.dll.WsSetInput",
  2666. "webservices.dll.WsFillReader",
  2667. "webservices.dll.WsReadToStartElement",
  2668. "webservices.dll.WsReadStartElement",
  2669. "webservices.dll.WsReadType",
  2670. "winhttp.dll.WinHttpCloseHandle",
  2671. "crypt32.dll.CertFreeCertificateContext",
  2672. "rpcrt4.dll.RpcBindingFree",
  2673. "webservices.dll.WsFreeReader",
  2674. "webservices.dll.WsFreeError",
  2675. "webservices.dll.WsFreeHeap",
  2676. "webservices.dll.WsCreateServiceProxyFromTemplate",
  2677. "winhttp.dll.WinHttpOpenRequest",
  2678. "winhttp.dll.WinHttpAddRequestHeaders",
  2679. "winhttp.dll.WinHttpSendRequest",
  2680. "winhttp.dll.WinHttpConnect",
  2681. "winhttp.dll.WinHttpCrackUrl",
  2682. "winhttp.dll.WinHttpSetStatusCallback",
  2683. "winhttp.dll.WinHttpOpen",
  2684. "winhttp.dll.WinHttpSetOption",
  2685. "winhttp.dll.WinHttpWriteData",
  2686. "winhttp.dll.WinHttpSetCredentials",
  2687. "winhttp.dll.WinHttpQueryAuthSchemes",
  2688. "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
  2689. "winhttp.dll.WinHttpGetProxyForUrl",
  2690. "winhttp.dll.WinHttpQueryOption",
  2691. "webservices.dll.WsOpenServiceProxy",
  2692. "webservices.dll.WsCall",
  2693. "webservices.dll.WsAddCustomHeader",
  2694. "shlwapi.dll.StrStrA",
  2695. "shlwapi.dll.UrlUnescapeA",
  2696. "user32.dll.IsHungAppWindow",
  2697. "ole32.dll.CoTaskMemFree",
  2698. "ole32.dll.CoTaskMemAlloc",
  2699. "ole32.dll.CoInitializeEx",
  2700. "ole32.dll.CoUninitialize",
  2701. "cryptnet.dll.CertDllVerifyRevocation",
  2702. "profapi.dll.#104",
  2703. "sensapi.dll.IsNetworkAlive",
  2704. "rpcrt4.dll.RpcBindingFromStringBindingW",
  2705. "rpcrt4.dll.RpcBindingSetAuthInfoExW",
  2706. "rpcrt4.dll.NdrClientCall2",
  2707. "winhttp.dll.WinHttpSetTimeouts",
  2708. "winhttp.dll.WinHttpGetDefaultProxyConfiguration",
  2709. "winhttp.dll.WinHttpTimeFromSystemTime",
  2710. "shlwapi.dll.StrStrIW",
  2711. "cryptnet.dll.I_CryptNetGetConnectivity",
  2712. "cryptnet.dll.CryptRetrieveObjectByUrlW",
  2713. "setupapi.dll.SetupIterateCabinetW",
  2714. "kernel32.dll.RegOpenKeyExW",
  2715. "kernel32.dll.RegCloseKey",
  2716. "cabinet.dll.#20",
  2717. "cabinet.dll.#22",
  2718. "devrtl.dll.DevRtlGetThreadLogToken",
  2719. "cryptsp.dll.CryptSetHashParam",
  2720. "sechost.dll.QueryServiceConfigA",
  2721. "sechost.dll.QueryServiceStatus",
  2722. "rpcrt4.dll.RpcStringBindingComposeA",
  2723. "rpcrt4.dll.RpcBindingFromStringBindingA",
  2724. "rpcrt4.dll.RpcEpResolveBinding",
  2725. "sechost.dll.LookupAccountSidLocalW",
  2726. "rpcrt4.dll.RpcStringFreeA",
  2727. "webservices.dll.WsResetHeap",
  2728. "webservices.dll.WsCloseServiceProxy",
  2729. "ws2_32.dll.#3",
  2730. "webservices.dll.WsFreeServiceProxy",
  2731. "ncrypt.dll.SslDecrementProviderReferenceCount",
  2732. "ncrypt.dll.SslFreeObject",
  2733. "user32.dll.RegisterPowerSettingNotification",
  2734. "powrprof.dll.PowerSettingRegisterNotification",
  2735. "user32.dll.GetWindowThreadProcessId",
  2736. "user32.dll.GetWindowTextW",
  2737. "mso.dll.#25",
  2738. "mso.dll.#1056",
  2739. "mso.dll.#8136",
  2740. "mso.dll.#8931",
  2741. "shell32.dll.SHGetFileInfoW",
  2742. "mso.dll.#5362",
  2743. "mso.dll.#6044",
  2744. "mso.dll.#6516",
  2745. "mso.dll.#6221",
  2746. "mso.dll.#5780",
  2747. "mso.dll.#4870",
  2748. "mso.dll.#6046",
  2749. "mso.dll.#1241",
  2750. "mso.dll.#2821",
  2751. "mso.dll.#2340",
  2752. "mso.dll.#7287",
  2753. "mso.dll.#5290",
  2754. "mso.dll.#1508",
  2755. "user32.dll.IsZoomed",
  2756. "user32.dll.GetWindowPlacement",
  2757. "user32.dll.GetWindowRect",
  2758. "mso.dll.#821",
  2759. "user32.dll.GetSystemMetrics",
  2760. "user32.dll.MonitorFromWindow",
  2761. "user32.dll.MonitorFromRect",
  2762. "user32.dll.MonitorFromPoint",
  2763. "user32.dll.EnumDisplayMonitors",
  2764. "user32.dll.GetMonitorInfoA",
  2765. "user32.dll.EnumDisplayDevicesA",
  2766. "mso.dll.#2378",
  2767. "user32.dll.SetWindowPos",
  2768. "user32.dll.AdjustWindowRect",
  2769. "mso.dll.#5912",
  2770. "mso.dll.#9719",
  2771. "mso.dll.#8824",
  2772. "mso.dll.#6117",
  2773. "mso.dll.#3307",
  2774. "user32.dll.SendMessageW",
  2775. "user32.dll.DestroyIcon",
  2776. "mso.dll.#3813",
  2777. "mso.dll.#1815",
  2778. "user32.dll.PtInRect",
  2779. "mso.dll.#1613",
  2780. "user32.dll.SetWindowTextW",
  2781. "user32.dll.GetClassLongW",
  2782. "mso.dll.#8572",
  2783. "gdi32.dll.CreateDIBSection",
  2784. "gdi32.dll.CreateCompatibleDC",
  2785. "gdi32.dll.GetViewportOrgEx",
  2786. "gdi32.dll.SetViewportOrgEx",
  2787. "gdi32.dll.SetBkColor",
  2788. "gdi32.dll.ExtTextOutA",
  2789. "mso.dll.#1573",
  2790. "mso.dll.#8612",
  2791. "user32.dll.SetScrollRange",
  2792. "mso.dll.#2509",
  2793. "user32.dll.BeginDeferWindowPos",
  2794. "user32.dll.DeferWindowPos",
  2795. "user32.dll.EndDeferWindowPos",
  2796. "user32.dll.OffsetRect",
  2797. "user32.dll.EnumChildWindows",
  2798. "user32.dll.GetScrollInfo",
  2799. "user32.dll.MapWindowPoints",
  2800. "msptls.dll.?FsCreatePageFinite@Ptls6@@YGJPAUfscontext@1@PBUfsbreakrecpage@1@PAUfsnameclient@1@PAU_fsfmtr@1@PAPAUfspage@1@PAPAU31@@Z",
  2801. "gdi32.dll.DeleteDC",
  2802. "msptls.dll.?FsTransformRectangle@Ptls6@@YGJKPBUtagFSRECT@1@0KPAU21@@Z",
  2803. "mso.dll.#6126",
  2804. "msptls.dll.?LsCreateLine@Ptls6@@YGJPAUlscontext@1@PAUlsparaclient@1@PBUlspap@1@JPBUlslinerestr@1@PBUlsbreakrecline@1@PAPAU61@PAUlslinfo@1@PAPAVCLsLine@1@@Z",
  2805. "gdi32.dll.GetFontRealizationInfo",
  2806. "gdi32.dll.GetFontFileInfo",
  2807. "gdi32.dll.GetFontFileData",
  2808. "mso.dll.#7261",
  2809. "mso.dll.#9540",
  2810. "usp10.dll.ScriptGetFontScriptTags",
  2811. "usp10.dll.ScriptGetFontLanguageTags",
  2812. "usp10.dll.ScriptGetFontFeatureTags",
  2813. "msptls.dll.?LsGetObjectName@Ptls6@@YG?AVLSNAMEEXP@1@PBVCLsDnode@1@@Z",
  2814. "msptls.dll.?LsdnFinishWordRegular@Ptls6@@YGJPAVCLsDnode@1@JPAUlsrun@1@PBUlschp@1@PAVCLsObject@1@PBUOBJDIM@1@HHH@Z",
  2815. "msptls.dll.?LsdnSetRigidDup@Ptls6@@YGJPAVCLsDnode@1@J@Z",
  2816. "msptls.dll.?LsQueryLineVisibilityWord@Ptls6@@YGJPAVCLsLine@1@PAJPAH@Z",
  2817. "msptls.dll.?LsQueryLineMaxDepth@Ptls6@@YGJPAVCLsLine@1@PAJ@Z",
  2818. "msptls.dll.?LsEnumLine@Ptls6@@YGJPAVCLsLine@1@HHPBUtagLSPOINT@1@@Z",
  2819. "msptls.dll.?LsModifyLineHeight@Ptls6@@YGJPAUlscontext@1@PAVCLsLine@1@JJJJ@Z",
  2820. "msptls.dll.?FsQueryPageDetails@Ptls6@@YGJPAUfscontext@1@PBUfspage@1@PAUfspagedetails@1@@Z",
  2821. "msptls.dll.?FsQueryPageSectionList@Ptls6@@YGJPAUfscontext@1@PBUfspage@1@JPAUfssectiondescription@1@PAJ@Z",
  2822. "msptls.dll.?FsQuerySectionDetails@Ptls6@@YGJPAUfscontext@1@PBUfssection@1@PAUfssectiondetails@1@@Z",
  2823. "msptls.dll.?FsQuerySectionCompositeColumnList@Ptls6@@YGJPAUfscontext@1@PBUfssection@1@JPAUfscompositecolumndescription@1@PAJ@Z",
  2824. "msptls.dll.?FsQueryCompositeColumnDetails@Ptls6@@YGJPAUfscontext@1@PBUfscompositecolumn@1@PAUfscompositecolumndetails@1@@Z",
  2825. "msptls.dll.?FsQueryTrackDetails@Ptls6@@YGJPAUfscontext@1@PBUfstrack@1@PAUfstrackdetails@1@@Z",
  2826. "msptls.dll.?FsQueryTrackParaList@Ptls6@@YGJPAUfscontext@1@PBUfstrack@1@JPAUfsparadescription@1@PAJ@Z",
  2827. "msptls.dll.?FsQueryTextDetails@Ptls6@@YGJPAUfscontext@1@PBUfspara@1@PAUfstextdetails@1@@Z",
  2828. "msptls.dll.?FsQueryLineListComposite@Ptls6@@YGJPAUfscontext@1@PBUfspara@1@JPAUfslinedescriptioncomposite@1@PAJ@Z",
  2829. "msptls.dll.?FsQueryLineCompositeElementList@Ptls6@@YGJPAUfscontext@1@PBUfsline@1@JPAUfslineelement@1@PAJ@Z",
  2830. "msptls.dll.?LsDestroyLine@Ptls6@@YGJPAUlscontext@1@PAVCLsLine@1@@Z",
  2831. "msptls.dll.?FsDestroyPage@Ptls6@@YGJPAUfscontext@1@PAUfspage@1@@Z",
  2832. "msptls.dll.?FsDestroyContext@Ptls6@@YGJPAUfscontext@1@@Z",
  2833. "user32.dll.SetRectEmpty",
  2834. "user32.dll.InflateRect",
  2835. "mso.dll.#1100",
  2836. "mso.dll.#7047",
  2837. "msptls.dll.?LsQueryLineDup@Ptls6@@YGJPAVCLsLine@1@PAUlslinearea@1@@Z",
  2838. "user32.dll.GetCursor",
  2839. "user32.dll.GetClientRect",
  2840. "user32.dll.SetScrollInfo",
  2841. "user32.dll.SetScrollPos",
  2842. "mso.dll.#3747",
  2843. "mso.dll.#8218",
  2844. "mso.dll.#5394",
  2845. "mso.dll.#331",
  2846. "mso.dll.#6829",
  2847. "mso.dll.#539",
  2848. "mso.dll.#4959",
  2849. "mso.dll.#6463",
  2850. "mso.dll.#4987",
  2851. "user32.dll.GetWindow",
  2852. "mso.dll.#7195",
  2853. "mso.dll.#7573",
  2854. "mso.dll.#445",
  2855. "user32.dll.GetCaretBlinkTime",
  2856. "user32.dll.CreateCaret",
  2857. "msptls.dll.?LsQueryLineCpPpoint@Ptls6@@YGJPAVCLsLine@1@JJPAUlsqsubinfo@1@PAJPAUlstextcell@1@@Z",
  2858. "user32.dll.IntersectRect",
  2859. "user32.dll.DestroyCaret",
  2860. "user32.dll.GetCaretPos",
  2861. "user32.dll.SetCaretPos",
  2862. "mso.dll.#5932",
  2863. "mso.dll.#2071",
  2864. "mso.dll.#1024",
  2865. "mso.dll.#6245",
  2866. "mso.dll.#9041",
  2867. "mso.dll.#1767",
  2868. "mso.dll.#9369",
  2869. "mso.dll.#4617",
  2870. "user32.dll.FillRect",
  2871. "mso.dll.#343",
  2872. "mso.dll.#9636",
  2873. "mso.dll.#2022",
  2874. "mso.dll.#4750",
  2875. "mso.dll.#4577",
  2876. "mso.dll.#850",
  2877. "mso.dll.#1776",
  2878. "mso.dll.#9026",
  2879. "mso.dll.#4497",
  2880. "shell32.dll.SHAddToRecentDocs",
  2881. "mso.dll.#4647",
  2882. "mso.dll.#8926",
  2883. "mso.dll.#7212",
  2884. "mso.dll.#5407",
  2885. "mso.dll.#5152",
  2886. "mso.dll.#3327",
  2887. "mso.dll.#6333",
  2888. "mso.dll.#420",
  2889. "mso.dll.#1335",
  2890. "mso.dll.#2041",
  2891. "mso.dll.#7834",
  2892. "mso.dll.#239",
  2893. "mso.dll.#6357",
  2894. "mso.dll.#7026",
  2895. "mso.dll.#1671",
  2896. "ole32.dll.PropVariantClear",
  2897. "oleaut32.dll.#9",
  2898. "oleaut32.dll.#7",
  2899. "mso.dll.#8263",
  2900. "mso.dll.#9307",
  2901. "mso.dll.#1441",
  2902. "mso.dll.#9223",
  2903. "mso.dll.#6453",
  2904. "mso.dll.#8044",
  2905. "mso.dll.#3698",
  2906. "mso.dll.#8565",
  2907. "mso.dll.#8373",
  2908. "mso.dll.#9741",
  2909. "mso.dll.#478",
  2910. "mso.dll.#479",
  2911. "mso.dll.#340",
  2912. "bcrypt.dll.BCryptOpenAlgorithmProvider",
  2913. "bcrypt.dll.BCryptGetProperty",
  2914. "bcrypt.dll.BCryptCreateHash",
  2915. "bcrypt.dll.BCryptHashData",
  2916. "bcrypt.dll.BCryptFinishHash",
  2917. "bcrypt.dll.BCryptDestroyHash",
  2918. "bcrypt.dll.BCryptCloseAlgorithmProvider",
  2919. "mso.dll.#8633",
  2920. "mso.dll.#5213",
  2921. "mso.dll.#6163",
  2922. "mso.dll.#552",
  2923. "mso.dll.#5630",
  2924. "mso.dll.#2513",
  2925. "mso.dll.#1607",
  2926. "mso.dll.#791",
  2927. "mso.dll.#1848",
  2928. "mso.dll.#8735",
  2929. "mso.dll.#9374",
  2930. "mso.dll.#5286",
  2931. "mso.dll.#6368",
  2932. "mso.dll.#4262",
  2933. "mso.dll.#1010",
  2934. "mso.dll.#7979",
  2935. "mso.dll.#8549",
  2936. "mso.dll.#8970",
  2937. "mso.dll.#9198",
  2938. "mso.dll.#4795",
  2939. "mso.dll.#1865",
  2940. "mso.dll.#9688",
  2941. "mso.dll.#320",
  2942. "advapi32.dll.RegDeleteKeyA",
  2943. "user32.dll.DestroyCursor",
  2944. "mso.dll.#7173",
  2945. "mso.dll.#8511",
  2946. "mso.dll.#3299",
  2947. "mso.dll.#7001",
  2948. "mso.dll.#3913",
  2949. "user32.dll.PeekMessageA",
  2950. "mso.dll.#1380",
  2951. "mso.dll.#9500",
  2952. "user32.dll.TranslateMessage",
  2953. "user32.dll.IsWindowUnicode",
  2954. "user32.dll.DispatchMessageA",
  2955. "user32.dll.DispatchMessageW",
  2956. "user32.dll.UpdateWindow",
  2957. "mso.dll.#999",
  2958. "mso.dll.#287",
  2959. "dwmapi.dll.DwmIsCompositionEnabled",
  2960. "mso.dll.#1575",
  2961. "mso.dll.#5034",
  2962. "mso.dll.#1517",
  2963. "mso.dll.#718",
  2964. "mso.dll.#4708",
  2965. "mso.dll.#8046",
  2966. "mso.dll.#4175",
  2967. "mso.dll.#8672",
  2968. "mso.dll.#1990",
  2969. "mso.dll.#3051",
  2970. "mso.dll.#1819",
  2971. "mso.dll.#1419",
  2972. "oleaut32.dll.#147",
  2973. "kernel32.dll.WerRegisterMemoryBlock",
  2974. "dwrite.dll.DWriteCreateFactory",
  2975. "advapi32.dll.RegQueryValueW",
  2976. "apphelp.dll.ApphelpCheckShellObject",
  2977. "ole32.dll.CoRevokeInitializeSpy",
  2978. "comctl32.dll.#388",
  2979. "gdi32.dll.GetCurrentObject",
  2980. "gdi32.dll.BitBlt",
  2981. "gdi32.dll.GetClipBox",
  2982. "gdi32.dll.StretchDIBits",
  2983. "riched20.dll.REExtendedRegisterClass",
  2984. "user32.dll.GetWindowLongW",
  2985. "user32.dll.GetSysColor",
  2986. "user32.dll.SetWindowLongW",
  2987. "user32.dll.RegisterWindowMessageA",
  2988. "user32.dll.RegisterClipboardFormatW",
  2989. "user32.dll.GetDoubleClickTime",
  2990. "user32.dll.SetCaretBlinkTime",
  2991. "user32.dll.SystemParametersInfoW",
  2992. "user32.dll.GetKeyboardLayoutList",
  2993. "mso.dll._MsoGetFidUspDll@0",
  2994. "mso.dll._MsoLoadLocalizedLibraryEx@12",
  2995. "usp10.dll.ScriptGetProperties",
  2996. "usp10.dll.ScriptItemize",
  2997. "user32.dll.LoadCursorW",
  2998. "user32.dll.IsWindowVisible",
  2999. "user32.dll.GetKeyboardLayout",
  3000. "user32.dll.PostMessageW",
  3001. "user32.dll.DefWindowProcW",
  3002. "uxtheme.dll.IsThemeActive",
  3003. "uxtheme.dll.IsAppThemed",
  3004. "uxtheme.dll.OpenThemeData",
  3005. "user32.dll.GetDC",
  3006. "user32.dll.ReleaseDC",
  3007. "user32.dll.IsIconic",
  3008. "user32.dll.GetParent",
  3009. "usp10.dll.ScriptGetCMap",
  3010. "user32.dll.InvalidateRect",
  3011. "user32.dll.HideCaret",
  3012. "user32.dll.ShowCaret",
  3013. "user32.dll.NotifyWinEvent",
  3014. "user32.dll.GetWindowTextLengthW",
  3015. "user32.dll.EnableWindow",
  3016. "msctf.dll.SetInputScope",
  3017. "user32.dll.GetWindowRgn",
  3018. "gdi32.dll.CreateCompatibleBitmap",
  3019. "gdi32.dll.SaveDC",
  3020. "gdi32.dll.SetPixel",
  3021. "gdi32.dll.GetPixel",
  3022. "gdi32.dll.RestoreDC",
  3023. "imm32.dll.ImmAssociateContext",
  3024. "mso.dll.#806",
  3025. "mso.dll.#4908",
  3026. "user32.dll.SetRect",
  3027. "mso.dll.#8439",
  3028. "mso.dll.#2736",
  3029. "gdi32.dll.GetTextAlign",
  3030. "gdi32.dll.ExtTextOutW",
  3031. "mso.dll.#8122",
  3032. "mso.dll.#2114",
  3033. "mso.dll.#6558",
  3034. "gdi32.dll.GetFontData",
  3035. "usp10.dll.ScriptItemizeOpenType",
  3036. "usp10.dll.ScriptShapeOpenType",
  3037. "usp10.dll.ScriptPlaceOpenType",
  3038. "mso.dll.#8395",
  3039. "mso.dll.#379",
  3040. "mso.dll.#6338",
  3041. "mso.dll.#7964",
  3042. "mso.dll.#1437",
  3043. "mso.dll.#1427",
  3044. "mso.dll.#6137",
  3045. "winmm.dll.timeGetTime",
  3046. "mso.dll.#5940",
  3047. "usp10.dll.ScriptPlace",
  3048. "usp10.dll.ScriptShape",
  3049. "usp10.dll.ScriptJustify",
  3050. "usp10.dll.ScriptTextOut",
  3051. "usp10.dll.ScriptCPtoX",
  3052. "usp10.dll.ScriptXtoCP",
  3053. "usp10.dll.ScriptFreeCache",
  3054. "usp10.dll.ScriptCacheGetHeight",
  3055. "usp10.dll.ScriptLayout",
  3056. "usp10.dll.ScriptBreak",
  3057. "usp10.dll.ScriptIsComplex",
  3058. "usp10.dll.ScriptGetLogicalWidths",
  3059. "usp10.dll.ScriptApplyLogicalWidth",
  3060. "usp10.dll.ScriptGetGlyphABCWidth",
  3061. "usp10.dll.ScriptGetFontProperties",
  3062. "usp10.dll.ScriptApplyDigitSubstitution",
  3063. "usp10.dll.ScriptRecordDigitSubstitution",
  3064. "usp10.dll.ScriptGetFontAlternateGlyphs",
  3065. "mso.dll.#7578",
  3066. "mso.dll.#8483",
  3067. "mso.dll.#2613",
  3068. "gdi32.dll.GdiIsMetaPrintDC",
  3069. "mso.dll.#7848",
  3070. "user32.dll.GetForegroundWindow",
  3071. "user32.dll.GetFocus",
  3072. "user32.dll.GetClassNameA",
  3073. "user32.dll.IsWindowRedirectedForPrint",
  3074. "gdi32.dll.CreateRectRgnIndirect",
  3075. "user32.dll.GetUpdateRgn",
  3076. "gdi32.dll.GetRgnBox",
  3077. "user32.dll.ValidateRect",
  3078. "user32.dll.GetUpdateRect",
  3079. "user32.dll.BeginPaint",
  3080. "user32.dll.EndPaint",
  3081. "mso.dll.#3624",
  3082. "msptls.dll.?LsPointXYFromPointUV@Ptls6@@YGJPBUtagLSPOINT@1@KPBUtagLSPOINTUV@1@PAU21@@Z",
  3083. "msptls.dll.?LsDisplayLine@Ptls6@@YGJPAVCLsLine@1@PBUtagLSPOINT@1@IPBUtagLSRECT@1@@Z",
  3084. "mso.dll.#6247",
  3085. "gdi32.dll.TranslateCharsetInfo",
  3086. "mso.dll.#3300",
  3087. "mso.dll.#7465",
  3088. "gdi32.dll.SetWindowOrgEx",
  3089. "mso.dll.#732",
  3090. "mso.dll.#5804",
  3091. "mso.dll.#9465",
  3092. "mso.dll.#4746",
  3093. "user32.dll.IsWindow",
  3094. "ole32.dll.CoCreateInstance",
  3095. "user32.dll.ScreenToClient",
  3096. "mso.dll.#434",
  3097. "user32.dll.GetMessageExtraInfo",
  3098. "user32.dll.GetCursorInfo",
  3099. "user32.dll.GetCapture",
  3100. "user32.dll.TrackMouseEvent",
  3101. "user32.dll.GetInputState",
  3102. "mso.dll.#8461",
  3103. "user32.dll.SendNotifyMessageW",
  3104. "user32.dll.GetClipboardOwner",
  3105. "mso.dll.#1422",
  3106. "user32.dll.MsgWaitForMultipleObjectsEx",
  3107. "advapi32.dll.NotifyServiceStatusChangeW",
  3108. "advapi32.dll.ConvertSidToStringSidW",
  3109. "msi.dll.DllGetVersion",
  3110. "msi.dll.#111",
  3111. "mso.dll.#8202",
  3112. "mso.dll.#5360",
  3113. "mso.dll.#8574",
  3114. "msi.dll.#39",
  3115. "mso.dll.#8318",
  3116. "mso.dll.#1283",
  3117. "mso.dll.#8705",
  3118. "mso.dll.#9685",
  3119. "mso.dll.#3579",
  3120. "mso.dll.#8747",
  3121. "mso.dll.#2880",
  3122. "mso.dll.#7615",
  3123. "mso.dll.#4219",
  3124. "mso.dll.#3244",
  3125. "mso.dll.#408",
  3126. "mso.dll.#2714",
  3127. "mso.dll.#8622",
  3128. "mso.dll.#3380",
  3129. "mso.dll.#2566",
  3130. "mso.dll.#1429",
  3131. "mso.dll.#6502",
  3132. "mso.dll.#2968",
  3133. "mso.dll.#709",
  3134. "mso.dll.#5913",
  3135. "mso.dll.#8051",
  3136. "mso.dll.#6505",
  3137. "mso.dll.#7009",
  3138. "mso.dll.#3901",
  3139. "mso.dll.#6429",
  3140. "mso.dll.#5667",
  3141. "mso.dll.#86",
  3142. "mso.dll.#2052",
  3143. "mso.dll.#7778",
  3144. "mso.dll.#5127",
  3145. "mso.dll.#7590",
  3146. "mso.dll.#2687",
  3147. "mso.dll.#8060",
  3148. "mso.dll.#5925",
  3149. "advapi32.dll.CryptAcquireContextA",
  3150. "advapi32.dll.CryptGenKey",
  3151. "cryptsp.dll.CryptGenKey",
  3152. "advapi32.dll.CryptImportKey",
  3153. "cryptsp.dll.CryptImportKey",
  3154. "advapi32.dll.CryptExportKey",
  3155. "cryptsp.dll.CryptExportKey",
  3156. "advapi32.dll.CryptDestroyKey",
  3157. "mso.dll.#3638",
  3158. "mso.dll.#3258",
  3159. "mso.dll.#7974",
  3160. "mso.dll.#2609",
  3161. "mso.dll.#3500",
  3162. "mso.dll.#3347",
  3163. "mso.dll.#1905",
  3164. "mso.dll.#2812",
  3165. "mso.dll.#4416",
  3166. "mso.dll.#4008",
  3167. "mso.dll.#7366",
  3168. "mso.dll.#7546",
  3169. "mso.dll.#1406",
  3170. "mso.dll.#4926",
  3171. "user32.dll.GetScrollPos",
  3172. "mso.dll.#629",
  3173. "mso.dll.#676",
  3174. "mso.dll.#8644",
  3175. "mso.dll.#3141",
  3176. "mso.dll.#8472",
  3177. "mso.dll.#2281",
  3178. "mso.dll.#2628",
  3179. "mso.dll.#3425",
  3180. "mso.dll.#5291",
  3181. "mso.dll.#1718",
  3182. "mso.dll.#4777",
  3183. "advapi32.dll.CryptCreateHash",
  3184. "advapi32.dll.CryptSetHashParam",
  3185. "advapi32.dll.CryptHashData",
  3186. "advapi32.dll.CryptGetHashParam",
  3187. "cryptsp.dll.CryptGetHashParam",
  3188. "advapi32.dll.CryptDestroyHash",
  3189. "msi.dll.#90",
  3190. "kernel32.dll.FlsAlloc",
  3191. "kernel32.dll.FlsGetValue",
  3192. "kernel32.dll.FlsSetValue",
  3193. "kernel32.dll.FlsFree",
  3194. "ieawsdc.dll.HrExtractTemplateToPath",
  3195. "mso.dll.#8837",
  3196. "crypt32.dll.CryptQueryObject",
  3197. "wintrust.dll.CryptSIPPutSignedDataMsg",
  3198. "wintrust.dll.CryptSIPGetSignedDataMsg",
  3199. "cryptsp.dll.CryptGetDefaultProviderW",
  3200. "cryptsp.dll.CryptAcquireContextW",
  3201. "crypt32.dll.CertEnumCertificatesInStore",
  3202. "crypt32.dll.CryptVerifyCertificateSignatureEx",
  3203. "cryptsp.dll.CryptReleaseContext",
  3204. "wintrust.dll.WinVerifyTrust",
  3205. "wintrust.dll.WintrustCertificateTrust",
  3206. "wintrust.dll.SoftpubAuthenticode",
  3207. "wintrust.dll.SoftpubInitialize",
  3208. "wintrust.dll.SoftpubLoadMessage",
  3209. "wintrust.dll.SoftpubLoadSignature",
  3210. "wintrust.dll.SoftpubCheckCert",
  3211. "wintrust.dll.SoftpubCleanup",
  3212. "wintrust.dll.CryptSIPVerifyIndirectData",
  3213. "advapi32.dll.RegDeleteValueW",
  3214. "mso.dll.#1455",
  3215. "user32.dll.GetAncestor",
  3216. "user32.dll.GetDesktopWindow",
  3217. "user32.dll.LoadImageW",
  3218. "user32.dll.CreateWindowExW",
  3219. "comctl32.dll.HIMAGELIST_QueryInterface",
  3220. "comctl32.dll.DrawShadowText",
  3221. "comctl32.dll.DrawSizeBox",
  3222. "comctl32.dll.DrawScrollBar",
  3223. "comctl32.dll.SizeBoxHwnd",
  3224. "comctl32.dll.ScrollBar_MouseMove",
  3225. "comctl32.dll.ScrollBar_Menu",
  3226. "comctl32.dll.HandleScrollCmd",
  3227. "comctl32.dll.DetachScrollBars",
  3228. "comctl32.dll.AttachScrollBars",
  3229. "comctl32.dll.CCSetScrollInfo",
  3230. "comctl32.dll.CCGetScrollInfo",
  3231. "comctl32.dll.CCEnableScrollBar",
  3232. "comctl32.dll.QuerySystemGestureStatus",
  3233. "uxtheme.dll.#49",
  3234. "uxtheme.dll.CloseThemeData",
  3235. "user32.dll.EnableScrollBar",
  3236. "user32.dll.ShowScrollBar",
  3237. "user32.dll.ShowWindow",
  3238. "user32.dll.SetParent",
  3239. "user32.dll.KillTimer",
  3240. "user32.dll.ClientToScreen",
  3241. "user32.dll.MoveWindow",
  3242. "user32.dll.DestroyWindow",
  3243. "gdi32.dll.GetViewportExtEx",
  3244. "gdi32.dll.GetWindowExtEx",
  3245. "gdi32.dll.GetTextCharset",
  3246. "gdi32.dll.GetMapMode",
  3247. "gdi32.dll.GetLayout",
  3248. "oleaut32.dll.SysAllocString",
  3249. "oleaut32.dll.SysStringLen",
  3250. "oleaut32.dll.SysAllocStringLen",
  3251. "oleaut32.dll.SysFreeString",
  3252. "uxtheme.dll.GetThemePartSize",
  3253. "user32.dll.SetFocus",
  3254. "user32.dll.GetMessageW",
  3255. "user32.dll.WindowFromPoint",
  3256. "user32.dll.FindWindowExW",
  3257. "gdi32.dll.SelectClipRgn",
  3258. "gdi32.dll.IntersectClipRect",
  3259. "gdi32.dll.SetTextColor",
  3260. "gdi32.dll.SetBkMode",
  3261. "gdi32.dll.SetTextAlign",
  3262. "gdi32.dll.GetClipRgn",
  3263. "gdi32.dll.ExtSelectClipRgn",
  3264. "gdi32.dll.GetTextColor",
  3265. "uxtheme.dll.DrawThemeBackground",
  3266. "gdi32.dll.ExcludeClipRect",
  3267. "user32.dll.WaitMessage",
  3268. "wininet.dll.InternetGetConnectedState",
  3269. "rasapi32.dll.RasConnectionNotificationW",
  3270. "sechost.dll.NotifyServiceStatusChangeA",
  3271. "gdi32.dll.GdiFlush",
  3272. "osppcext.dll.SLActivateProduct",
  3273. "osppcext.dll.SLGetTokenActivationGrants",
  3274. "osppcext.dll.SLGetTokenActivationCertificates",
  3275. "osppcext.dll.SLGenerateTokenActivationChallenge",
  3276. "osppcext.dll.SLSignTokenActivationChallenge",
  3277. "osppcext.dll.SLDepositTokenActivationResponse",
  3278. "osppcext.dll.SLFreeTokenActivationGrants",
  3279. "osppcext.dll.SLFreeTokenActivationCertificates",
  3280. "user32.dll.GetWindowDC",
  3281. "gdi32.dll.SetLayout",
  3282. "gdi32.dll.RectVisible",
  3283. "user32.dll.IsClipboardFormatAvailable",
  3284. "uiautomationcore.dll.UiaClientsAreListening",
  3285. "mso.dll.#8662",
  3286. "user32.dll.GetActiveWindow",
  3287. "mso.dll.#3544",
  3288. "mso.dll.#900",
  3289. "user32.dll.GetClassNameW",
  3290. "mso.dll.#5070",
  3291. "mso.dll.#6899",
  3292. "mso.dll.#424",
  3293. "mso.dll.#1885",
  3294. "mso.dll.#832",
  3295. "mso.dll.#3702",
  3296. "mso.dll.#3484",
  3297. "mso.dll.#1966",
  3298. "mso.dll.#6960",
  3299. "mso.dll.#7892",
  3300. "advapi32.dll.SaferiSearchMatchingHashRules",
  3301. "wintrust.dll.WTHelperProvDataFromStateData",
  3302. "wintrust.dll.WTHelperGetProvSignerFromChain",
  3303. "crypt32.dll.CertCloseStore",
  3304. "mso.dll.#7531",
  3305. "advapi32.dll.CryptReleaseContext",
  3306. "mso.dll.#7931",
  3307. "mso.dll.#3837",
  3308. "mso.dll.#8398",
  3309. "cabinet.dll.#23",
  3310. "user32.dll.SetCursor",
  3311. "user32.dll.GetMessagePos",
  3312. "mso.dll.#2477",
  3313. "msproof7.dll.DllGetClassObject",
  3314. "msproof7.dll.DllCanUnloadNow",
  3315. "mso.dll.#4172",
  3316. "mso.dll.#1439",
  3317. "mso.dll.#9566",
  3318. "mso.dll.#111",
  3319. "mso.dll.#4191",
  3320. "mso.dll.#3802",
  3321. "mso.dll.#6982",
  3322. "mso.dll.#8800",
  3323. "mso.dll.#3572",
  3324. "mso.dll.#167",
  3325. "mso.dll.#5737",
  3326. "mso.dll.#590",
  3327. "mso.dll.#3758",
  3328. "msgr3en.dll.CheckVersion",
  3329. "msgr3en.dll.#29",
  3330. "msgr3en.dll.#30",
  3331. "msgr3en.dll.#31",
  3332. "msgr3en.dll.#32",
  3333. "msgr3en.dll.#33",
  3334. "msgr3en.dll.#34",
  3335. "msgr3en.dll.#35",
  3336. "msgr3en.dll.#45",
  3337. "msgr3en.dll.#46",
  3338. "msgr3en.dll.#47",
  3339. "msgr3en.dll.#48",
  3340. "msgr3en.dll.#51",
  3341. "msgr3en.dll.#50",
  3342. "msgr3en.dll.#49",
  3343. "msgr3en.dll.#43",
  3344. "msgr3en.dll.#41",
  3345. "msgr3en.dll.#42",
  3346. "msgr3en.dll.#44",
  3347. "msgr3en.dll.#39",
  3348. "msgr3en.dll.#40",
  3349. "msgr3en.dll.#36",
  3350. "msgr3en.dll.#38",
  3351. "msgr3en.dll.#37",
  3352. "msgr3en.dll.#56",
  3353. "msgr3en.dll.#52",
  3354. "msgr3en.dll.#53",
  3355. "msgr3en.dll.#57",
  3356. "msgr3en.dll.#58",
  3357. "msgr3en.dll.#59",
  3358. "user32.dll.LoadStringA",
  3359. "mso.dll.#2561",
  3360. "mso.dll.#1266",
  3361. "gdi32.dll.GetStockObject",
  3362. "mso.dll.#6501",
  3363. "riched20.dll.REMSOHInst",
  3364. "mso.dll.#511",
  3365. "mso.dll.#8118",
  3366. "gdi32.dll.GetGlyphIndicesW",
  3367. "mso.dll.#844",
  3368. "mso.dll.#1414",
  3369. "mso.dll.#7651",
  3370. "mso.dll.#5071",
  3371. "mso.dll.#2802",
  3372. "advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
  3373. "mso.dll.#4111",
  3374. "mso.dll.#2386",
  3375. "advapi32.dll.RegisterEventSourceW",
  3376. "advapi32.dll.ReportEventW",
  3377. "advapi32.dll.DeregisterEventSource",
  3378. "mso.dll.#816",
  3379. "mso.dll.#2620",
  3380. "shell32.dll.SHGetKnownFolderPath",
  3381. "mso.dll.#9748",
  3382. "mso.dll.#3496",
  3383. "mso.dll.#2901",
  3384. "mso.dll.#7830",
  3385. "mso.dll.#5396",
  3386. "mso.dll.#6895",
  3387. "mso.dll.#8986",
  3388. "mso.dll.#7945",
  3389. "mso.dll.#988",
  3390. "mso.dll.#5177",
  3391. "mso.dll.#3334",
  3392. "mso.dll.#7320",
  3393. "mso.dll.#9639",
  3394. "mso.dll.#9436",
  3395. "mso.dll.#5541",
  3396. "advapi32.dll.GetFileSecurityW",
  3397. "advapi32.dll.SetFileSecurityW",
  3398. "advapi32.dll.GetSecurityInfo",
  3399. "advapi32.dll.SetSecurityInfo",
  3400. "advapi32.dll.GetSecurityDescriptorControl",
  3401. "mso.dll.#2955",
  3402. "mso.dll.#1914",
  3403. "mso.dll.#1401",
  3404. "mso.dll.#5919",
  3405. "mso.dll.#4597",
  3406. "mso.dll.#7189",
  3407. "mso.dll.#2738",
  3408. "mso.dll.#8691",
  3409. "mso.dll.#6079",
  3410. "mso.dll.#7167",
  3411. "mso.dll.#333",
  3412. "mso.dll.#1785",
  3413. "mso.dll.#8693",
  3414. "user32.dll.RemovePropW",
  3415. "mso.dll.#5973",
  3416. "mso.dll.#2014",
  3417. "mso.dll.#9668",
  3418. "mso.dll.#2294",
  3419. "advapi32.dll.RegDeleteKeyW",
  3420. "mso.dll.#235",
  3421. "mso.dll.#9398",
  3422. "mso.dll.#1442",
  3423. "mso.dll.#4388",
  3424. "mso.dll.#8022",
  3425. "mso.dll.#6889",
  3426. "gdi32.dll.GetTextExtentPointA",
  3427. "user32.dll.MessageBeep",
  3428. "user32.dll.DialogBoxIndirectParamW",
  3429. "comctl32.dll.RegisterClassNameW",
  3430. "uxtheme.dll.EnableThemeDialogTexture",
  3431. "uxtheme.dll.GetThemeBool",
  3432. "user32.dll.GetDlgItem",
  3433. "mso.dll.#6900",
  3434. "user32.dll.CallNextHookEx",
  3435. "uxtheme.dll.BufferedPaintInit",
  3436. "uxtheme.dll.BufferedPaintRenderAnimation",
  3437. "uxtheme.dll.GetThemeTransitionDuration",
  3438. "uxtheme.dll.BeginBufferedAnimation",
  3439. "uxtheme.dll.IsThemeBackgroundPartiallyTransparent",
  3440. "uxtheme.dll.DrawThemeParentBackground",
  3441. "uxtheme.dll.GetThemeBackgroundContentRect",
  3442. "uxtheme.dll.DrawThemeText",
  3443. "uxtheme.dll.EndBufferedAnimation",
  3444. "user32.dll.GetDlgCtrlID",
  3445. "advapi32.dll.RegDeleteTreeW",
  3446. "xmllite.dll.CreateXmlReader",
  3447. "user32.dll.IsDlgButtonChecked",
  3448. "user32.dll.EndDialog",
  3449. "uxtheme.dll.BufferedPaintStopAllAnimations",
  3450. "uxtheme.dll.BufferedPaintUnInit",
  3451. "user32.dll.UnhookWindowsHookEx",
  3452. "user32.dll.SetActiveWindow",
  3453. "mso.dll.#3144",
  3454. "mso.dll.#1213",
  3455. "mso.dll.#4220",
  3456. "mso.dll.#3214",
  3457. "mso.dll.#6521",
  3458. "mso.dll.#6489",
  3459. "mso.dll.#613",
  3460. "mso.dll.#1541",
  3461. "mso.dll.#4702",
  3462. "mso.dll.#6344",
  3463. "mso.dll.#9099",
  3464. "mso.dll.#8320",
  3465. "mso.dll.#7770",
  3466. "mso.dll.#6216",
  3467. "gdi32.dll.CombineRgn",
  3468. "user32.dll.CopyRect",
  3469. "gdi32.dll.SetStretchBltMode",
  3470. "user32.dll.UpdateLayeredWindow",
  3471. "mso.dll.#1003",
  3472. "mso.dll.#978",
  3473. "mso.dll.#8172",
  3474. "mso.dll.#9663",
  3475. "mso.dll.#7165",
  3476. "mso.dll.#9693",
  3477. "user32.dll.EnumThreadWindows",
  3478. "user32.dll.EnumWindows",
  3479. "user32.dll.GetLastInputInfo",
  3480. "ws2_32.dll.#116"
  3481. ]
  3482.  
  3483. [*] Static Analysis: {}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!