Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: ""
- [*] MalScore: 10.0
- [*] File Name: "Docs_e5eedd3ea0def63d52e914333dca815e.doc"
- [*] File Size: 8415
- [*] File Type: "Rich Text Format data, version 1, unknown character set"
- [*] SHA256: "8c07015c98ec99493424994b5cca09cde9d4d80a6c2f97f970ef3c17858b3e35"
- [*] MD5: "e5eedd3ea0def63d52e914333dca815e"
- [*] SHA1: "f09b5e1569b204eea1768e0ebabd693473fa129b"
- [*] SHA512: "1d708b39855aecfb9728acb5fefde8d34a0ac837ee2b41134bc965a1bccfa01e56ffffb936499128df7cb6c36c12867576c741b228817977a0ed46b060cf76e4"
- [*] CRC32: "602A1FFF"
- [*] SSDEEP: "96:TW5BRvxnylMGUCtwE6STfu0kpMj2yhtIAK8IxlyF:WJxnylMGUCiqMpMj2yhh+C"
- [*] Process Execution: [
- "WINWORD.EXE"
- ]
- [*] Signatures Detected: [
- {
- "Description": "A process attempted to delay the analysis task.",
- "Details": [
- {
- "Process": "WINWORD.EXE tried to sleep 306 seconds, actually delayed analysis time by 0 seconds"
- }
- ]
- },
- {
- "Description": "Attempts to connect to a dead IP:Port (8 unique times)",
- "Details": [
- {
- "IP": "52.109.6.40:443"
- },
- {
- "IP": "65.52.98.231:443"
- },
- {
- "IP": "104.93.33.19:443"
- },
- {
- "IP": "104.93.189.220:443"
- },
- {
- "IP": "52.109.92.24:443"
- },
- {
- "IP": "184.84.243.209:80"
- },
- {
- "IP": "72.21.91.29:80"
- },
- {
- "IP": "104.18.25.243:80"
- }
- ]
- },
- {
- "Description": "At least one IP Address, Domain, or File Name was found in a crypto call",
- "Details": [
- {
- "ioc": "ontent.inf"
- },
- {
- "ioc": "rocess.glox"
- },
- {
- "ioc": "gb.xsl"
- },
- {
- "ioc": "ist.glox"
- },
- {
- "ioc": "ext.glox"
- },
- {
- "ioc": "ccent.glox"
- },
- {
- "ioc": "chicago.xsl"
- },
- {
- "ioc": "iso690.xsl"
- },
- {
- "ioc": "sist02.xsl"
- },
- {
- "ioc": "pictureorgchart.glox"
- },
- {
- "ioc": "rid.glox"
- },
- {
- "ioc": "..3b"
- },
- {
- "ioc": "chevronaccent.glox"
- },
- {
- "ioc": "ieee2006officeonline.xsl"
- },
- {
- "ioc": "e.gu"
- },
- {
- "ioc": "rame.glox"
- },
- {
- "ioc": "rc.glox"
- },
- {
- "ioc": "architecture.glox"
- },
- {
- "ioc": "gostname.xsl"
- },
- {
- "ioc": "mlaseventheditionofficeonline.xsl"
- },
- {
- "ioc": "nline.xsl"
- },
- {
- "ioc": "harvardanglia2008officeonline.xsl"
- },
- {
- "ioc": "adial.glox"
- },
- {
- "ioc": "content.inf"
- },
- {
- "ioc": "etropolitan.thmx"
- },
- {
- "ioc": "set.dotx"
- },
- {
- "ioc": "ividend.thmx"
- },
- {
- "ioc": "rame.thmx"
- },
- {
- "ioc": "eadlines.thmx"
- },
- {
- "ioc": "rop.thmx"
- },
- {
- "ioc": "adge.thmx"
- },
- {
- "ioc": "uotable.thmx"
- },
- {
- "ioc": "erlin.thmx"
- },
- {
- "ioc": "ype.thmx"
- },
- {
- "ioc": "ircuit.thmx"
- },
- {
- "ioc": "g.n9"
- },
- {
- "ioc": "avon.thmx"
- },
- {
- "ioc": "roplet.thmx"
- },
- {
- "ioc": "eathered.thmx"
- },
- {
- "ioc": "vent.thmx"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
- },
- {
- "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
- },
- {
- "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
- },
- {
- "url": "http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
- },
- {
- "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
- },
- {
- "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
- },
- {
- "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
- },
- {
- "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
- },
- {
- "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
- },
- {
- "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
- },
- {
- "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
- },
- {
- "url": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe"
- },
- {
- "url": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes"
- }
- ]
- },
- {
- "Description": "A document file initiated network communications indicative of a potential exploit or payload download",
- "Details": [
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\xab\\x922v7\\xffg\\xbb#\\xed\\xf9+\\xeb!b`y\\xe2\\x17d\\xe2\\xf0l\\xd4&\\x88#\\x99\\xbc\\xbehk3~)\\x16bzr1\\xe0i\\xd8\\xacc!\\xeb\t#t\\xcb\\x94p\\x0b0n=\\x19\\xcfo\\xb6\\xc5\\x92\\xdae\\x8d\\xf3\\xb5\\xbbw6\\x8ab\\x81\\x9b\\x14q\\x02\\xf8\\x9b\\xf9\\x14\\xafy\rb\\x93\\x18\\xd4g\\x15\\x98~\\x91\\xb9\\x1c\\xd22!s\\xb4\\xd0\\x8b\\x19\\xe6}c\\xa4\\xe9i\\xcc\\xfb\\xdec\\xe5\\x06\\x8a\\xfa\\xb1t\\xa9\\xb9s\\xb0j\\xa9@t\\x8b\\x85\\x19t\\x18\\xb4\\x9f\\xa7w\\xcd8\\x0f\\x0cl\\x1ao\\x9e\\xe7\\xc6m\\x93\\xeb\\x9b)\\x01\\x02)\\xc9\\xb3\\xe7\\xaa\\x00\\xaa&\\xb8m\\xe64\\x13p\\xc2o\\xc2p\\xce\\xaf\\x8c\\xe9r\\xaf\\x1ar\\x12\\xdbj\\xc6\\x84#\\x0e/\\xda\\x7f\\x8f\\x84,\\xcc\\xbd&\\xd2\\xefv\\xc8\\xceh\\x922\\xd1q\\x06\\xf4\\xa9vk\\x1cep\\xa7\\x8b\\xa0\\x7f:\\xb7j\\x96>\\xa0\\xab&\"\\xe3\\x0ch\\xf6i\\x9a)\\xee\\x11\\x1b\\x0f\\xb5\\x9c\\xf9|f\\xcd\\x1f\\xffj\\xf0<d\\xf3"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00~\\x01\\x00\\x00z\\x03\\x01]\t\\xf7\\xf5a\\xc9\\xc2\\xf0e\\xa8\\xb4\\x9b\\x1e\\xb8\\xa4\\xb0k\\xae\\x04\\xd4\\xd1\\xb4w\\xc1\\x16\\xdc\\xb9hm\\xa6\\xaa\\xd1\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x009\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00 \\x00\\x1e\\x00\\x00\\x1broaming.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xb5\\x8c\\xac\\xe8\\xe7\\xa8\\xb3\\x14j\\x02x\\xde:v\\xb2w\\xe1u\\xbey\\xab|\\xba\\x0b\\xdf\\xc7\\xf7p?\\xfdi\\xa7\\xf5\\xce-{l\\xe2m\\x17\\xe7'\\x10&\\xd4\\x08!\\x8a\\xdbb\\x14\\xc1\r\\xdb\\xd1]x\\xc4\\xb8\\x8d\\xe1v'\\x9f\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xd3\\x1c;\\xcco\\x9d?\\x1b9r\\x05o\\x02\\x04j\\xcb\\xc7\\xd9 \r\r?!%8+\\xd7\\x86qn\\\\xf0u\\xe6\\x8dn\\xe0\\x89\\xd5\\xad=\\x03\\xe0\\xc6d2\\xf3="
- },
- {
- "http_request": "winword.exe_WSASend_get /mfewtzbnmeswstajbgurdgmcgguabbtbl0v27rvz7lbduom%2fnyb45spuewqu5z1zmijhwmys%2bghunoz7oruetfaceai4elabvpzalrznpjlrv1u%3d http/1.1\r\ncache-control: max-age = 89056\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: fri, 22 mar 2019 18:30:24 gmt\r\nif-"
- },
- {
- "http_request": "winword.exe_WSASend_get /mfqwujbqme4wtdajbgurdgmcgguabbrpc1vzt9qvn7bzy3iidtbhla4mkqquwiif1tycsck3fd7%2fhijo5ox%2f%2bn0ce3saagyvv14%2fmepdgh0aaaaabk8%3d http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: sat, 23 mar 2019 17:46:18 gmt\r\nif-none-match: \"dd54d75d468"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p}\\x8f@i\\x7f\\xe4\\xc1\t}ka\\xf0\\x936\\x9f@\\xc1\\xea\\xcba\\x11tt\\xb2\\x9bzh8 h\\x89\\x08\\xf8r$\\xb9\\x95<@\\xfd\\xbb\\x1c\\xf2\\x16x\\xdd\\xf3)\\xe62\\xf6\\xb1(\\xa4\\xd5\\x04\\x07\\xafp|\\xb2\\xe5\\x9bw\\xa2\\xeai\\x11\\xaf\\x86g\\xa3bklb\\xb4`bia\\x0e\\xfe\\xd6\\xe2\\x94\\xdc/\\xfbb\\xfb\\xf9-@\\xb5~\\xf0\\n\\x93\\x86\r\\x1b\\xf9\\xa0\\xdek\\xe1\\x84\\x1f\\x94\\x9d\\xcb\\xfb\\x1f\\x81;\\xb33\\xf8\\x05\\xfa\\xd3\">\\xbes\\xe1\\xf6v_\\x1ea\\xab\\x01\\xf5\\xcc\\xd1\\xc8@\\x86\\xf6\\xac\\xc6\\x05\\xec\\xcb&%\\x8b'\\xb4\\xfcl\\x01ij\\xc1\\x1e\\x86\\x0e\\x8d\\x81\\\\x11\\x06\\x13\\x87\\x08\\xce\\xb4\\xa8\\xaa\\xfc_\\xdd\\xf6\\xc1^r3hg\\x0c\\x18k:\\xedm\\xac6o?\\x1a/\\x12\\xbc\\xa3{6*[\\xb9\"3xo\\xdah,\\xa9[s\\xcc \\xd8\\x1d_\\xc2\\x88k\n\\x83\\xfe\\xa4\\x87s\\x1dhi\\x1a&\\xd9\\xd53l^\\xb4\\xf0j\\xe4ft-d\\xa3\\x85\\xec\\xa9\\xc9\n"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x02 \\x1e\\x8c\\x92b\\x0b-d\\xf8\\xb3\\xbd\\xa9\\x8e\\xa6wb6\\xd6l\\x8f\\x1et\\xae\\xae6je\\x1d\\xd8.e\\x04v_v\\xd3\"r\\xee\"\\x9c\\xa5\\x0c\\x90\\xcanp%\\xa3)\\xd9\\xfd\\xbd\\x1avi\\xdc\\xa7\\xcb\\xdcb\\xe3%-\\x85\\xd2\\xe0\\x94d|\\x02p\\xced\\x9a\\xb7!\\xec`@\\x02\\x9b\\x86\\xe9\\xacx\\xf4x\\xf4\\x89)=*\\x8d\\x17\\xb4\\xdb\\x88\\x7f\\x10\\x90\\xec\\x82\t!~o\\x7f\\xb9\\x0e \\xa7y\\xffi\\x197\\x92l\\x84\\x0c\\x89'\\x90\\xfa\\xa3c\\xe3b\\xfc\\x0f\\x80\\xfd\\xd5n\\x10\\xc5\\xb9\\x18\\xb6kk\\x1b\\xc4\\xc7 2z'qmn\\xbdg\\x1d\\x0e\\xe9\\xa7\\xee\\x89j\\xc1\\xe9\\x91\\x82\\xd9\\\\x8bj\\x93\\x151\\xb5(\\x9ck\\x91\\xb8k\\x88\\xb5\\xd5\\x0c\\u@w\\xcbo\\x04v\\xb3y\\xc92s\\xce\\xa39\\x0f\\xd09\\xf0\\x9b8r\\xc6\\x9a\\x96?\\xf2p\\xfa{\\xbe\\xa6\\x90b\r\\xb2\\xfb\\xb5nx\\xa4\\xe4\\x86v'mo5\\x8bb^\\xfd<b\\xcb\\x97\\xdc\\xbe\n,[\\x05\\x16+\\x1c'o\\x8b"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00z\\x01\\x00\\x00v\\x03\\x01]\t\\xf7\\xfd\\xbe\\x80\\x8ba<\\xf1\\xe2\\xa2\\xc16\\xc2>\\x05\\xbb\\xb1\\xdd\\xf7$\\xbf\\x80\\xb5s\\xc17\\x9f\\x9ft\\x98\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x005\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1c\\x00\\x1a\\x00\\x00\\x17odc.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00}\\x01\\x00\\x00y\\x03\\x01]\t\\xf7\\xffd\\xa2\\xc2\\xa5\\xf8\\xd6+\\x03\\x03\\x9e\\x1a$\\xfc\\x92\\1\\xa0e\\x10\\xee\\xeex\\xc8\\xcf&\\xd6y\\xa5\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x008\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1f\\x00\\x1d\\x00\\x00\\x1atemplateservice.office.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04n\\xc0\\xedb\\xcae:\\xc1\\x07\\x0c\\x17\\xfd\\x06\\xdb\\xd4q\\xf6|\\xa9\\xa1v%\\xb80\\xbbe\\xb4\\x8e\\xe8\\xb2\\xe1~%\\x12\\xa0\"fn\\x0f>p]~\\x06\\x9a\\xd5\\xcbvz4\"sr\\xb4\\x07\\xc4j\\xa8\\xcf\\x06\\xd6<\\xc5>\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x84\\xab\\x8c\\x08]\\xc2\\x98\\xeb\\x02\\x9c\\xbe)\\x05\\xc5\\xf5'\\x9f\\xa1\\xedp~\\xeb+\\xe0\\xb6x\t\\xca\\x1f\\x02r\\x91\\xbf\\x1e;\\xef`\\x86\\x1b\\x12\\x8d\\x9a\\xb6\\xbdn\\xf3\\x8f\\xf0"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\xd8\\xed\\xce\\xf0\\x9c\\xbcrd\\x8cik\\x8ak\\x98)\\x848\"\\xf2\\xf7>\\xa1\\x9d\\xcas,\\x9d\\xfb_\\xe2\\x8e\\x9bo\\xc5\\x192\\xe9\\xdc\\x8ek\\x96\\xca\\x124qq\\xab5\\x9e@\\x9f\\xbfs\\xda\\x9b,\\xa2\\xf7&u\\x08\\x04\\xe9\\x90rtm\\xbb\\xac\\x8fqua\\xf8(\\xc4\\x9b\\xf2\\x872\t\\xe30\\xdc\\x8db|\\xf5\\xe4\\xbf\\x1ab\\xf0\\xb2\\xb2\\x9b\\xee\\xe3vwh\\xa8\\xa4-\\xb9\\x1e\\xd0\\xbd+\\x84\\x99\\xef\\xa0j\\xd1\\xa2\\x0f\\xff;&\\x01\\xc4\\x89\\xd5\\x0e\\x93\\x08\\x87\\xfbqlj\\x14\\x13\\xd66\\x9cm\\xd4!\\x0b\\xaf\\x98\\xe5\\xd0\\x1bf\\x12\\xb4\\x98f\\x00\\xecn\\xe8\\x1f_\\xe3:z\\xd7\\xe0\npg\\xb9\\xb0c6.\\xc8\\x17c\\x0fq\\xe4\\x1f\\xa9\\xc3$r\\x84jr\\x00\\xd9\\xe2\\x1b\\xf4:\\x08\\x0e\\x0e\\x8b<;j\\xd5\\x913\\xa5\\xf7=\\xa0\\x7f\\xb3\\xb6\\x1d\\xb0\\x91\\xa5\\xba#\\xee\\x9a\\xbd\\x17\\xc6\\xe2\\xce\\xe3`p\\xb1\\xaa\\x05\\xd7\\x17j\\xba\\xa7\\xd1\\xee\\xb5i\\x80\\xd2|\\xf9\\xc2\\xc0_\\x96@jx\\xbchj\\x13("
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00b\\xf0\\x01\\xba\\x12\\xeci\\x19\\xc7s\\xcb+\\xa0\\x82w\\x0b\\xfe\\xec\\x14\\xeapq\\xa6onh\\xe8n\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xdd^\\x1ds\\x1e\\x11m\\xe5\\xe1\\xc7\\x06\\xd0\\x0f\\xb4\\xd5d7\\xad\\xba\\x1e\\xbf\\xe4+\\xe7m(\\xa3\\xb5\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00)\\x11\\xbe\\x8dv\\x03\\x10\\x0f\\xcf\\xf8\\xc6\"l\\xed\\x13\\x16g\\x81\\x8c\\xcao\\x921#\\xadrl=\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xf4\\xcf4\\xa3\\xd4\\x88\\xb4\\x85\\xbci!\\xc2l\\xcc\\x87\\xe8\\x04\\xe4\\xbe\\xb6k\\xbb\\x9d\\x18\\xd3\\x15\\xd7\\x19\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xfb6\\x98\\x87\\xbed\\xea\\x8d\\xb9ru`\\x0c\\xafw\\xa4z\\xe0\\x03\\x8d?\\xae\\x08,\\xc1\\xa5\\xac\\x19\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00j\\x9b\\x92\\xaa\\xe2\\xe1\\xd1\\x84\\x03\\xe3\\xb8d\\xfd\\xf6;\\x00\\xf1]h\\x97w\\x8d\\xe5\\xe0\\xbc7\\x0c\\xe3\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\x93 \\x04~z\\x99n\\xcb\\xf5<.\\xb2\\xb5.\\xe8j2\\xa0\\5og]\\xed\\x1d\\x9f\\x8e\\xd0\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xe3bf\\xa3'\\x87\\x98\\x15@\\xdb\\x13\\xfe\\xa649\\xc7\\?y\\xbb8@jg\\xac\\x98i\\xfe\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xdc\\xa3u4\\x80=w>\\xb0{\\xc5w\\x86\\xde\\xd6\\xcb\\x8e\\xf3\\x89\\xba\\x0b\\x96\\x8e\\x82.w\\x91\\xc6\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00m\\x19\\x10\\xb0u\\xb2\\xc4(a\\x1d\\xaa\\x15\\x11\\xe4\\x0e;\\x98\\xd2q\\x9f\\xa5\\xbe\\x7f\\x98\\x96\\x96`\\x82\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00g\\xd4:\\xc5\\x86\\xb07\\x82\\xfd1\\x82\\x17\\xe6z\\xb1\\x0e7\\xc7g\\xd7\\xd7\\xcf,p\\xff\\x96\\x00\\xe5\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xf4\\xe3\\xb2\\x7f\\x1b\\x02\\x98\\xdb\\x85\\\\x11v\\xd0<w*\\x9c\\x06a[8\\x898\\x96ii\\xb3\\xab\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00q\\x7f\\xd3\\x9e\\x91\\x8a\ti\\xa1\\xdap\\xa3\\xcd\\xc2/\\x8e\\xbf\\w\\x18\\xd9ai\\xf7\\xc4]\\x92\\x05\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00:\\x8b>i\\x0ea\\xd1\\x80\\x0c/\\xd5\\xe7%\\xe3t-\\xb8\\xe5\\x89%']of 4\\x88\\x97\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\x15te\\x95p\\x97fh\\xf1\\xed\\x0e\\xf8\\x8de\\xe2\\x11\\xe7\\x1b\\x8b\\xc8\\x87v\\xda\\xf5xg\\xa7\\x95\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xec.\\xfe\\x83u\\x90\\xe8\\xa1eb\\x15x\\x02\\xbf\\xbdl\\x9fksi\\xeb\\xb7\\x13\\xa0.\\xac0\\xcc\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00oh\\x81qy+&d\\x03\\xe7i\\x03\\x9bf\\xa8*\\xfc\\xd5\\x84\\xc4=\\xc8\\x95\\xe62\\xed\\x8dg\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00a!^\\x8f\\x88\\xdd\\x85c\\xe0\\x8a\\x02\\x9e&\\x82\\xd5\\x9b(+u\n\\x8ews\\x10y\\x9f\\xfcd\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\x97\\xb7<+\\xd4\\xa7\\xf6\\xf6\\xe8]\\xe1\\xea\\xaa\\xec\\xa3l\"\\x18z\\xefx\\xf2{\\\\xe4\\xf2\\xa1\\x1b\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xcc;n\\x1f~0b\\x861\\xd2\\xdd\\xee\\xce\\xcc\\x0bgh#\\x8c\\xe4\\xd0\\xa4c\\xe67\\x9e\\x0b \\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xd84)\\xad\\xa7\\x7f\\xbb\\x84\\x1f\\xd3\\xe4\\x83i\\x98\\x8d7\\x85\\xf9\\x86j\\x82\\xf6\\xafi\\xc8a\\xd9\\x1c\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00k0\\xd0\\xac\\xc3g\\xfb\\xcd\\x0b4\\xecr\\x1c\\x92<h%?\\xc6\\x80\\xd1\\x86zq\\xeas\\xf1\\xaf\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xc3\\x98\\xf0\\xa9\\x96\\xac$1v\\xa2|i\\xefuq\\x10\\x81\\xe5x\\xdfms\\x98\\x99;o\\x83o\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xc4_\\x85\\xfe\"\\xf3\\xa8y\\xb6y\\xa8\\x99[\\xc8r\\xbb\\x8a\\xe5rg\\xe1\\x0c\\xbac\\xbcm\t\\x1c\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00r*\\xd4&\\xe5u\\x0b\\xe8\\x9b[\\xad\\xc5l\\xa8\\x0e?\\xa1\\x97\\xa3b\\xfb$\\x10\\xea`\\xe1\\xe9t\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00r\\xbf\\x17\\x00i\\x84:msi\\xd3\\x9e\\xeac\\xed\\xd0w\\xc6\\x01ip\\x88s\\x184\\xac\\xe3w\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\x12hq\\x19\\x17\\x1b\\xe4,j\\xb0t\\x10p\\x9d\\xb1&\\x9a\\xb0\\xe4[\\x92<\\x80l\\xbe\\xb1\\xd3\\xcb\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xed\\xde(:\\xb41\\xd4a\\xf2d.\\xf5;\\xf1\\xf9\\x9a\\x1a\\xda7\\xb5\\x0fj\\x80\\x08\\xac2\\x8b\\x8c\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\x1e\\xc1\\x9b;~o,\\x06\\x89\\xa0\\xca[xd\\x1c\\x04\\x8b\\xc9\\xc3\\xe3\\x9c]\\xe4n9\\x0bc\\xff\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\x8b\\x90\\xf2v9\\x06\\xe7\\x8a\\x93d\\x8f\\xef\\x94}x\\xc6\\xfa\\xe0_\\x8bq\\x00f}\\x84v\\xa8\\xeb\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\x17\\x83\\x81\\x03\\xb9\\xd2q\\xbb\\xb4l\\xd4r\\xac\\x16w-\\xab\\xa2k\\x831c\\xcfp\\x9ft]\\xc7\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00zbj_\\xb1u\\xb7\\x97\\x0cj)\\xf9\\x9b\\xd3p\\xc6\\xab7\\xc2\\x88\\x13\\xd9\\xc1k\\xfcc5t\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00w0ec\\x83o\\x8ap\\x84\\x97\\xc7\\x02\\xbb\\xbf\\xd9\\xb7\\xbbg\\xdd\\xc7\\x8f0\\xe4?\\xee\\xfe\\xe7\\x1f\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_*\\x00\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00mp\\xef\\x0e\rn\\xd6\\x0f$\\xd0\\xea_4\\xd7\\x94$\\xb6\\xf6c\\xc4\\xe3p\\xf7\\x0f\\xe8\\x01\\x8b\\xdc\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04:ph\\xc3\\\\x99pa\\x9d\n\\xac\\x8e\\xd6\\xcf\\x01,(\\x1afm)\\x19\\x8ay\\x0c\\xc2\\x9d\\xb1\\xe1\\xa3\\x07\\xbd\\xd9\\xeb\\xc76fb\\x8c\\x91\\x9c\\xb7\\x01\\x18q\\xe9\\x93l+lc\\xbd\\x92@8\\x85\\x19&]\\xf4\\xa6\\xf6\\xea\\x18\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000:\\x90~\n\\xb7p{\\x96\\x9fvd\\xc1\\xf9\\xe165\\x9b8\\xb4\\x07(\\xd8\\x9f\\x0fo7e6\\xf3\\xb0m\\xa0%\\x06\\xd1p\\x99\\xf8c \\xc0o\\xc9/\\x00\\xad/\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04%\"\\x9cw\\xed\\x9c'\\xa9\\xbf\\x93&\\x93\\xd0\\xc73\\xa8\\xd5wlh\\xfag\\xbd[jo\\xdf\\x92\\xa6a\\xe2\\xd8\\xe1t'!\\x950\\xeb\\xed\\x17\\xcb;iu0\\x1c\\xe9\\xa4 \\xfd:6\\x01\\x7fq\\xf7\\xa6\\\\x02\\x9ah\\xe3\\xf2\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x1d\\xaet\\x92\\j\\x14\\x9f\\x9a\\xf8\\x9f\\x0cx^\\xdf\\x87|\\x08\\xc8\\xd81\\\\x02\\xf9u\\x9c\\xaa?\\xe5f\\xaae\\x0fv\\xbc\\xcb\\xc7w\\xdeen \\xdf\\x8dyc2\\xcd"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04e\\xff%\\xd0\\xdb\\xd1\\x8c\\xa7g\\xc2\\xc3h9\\x17\\x8c\\xb7\\xc0\\xa6\\xc8\\xb6c:\\x1f9c\\x10\\xf1\\xe0|\\xe4\\xe3\\xc8k\\xd6\\xb5\\x9b\\x86\\xc1\\x16h8\\x00\\x15\\xc6\\x9ed\\x87\\xb3,\\xb0l[@\\xc7\\xd8\\xb6\\x86\\x1a\\x83\\xda\\xe3\\xf3\\xc8\\x0c\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xe3\\xd8\\x80\\xb2q\\x83\\xc3\\xdb\\x81\\xf7\\x83\\x9f\\xee\\x8a\\xc4\\xe6\\x069|\\xd8\\x9fk\\xa1\\x1c\\x1ae\\xee\\x9b\\x00\\xd8\\xcej\\xfe\\xbd\\xb51\\xb6\\xbe \\xd1\\x8f\\xd0\\xfc\\\\xcfb\\xad\\x95"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xb7\\x11\\x11\\x9d\\xae\\xe9\\x1d\\x12\\xb3jj\\x16\\x8a\\xe8\\x8e\\xa8\\xc4e\\xbbu1\\xe6\\x02\\xa3s\\xd3\\x85\\xd4\\xd3\\x8d\\x84\\x93\\xea\\x9a!\\x80^c\\xd7\\xb2b\\x01\\xaf\\x13\\xfc2\\x1bl\\xedc\\xbbui\\x83\\xbboo\\xc4o\\xc0\\x8a\\xaci6\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x12\\xd9\\x90?b\\xd3z|8k\\xb57ko\\x03\\xa1\\xd4\\xa4\\x8c\\xd5\\xf5]\\x81^\\x8dq\"\\x98\\x04\\xb5\\x0e\\xcb\\xe2\\xc9\t\\x7fu\\xea\\x1d9t\\xa7\\xae~\\xad\\xa3ah"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x042\\xd8\\xed\\\\x86\\x91\\xa9l\\xd8\n\\xe7\\xbd\\xb5q2\\xbd\\xa56\\x9d\\x10\t\\xfe}\\xdf3\\xa8\\xda.\\xb00\\x9a\\xcb\\xb5\\x1b\\x827\n\\xe1\\x80\\x00\\xd9\\xe3=@{l\\x0b\\xd9\\xbf\\x841z\\xf3\\xdf\\xe88\\xe9\\xf6w32\\xf1\\x1b\\xc4\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000>#\\x1f\\xad\\xf7\\xa6\\xe0\\x1c\\xd7\\xcajf\\x18o\\x8e~}\\xb0p\\xd0\\xfb\\x0fj!/\\x1e\\xd8b)\\x82\\x95\\x03\\xf5\\x07\\xee\\x13\\xa2\\xc8\\x9fr\\xb3^ k\\xb8\\xe5:\\x0e"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04,\\xc6\\xad\\xe4\\xe7(\\x07%\\xe5\\x02~c\\x16\\xb34\\xa7\\x9c\\x9f\\xeae'\\xe2#\\x08e<\n6v\\xec*\\xc9\\xee\\xe7n\\xeb~\\xaab\\xebmf\\xab\\xc7\\x98zb\\xa1k\\xb6 ,\\xbba\\x0c\\xb0\\xe6\\x97\\xb2}\\xae\\xf7\\x9ex\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x91\\x9f$\\x922_\\x9d\\xd0\\xb9[c\n\\x19\\x10\\xe5't\\xd0\\xd1\\x84\\xff\\x06f\\xf9\\xf0\\x13\"\\x8b\\x83`\\xf42\"\\x19l\\xc1\\xb49;\\xf1@\\xc48\\x97\\x97\\x19r\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xdb\\xff%\\xbc\\xd5\\x03di\\x14\\xc6\\xc2s\\x9ao\\x05\\x8c\\xd4\\xe8\\x12n\\x0ek\r(\\xabf\\x11\\xb9\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04w3\\x11\\xf0\\xa7\\xfe\\x01\\x9e\\x16\\xb6\\xc8\\xed\\x9d\\xdbz\\xe3\\xae\\xdc\\xb7\\x06\\xc3\\\\x10\\x0c?&yb\\xc2e\\xe2\\xc3\\x0cq\\x93\\x14\\x84\\x03\\x14\\x9a\\xc1\\x93\\xfd\\x01e?\\x0f\\xd9\\xbak\\xb8\\x8d\\xab\\xc6\\x01\\xa0\\xef\r\\xaf\\x98\\xc2\\xc5\\x9a\\xdd\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000}\\xd3\\xa5\\xa1n\\x9dk\\xf2bu\\x92'\\xcb\\xb3\\x07\\x1c\\xe4\\x8d\\xc8gc\\xe5\\x0f\\xc5\\xb9\\x13\\x00+\\xdci\\xb5-\\xa2thp\\xfa`\\xefn\\xd2\\x9d\\x99\\xbb\\xcba\\xb3\\x0e"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04h\\xe7]\\xb2\\x99\\xa8\\x0e\\xbd\\x95tl^\\xac\\x80#\\x03m\\xef\\x05!6\\xa8*s0\\xba\\xd2s\\xea\\x03\\x95\\x05\\x8ee\\x9b\\xc5he\\x9d\\x05\\xec\\x99\\xe5h\\xa9\\xbbi\\xcfap\\x92\\xba\\x87\\x02\\xf6\\xd6\\xfd2p\\xf5\\x0b\\xa0\\x92\\xcd\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000i\\xeb,\\xc0/\\xa0st$\\x86\\x1c_\\xe8m\\xb1\\xf8\\x8f\\x85\\xa2\\xfc\\x02_\\xdb\\xd6\\xc5io}\\xb1\\xe4k\\xa1i\\x03hj\\x0f>\\x8e^\\xd5\\xf4\\x1f\\xe8u>\\x83\\xc2"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x8c\\x8de\\xc5\\\\xf3\\x18\\xde^\\xd5\\xb8\\xe0\\x02\\xdbt4\\xa4\\xc4\\xb3'\n\\xdb\\x0c\\x19\\xab\\x80\\xbf\\xc3\"\\xe7\\xdd\\x04\\x80q\\x85\\xcd\\xd1\\xach\\x81]\\8+\\x87!\\xba\\xf6r\\xc3\\xeass.\\x19\\xd5ja\\xdf\\x9a\\xce\\x96z\\x05\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xff\\x00\\x00\\xa8\\xb0|}\\xefs\\xf6(\\x85\\xd3\\xa1\\x03\\xfa\\xf3(\\x9b x=\\x90/\\xbf\\xf4\\xb6!\\xb00qg\\x9e\\xb5\\x18\\xc4\\x0f\\xca\\x8b\\x05\\xe1\\x0e\\xc7\\x93\\x1fq\\xa8("
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04&\\x04\\xcb#\\x0fd\\xedp\\x7f\\xea\\x026@\\xbc\\xe1\\xb7\\xf6\\xaf\\xc7\\xe2\\x1a@\\xad\\x95\\x97ot*.\\xcb\\x16h\\x933\\xd5\\x95=et\\xcc\\xbb\\xe5\\x89z)k\"\\x95\\xf7\\xb4h\\xa2w\\xf8f\\x86\\x1d\\x14\\x12\\x06\\xb5\\x0f\\xd9v\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x0003\\x8ehm\\x8f\\xa8\\x89\\xfe,\\xda_\\xc5j\\xe8@3\tm=\\xa3\\xfb\\x14\\x956\\\\xb9\\xe5h\\xdf\\xee7\\xd2sj\\x0ci\\xf6\\xfa\\xfb\\x1fa\\xfdm\\x16\\x13\tc\\x11"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xe7wh\\xff\\xca\\xafq0\\xfb\t\\x95\\xc6\\x13\\x8a%\\xe1\\x8cz\\xb5f\\x0b\\xc6\\x90/\\xc6\\x9b\\xfe\\x9e\\xba\\x01\\xe6\\x0c\\x88\\xd6\\xe0@v8k;d\\x0b\"%\\xd8d0<\\x8e\\xbf\\x17lx\\xbe\\x08}\t!x\\xfa\\xa9\\xdf\\xe3\"\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000@\\x162\\xe2\\x84`\\xe7\\xa3\\xc7z\\xd3s\\xdfa\\xd9\\x9e;\\xb2\\xd9g_\\xf6\\xbc\\xe7\\xdc4de(\\xd9\\xfb\\x0f\\x18de\\xc7\\x16\\xcb\\x01\\xc0\\xc31?2)bzy"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xa0}s\\xa6\\xb4d\\xb9\\xb1d\\xcbl\\xb5\\xb7\\x1e\\x86m.\\xf0\\xf2$\\x99\\xe2yhus\\x96r\\xfd\\x83\\xa3c\\x16\\xfb\\xe2\\xb4\\xb5\\x0cnn/\\x03\\xf7\\xe7\\x7f\\xeb\\xe4=a\\xa4\\xeas\\xae\\x14s\\\\xcb\\x9e\\x9b\\x9cf\\xb0\\xdap\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x96g\\xcf\\xc0\\xfc>e+a\\n\\xaf\\x02\\x14\\x07\\xae\\xabu\\x06 y\\x8c0\\x8bx#`\\xf8e\\xbcb\\x88p\\xbd\\xe3u\\xb4\\xee\\x04\\x1b\\xe7\\xee\\xae|n\\xf2\\xde\\xa2"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x0e\\x9a\\xd8\\xac\\x07x\\xe4\\x93jp\\x83o\\xd0\\xc4\\xcf\\x83\\xe6l\\xe26a\\xd3\\xf3\\xf7\r\\xd3\\x8f\\xa0b>\\x0e\\x0c\\x18\\xec\\xefy\\xcc\\x07\\x8f_\\xb5\\x81\\xd6\\xdf\\x03\\x01\\x00\t\\xa8\\xf3\\xad+\\xd7\\xa7\\x8b\\xc9g\\xd1\\x1d\\xf6\\xc0\\xc0i\\xfc\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xea\\xca\\xefp#\\x96\\x88g\\xa9\\xdb\\xa8\r\\xd9\\x96\\x11\\x94\\x0br\\x81\\xe1\\xcc\\x11\\xfce\\x06\\x9f*\\xd5\\x01\\x11\\xf6\\xd9=\\xf8\\xaf|\\x88\\x10>\\x07(\\xf8]h9\\xa8\\x95\\x85"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xac\\xcc8h\\x0b\\xdfs\t\\xdasd\\x19}g\\xaa\\xad\\x92\\xc6\\xe3\\x9cvnd\\x15\\x1e\\xba\\xcf\\x89\\xb1q\\xc8wk\\xbb\\xe7\\xb8\\x14\\xad\\x7fa\\xdbo\\xdeor\\xd2\\xddx\\xfd{r0<\\x93\\xd9\\xf7\\x92\\xa8\\x0f\\x05\\x19\\xd5s+\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x96\\x1ey>\\xe5i\\x9e\\xfd\\xf9o\\xcb\\x1bk\\xc7n\\xa4&\\xf5cz5k\\x91\\xb4\\xaak\\xab\\x1crhdz\\xc7\\xec\\x17\\xc3\\x93\\xd5\\xfdv\\xaf\\xd1\\x0b\\xb5\\x9d\\xacw\\xf1"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x96\\xe4\\x1a\\xd0\n\\xca\\x90z\\xa1\\xc4$q\\xb4\\xe2\\xd7\\xc5a\\xd1\\x18'tj3\\xfdo7\\xf6\\xd0\\xc2\\x898\\xb6v\\x8bp\\xcf\\w\\xc77\\x16\\xbc\\xac\\x04\\x02\\xb0\\xd7g\\x14\\x93\\x0f^\\xea\\xb7\\x9c%!x\\xd1\\x18\t\\xa5ce\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xc7q\\x85\\xb8\\xa3?\\xc5\\xe2\\xa1\\x17o[r\\x9f\\x93\\x16\\x9c\\xfb\\xed6s;\\xad]\\xce\\xc9\\xf9a\\x1c\\xd0\\x80\\x97\\xb8sh\\x08.\\xef\\xe8,-t\\xc6\\xf91\\xc7\\x98i"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x1d\\x121\\xef\\xfah\\x9d(\nt\\x90]\\xb0p\\xf2a\\xcc\\x1d}v\\x0ca>2x\\xebj\\xc8\\xae\\x0e\\x8f\\x86\\x94\\x11\\xf8j\\x10n%<\\xd6\\xeb\\x90\\x18\\xff\\x1f\\xd5@n\\xab,f\\xe3\\xf9^\\xa1\\x9a\\xd5\\xef=\\x03\\xd4\\x1bf\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xba\\xc4e\\x1f\\xcfl\\xa6m\\xffb\\xb9z*\\xdf\\xf3i\\x0ct\\x92\\xe5\\xfa\\xe8;\\xd3\\x12\\xf1\\xf4\\xa4\\xca~\\xb8\\xebm\\xbd\\xc3\\xddc\\xed\\x8e\\x1c\\x7fd\\xbcj\\xa0\\x10\\xe9\\xda"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04ys1`\\x91\\xea\\x92{o\\xa1\\xcee\t\\xb3\\xfdg\\xc7so[r$\\x969\\x87\\x99\\x9c\\x91\\xe4r\\x06:`\\x12\\x9cso\\xa1\\xbat\\x95\\x9b&f\\x9f\\x12\\x94\\x1d\"\\x8ex\\x85w\\xae\\xb6?\\x802\\x8ch\n\\xf2\\xa9%\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xe8}8\\x81f0\\xbam\\x80\\xee\\xdb:9\\xde\\xc7\\xb9\\x81\\x98\r\\xdf9\\x92~\r\\xb5\\xccg0\\xb6jr\\xbb6\\x83g\\xf2\\x90>\\x1d\\x8d\\xa7\\x02\\x02\\xa7kz\\xf8v"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x044\\xdbt\\xc9m\\xbe\\x00\\xad\\xbd}!\\x9e\\x88\\xab\\xa7\\x89\\xcf\\xfew#p3,\\xc3\\xf7\\xd8rp\\xd3\\x8f\\xc0\\xa8\\xb5>\\xca\\xfd\\x86\\x1el\rq\\x08\\xe8hw\\x90\\xc8\\x82\\xe1@d{\\x88\\xbe\\xc7\\xbd&\\x06\\xf8\\x8a\\x08\\x94\\xa9\\xf2\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x87_\\xbb\\x023\\xbd\\xe0t\\xb1\\xde\\xfbk\\xd2t\\xf36\\xe7\\x8a\\xb3\\xe5v=\\xbd\\x03\\xbe\\x88\\xd8\\xbe\\x95\\xb33e\\xc7\\xed\\xbd\\xa7o\r\\xe7.\\xa4t\\x0br\\x81\\x0f\\xf1\\x8c"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xc3\\xcf\\xe7\\xd4\\x19\\xb6\\xca\\x18\\x99\\x03\\xbeo\\xa2\\x16\\x05\\x8ck\\xdf[\tfq\\x93\\xe7\\xee\\x9dr\\xb0\\xc0\\x0frs6m=\\xe6\\xbb\\xfc\\xda\\xa0\\x84i\\x86\\x8dc\\xf9\\xa7fm\\x99\\xf2\\x0b\\x9a\\xa8\\x9c\\x1c\\xbfv\\xe1(\\x1b\\xc4\\xd4\\x16\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x1e\\xae_\\x04dli\\xaf\\xe1/\\x1b\\x11\\xb8a\\xc3y\\x9fk\\x8d\\x16\\x01u\\x841\\x83\\xa1)\\x81i:\\xff\\x87\\xd52j-)$\\xb8\\x94ny\\xceo\\x8d\\xda\\xe8\\x9a"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\x91r\\x7f5\\xe9|\\xd7-\\xdduk@\\xad\\x95\\x95\\xe9\\x1f\\x9a\\x08\\xae\\xa9\\xd1o\\x19d\\x83\\x974\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04>;\\x88\\x1d0\\xcbnw\\xa2q\\xf0\\xe8\\xd0\\x8c\\xa3\\x87\\x1a^\\xb2\\xd0zdh\\xe3'\\xf6\\x11d\\x9e4\\xc6\\xa5\\xf9\\xfd\\x83\\xf6a\\xc6b\\xe5o\\xc6]h\\xb8e\\xb0\\xe3i\\xb5ogo\\x96\\x1f\\x94\\xdb\\x14\\xa9\\xc2/{\\xbb\\xed\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x0006\\xa5\\xb6*9vw\\xf5\\x05\\xad\\x16\\xc3+\\xbe\\xbdt\\x90\\xb9\t\\x04\\xc1\\xb4\\xc8\\x83o\\xcc\\xa1]t\\xc57\\xd7z\\xb6\\x14\\xf2+~\\xb9\\x9e^\\xc9\\xc5\\xb2\\xe4\\xa2\\x83\\xe8"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\xff\\x8e\\xeb\\xed\\x08\\xfe\\xca\\x1c\\xe7k\\x98\\x1cxr\\x8bm,\\xd4\\xcd\\xac\\x08\\x93\\xda(\\x1ce\\xe3\\x93\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04u\\xbd\\x05\\x84\\xdd\\xef\\xc5\\xc8h^o\\x0fl\\xfc\\xe7\\x86c \\xb7\\x7f_\\x11\\x85\\xc8i\\xba\\x13d\\x93\\xa9\\x96\\x7f\\$x\\x9ch\\xd0\\x00>hb:\\x83\\xc0z\\x0c\\xf1\\xd0\\xcb\\x94\\xd4'\\xc9p\\xe2\\xbb\\xcc'c\\x83\\xc0\\xbe\\xf1\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000v\\x0bp\\xe0\\xb8r\\xd2\\xd8\\x06\\xb5r\\xb6i\\x97\\xc5\\xbb)\\x7f\\x82\\xa2\\xaa\\xcdqm8_\\xa1\\xa2s\\xccn\\x88~\\xfc\\x0f\\xd8\\xea\\xae\\xa9=\\xb9\\xb8c~e\\xb9r\\xd2"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00)savl\\xb6\\xc7\\xb2'\\xdfp\\x15\\xb1 \\xb4\\xd5o\\x85p\\x84\\xed\\x1a\\xf0\\x80\\xa9\\xcd:k\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00m\\xe31\\xcbk\\xf9\\xa6\\xedc\\xb3g\\xd4\\x05=w\\xd8\\xb8\\xd9r\\xde\\xcd\\xa7`\\xd6\\xcd4w\\x99\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x00\\x08{}\\x03%\\x8db\\xe4\\xa4g\\xc3\\x0b\\x02\\x85\\xb2)_y\\x91\\xff\\xd8j>}\\x84k\\xe2\\xe2\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04n\\x18\\x96\\xd2\\x9f\\x82\\xcf$\\x7f\\xf1\\x8e\\xf0\\x9b\\x81\\x1cy[\\\\xb9\\xa5rr.t\\x8dec<\\xd4fu\\xc4\\x13\\xde\\x1b\\xed\\xaa*\\xbf,\\x1c!\\x99\\x82\\xfb\\xdc<t\\x13\\xe8w\\x92\\xa7+n\\x14=0\\xf1\\xb3\\x97\\xb6/\\xd6\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xd9\\xcba\\xed\\xedf,n\\x15l\\x87\\x1fl\\x98\\\\xd3\\x9d\\xea\\x1ev\\xb1\\x12\\xa8'y\\xe5\\xc4\\x13\\xa2\\x94\\xe8\"=\\x93\\xa9}\\xce\\x83\\x82\r\\xd5tc\\x19\\xba\\x8c:;"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x046\\x1c\\xcbm\\xc4d9\\x1a\\xa3\\xc2\\x1c\\x00\\xf3\\xcd\\x8c\\xbb\\x98\\xc4\\xd2\\x9b\\xec\\x13\\xe1\\xe8\\x19\\x84h\\xb0\\xb7\\x80\\x1dc\\xce\\xa3\\xa6r\\xc3\\x1cn>2\\x0c_tg\\x9d\\xea\\xca\\xd1\\xb5\\x98\\x87oq\\x86no\\xf1sf\\x89f\\x1fj\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x1a\\xf1d\\xa2\\x07~ql\\x0f\\xb4\\x84n\\xd9\\x88m\\x15a\\x9f\\xaa9\\xa1\\xae\\xb5\\x8e\\x8azw\\x1a\\xc7\\xa8\\xa4\\x01\\xaa\\xc4/\\xdd\\x89\\xca\\xcb\\x12\\xd9[=\\xc1g\\xc4\\xd4\\x80"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xe9\\x08\\x8aa0gj<\\x9a\\x8fc\\xb3f\\x89\\xaa\\x91s\\x90k\\xe8\\xa6\\x19xk\\x93\"\\xb4\\xdbr\\xb1d\\x85a\\x96\\x05c\\x1ej\\xdc\\xf1y\\xb9\\xeaaij{\\xbci\\xaa\\x93h\\xc5\\xb65*v\\x81x\\x98tw\\xb3a\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xa5\\xaa=*\\x7f \\xa6v;\\x19\\xba\\xf0]\\xed#\\xdf\\x98i\\xe6\\x17\\x99\\xfc\\x10to\\x96\\xb5\\xb5 2#\\x06\\x0fcm6\\xd3\\x18\\x07xix\\xb9\\xe1^(k\n"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x83\\xf9\\xed\t!\tv\\xb6\\xd4\\xc1\"\\xd8i\\xcd\\xb6\\xe8\\x95t3\\x8a)t\\xf9i\\xc7\\x90\\xe3\\xde\\x10\\x86\\xa6\\x0eb#\\x9d\\x06t1\\xc8\\xf0/\\x8d\\xf0\\xd3\\x0c\\xb7\\x15g\\xb7\\xd3\\xdd\\xec\\x0b;\\x86/\\xa5\\xe0\\xff\\xf2c0h\\xe7\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x9e^\\x1d*5\\x15>\\x18x\\xbd\\xca.\\xb9g\\xa4\\x8d\\x19\\a\\x18\\x9d\\x00\\x1c7\\x0ez\\xe2\\x1bt8\\x8f\\x02\\xc3\\x16\\xe1 \\x17\\xdc1j\\x02\\xeb|\\x91\\xb7\\x0c\\xbb_"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xb6\\xe0\\x95\\x05wi\\xa3\\x11\\xe69\\x07\\x0f\\x96\\xd4\\xf9u \\xe5x\\x17\\x15\\x84\\xa0\\xc1\\xbfp~j\\xc8\\xaeh\\xe6*\\xc2\\xb65\\x11b\\x8b\\x92\\x1b[0\\xd3\\xcf\\x04b\\xea^\\xeeo \\x89q\\xdd+\\xb0l$\\xc7a\\xe8\\x7f0\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000t\\xe9\\x0eb\\xfb,\\x82t\\xbf\\x03\\xefb\\xae\\xb1y#\\x8aei\\x935-\\x9e\\xf0\\xc1\\xc2\\xc2s\\x81\\xa9\\x16\\xc3\\xd1\\xdf<m*n\\xb9\\x1dlp#.\\x11\\xe4!s"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04xw\\xc0k\\xff\\xfc\t\\xb3\\xf5w:\\xdf\\xf6/$\\xb8\\xbf\\xf1\\xaf\\xc2-f3\\xa82b\\xb0\\xb2+-u 3\\xff\\xad\\x1d\\xb8\\xcd\\xc8\\x7f\\x1a\\xba\\xd0\\xfa\\xcb\\xbf\\xba\\x1e\\xd0\\x88poc\\x08\\xee%\\xa9\\xfe\\x98\\xa7\\x0c\\xeem\\xfd\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x1cm\\x11\\x8c\\x0e\\xcf\\xd6\\x96\\xae\\x11\\x97\\xf0@\\x80di^\\xeb\\xc8\\x0b\n\\xbe\\xa6\\xec\\xe0\\x8f\\x12'%x\\xe5\\xd7\\x16\\xbc\\xae\\xfa\\xc7[\\x8a\\xf3\\xaa\\x9a\\x1e\\x92\\x8b\\xc7\\x17:"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x044\\xd06]\\xef\\x17`\\xf2\\xe2n\\x0cs\\xcc\\xc1\\xbeg\\x97\\xd0@\\x18\\x15\\xc4\\x1bi\\x11\\xe5\\x04z\\x88j\\xbbt\\xdcj\\xc5az\\xdb~ow}~\\xe2n/\\xc6\\xdb=7\\x13\\x1f\\x08\\xa4h\\xd5\\x1e\\x87}\\xfc\\x93\\xf1\\xe0\\xa7\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xd7\\x88\\x9c>jc\\x04\\xcf \\xf2\\x80\\xa4\\xa3w\\xb6\\xdc\\xbb\\xd0\\x97\\xden|-\\x1clx\\xae\\x7f\\x1d\\xf7\\xce\\x10\\xc5?sriub>\\xbdl\\xaa\\xc2s\\xe3>$"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x1cr\\x92}'\\xb0\\x9ck\\xa7\\xfc\\xdc\\xae\\xec\\xab\\xe2a\\xe4t\\x94\\x04t\\xbcn\\x12wff\\x8c\\xc6\\xc3\\x9a.w2\\xfa\\x1e\\xba%\\xbfl\\xae\\x05\\xa1z\\xbd\\xc4\\xe0\\xa8\\xbc\\xc7\\xd3\\xe5\\xe8\\x0c\\xaf\\xb8\\xb9\\x06\\x95\\x07\\xda\\xe3\\xad.\\x96\\x13rt\\xc6\\xb3\\x99j\\xa3\\xa9\\xc8\\x0ew\\xddx0no\\x93\\xd6\\x92c\\x1f\\x01 \\xfb\\x7f\\xde\\x04\\xc4\\xac\\xc4\\xc2q\\x14\\xf0e*\\xe5cgu\\x0ea\\xed\\x1d\\xfc\\x89\\x88yr\\xbb\\xac\\xbd\\x81\\xa74oz\\xca\\xb1\\x85u\\xdb$`\\x9d\\xdc)\\x9d\\xec\\x82\\x1f\\xf1\\x11\\x0b\\xfb\\xef\\xcb\\x06\\x02\\x81\\xf2\\xfc\\xd3\\x1e;\\x833\\x8a\\xc8\\xb9\\xc3u#u\\xb9#\\xa1\\xfd\r\\xe0l\\xba\\xce\\xc9^\\xc1s\\x7f\\xf7\\xeb\\xac\\x8e\\xcf\\x7ff#\"\\xd5\\xb4\\%\\xd5sa\\xe7\\xcar\\xc1\\x18\\xe8e\\xfa\\x97\\x8a\\xfe\\xae\\h\\x1b\\x0b\\xfd\\xd7\\xb7e\\x87\\xdf\\x8fl\\xfc'\\xe7\\xc3\\xec\\xb8\\x11\\x1b\\xd6.\\xd70p\\xf2\\xd7!\\xec\\x11\\xa1 x>\\xeam\\xdd\\xa3u\\xc9p';\\xefh\\x9140\\x94"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x01\\xcd\"\\x86\\x99{\\x83\\x0b0\\xda\\x03\\xf0\\x1c\\xcd\\xb2\\xb6\\x13\\x15\\xdd\\xe5\\x8c\\xd1[q\\xbftty>\\x82\\xac\\x1e\\x00y1t!\\xbc:\\x7f\\xce\\x80\\x0bwc(\\x9b\\xb9b[\\xbc\\x10ear\\xe0\\x064\\xbc\\em\\xb3\\x97\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xf1j\\xe6\\xbe\\xb4\\x81\\x85]\\x12\\x84\\x90c\\x91*u\\xbc^(d\\xf6&\\x17+\\x11\\x95b_\\xf0\\x06\\x1e\nt\\x9d\\xa1\\xda\\x93\\xa7\\xc8\\xfe\\x800\\xb5ar\\x16\\xa1g\\xc4"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xa8\\x0fp\\xf3o\\x00lw\\xe0\\x922\\x98\\xec\\x85\\xc5\\x15\\xc3:oklr\\xa6\\xc5\\xd9v\\xe9\\xc9\\x14\\xdc\\x8d\\x0ccon\\x07c\\xfc\\xe9\\xbd?\\xe9\\xd6?\\xad\\xf3\\x9b\\x1917\\xd9o\\xa7\\xcc@\\x8f\\x8a\\x8a1\\x80\\x14\\x8c\\xd6\\xdd\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000kh\\xa7\\xbcu\\x9b\\xb1ov-t\\xc2\\xe1-w\\xddj\\xaf\\xeew\\xf2\\x14x^\\xdf\\xae\\xa3\\xc2\\xf4m\\x88\\xaa%\\xd2z0<d\\xf0\\xc7\\xad\\xec=\\xec\\x97\\x9e\\xf1\\x99"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01(\\x10\\xf3@we\\xaa2e\\xac\\x9c\\xec\\x08d\\xdb\\xdf\\xd7\\xc9\\xea6\\x8d\\x82\\x95\\xb5\\x91\t$\\x87\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x0b\\x16\\xdb\\xcf\\xcb)\\xe9\\xf3\\x88\\xf3@\\xd3\\xf7\\xe8\\xc8\\x04\\xa6\\xac9\\xa9$\\x87\"@\\xe5\\xfew\\x94#a\\xfd\\xa5\\xe2\\xdc\\x87\\xbe\\x8fml\\x08\\x0c\\xfe\\x1c\\x96\\xdab{\\xc9%\\xb9\\x9bo\\xeed\\xce\\xde\\xc8\\x01\\xc3\\x8d\\xac}\\x1b\\x9e\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x0006\\x0e\\xa8\\xb3\\x0b-\\xdd\\xdd\\x8a;\\x7fr\\xd7 \\xaf\\xf6\t\\xe9c\\x07ph\\xa4\\xea\\xc9i\\xe5\\x11\\xcb\\x19\\xe6\r\\xa1\\\\xc6\\xfd\\xee\\x9b\\x11\\xe5\\x9c\\x1d?\\xad9so\\x85"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xf3\\x9a\\xc2q7\\xfe\\xfc\\xa5\\x99'\\xa8\\xdfs\\x8b\\xca\\xab\\xcd\\x18c\\x13\\xf6\\xfb\\xab\\xb4q\\xbb\\xdb\\x84\\xa9\\x15=\\x87z\\x99xv\\xa9v \\x94@kl;p\\xaf\\xd9gw\\xf3\\xa8ww\\x0cq\"\\x89\\xc5\\xda\\x8a\\x8f\\x8b\\x1e\\x9b\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xd8\\x1dtl\\xf0\\x879m\\x98\\xa3\\xcd6fg\\x7f\\x11\\xec1e\\xf2\\xb6'\\xea\\xb2\\xe9i$\\x02\\xdc'f\\x06\n\\xabv\\xe3\\x99\\x977:w\\x01j\\x1d\\x9dr*j"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x14i\\xe46\\x02\\x9a?\\xe1\\x86$\\xb8:v\\x7fr\\xfe\\xe8\\x04\\xef\\x108\\x9f\\xc1\\xf1\\x96\\x88\\x19\\x13\\x81\\xa5\\xf6\\xb5\\xcab\\x83s\\xac\\x12]\\xfd>\\xb6\\x96\\xb0\\x1e\\xbe9\\xd7f\\x18\\x97\\xf2\\xe1\\xfdt}\\x92h\\xe0n\\xcf\\xa0\\xbc\\xa3\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x14\\xde\\xd8j\\xbb\\x87\\xd8u3\\x0c\\xafk\\x91\\x8b\\x0b\\x17\\xddx\\xc6\\x05\\xbf\\xae_m\\xf9q>\\xfb\\xc4\\xabi\\x1ex\\xb6\\xe3\\x9bhyh\\xc4j\\x8d\\x9fl\\x16>\\x06\\x7f"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xfep\\xae\\x9a1\\x04\\x19h\\x84\\x1e\\xd69\\x86\\x12\\x84-\\xbcv((\\x99\\x1e{\\x15\\x0er<\\xd5\\x02\\xf2\\xc1\\x0c\\xf1\\xce\\x0e/\\x8bl\\xa5\\xc2t\\x16\\xa2\\x84\\x8dd\\xcd\\xd40\\x07`00\\xe0 \\x82b\\x0f\\xb1\\x81)\\xb7\\x05\\x8a\t\\xe9\\xc1e\\xe2\\x14\\xfbz\\x9e\\x0f2i\\x80[\\xed\\xe5\\x14\\x873\\xc4\\x83\\xda\\xe5\\xc0\\xa7\\xb6 \\xaf\\xfd}\\xa7\\x93\\xe0\\x84p\\xf9\\xd3\\xc3\\x9a\\x9c\\xc3$ie$j/\\xd5\\x80\\x04mf\\x8e\\x07\\xa5\\xd2\\xdem\\x85}\\xe5\\xf9\\x90\\x1e\\xfd\\xa2\\xe9\\xeddk\\x03:\\xc3u2\\xb8\\x0f\\xd6|jki8\\x16\\x06^\\xeao\\x89\\x88\\x80\\x8dq\\x8dt\\xaf\\xb7\\x84i\\xac[5\\xf1\\xbf\\xb9d\\xfb\\xbb\\xf7\\xd6\\xfb\\x1bx]\\xcc\\x18qm\\x81f\\xc5\\x1f\\x90\\x8d\\x7fm\\xffm@\\xfe\\xe9\\xe5f$u*r\\xa1\\x8f\\x8c\\xbbn<\\xbde\\xfe\\xe8\\x87nv.\\xa6\\xc4q\\x1a\\xf5\\xcd\\xdc\\xc6\\x97\\xbctl\\xc2\\x14\\x81\\x84\\xf0\\xe7\\xbd\\x93\\xcf\\x92\\x07d\\x8a\\x9d\\x0e03:\\x96\\xe3\\xd4\\xd9i\\x80"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xae\\xa9\\xb1\\xfd\\xa9\\xd7\\xc2\\xff\\xcb\\xd1\\xd7\\xac\\x06\\xd6\\x1eun\\x19x\\xaf\\xdc)e\\x81\\x9f\\xa7\\xcec\\x9b\\x87\\xa7\\x08\\xa8lk'#\\xf2\\xd9\\xa0\\xa0c\\xc8\\x18\\x81\\x17\\xbazj\\xc6`mk\\x054\\\\xef(,\\x8a\\x98f4c\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xcd\\x7f\\xae\\xf9\\x89w\\xdf\\x1fp\\xd7c\\x15\\x0cc\\x107\n\\xa4\\x13p\\xb7\\xe2p\\xabu<\\xb6\\xe8\\x0b\\x8a`\\x9d\\xa7\\x86\\x08[\\x7ftg\\xa6\\x84\\x9fu/\\x03\\x83\\xff\\x0f"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x1c\\xb4\\xb9$\\xfe\\x91\\x13g\\xc4x%\\xc6~<\\xd9\\x05t%\\xdc&v\\x13fr@\\xbc5\\xb0xp\\x92\\xbdv\\xc2\\x8d\\xe2\\xf5g\\xc1}\\xd7\\xb3\\xcay#yy\te\\xf0jk\\xfd+\\xed\\xcb\\x8b\\x84\\x0f\\x16\\x94\\xde\\xd7y\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x83q\\xa3\\x1d\\x1c\\x1cs\\xbb\\xda\\xed\\xe1\\xd3\\x94\\x16^\\x94\\xd5\\xac\\xd0x\\xc0\\xff\\xc6)\\x8e@\\x81\\xca\\xe4\\xf1\\xb8\\x00\"\\xc0\\xe7\\xb6\\xb1o?\\xbb\\xcb\\x13\n\\x8a|e}\\x07"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe9\\x9f\"\\x90\\xc9o\n\\x89t\\xeb\\xbc\\xc1\\xaa^z$\\xb4r,\\x13\\xc9\\xcb\\xfb\\x944\\xfa}\\x12\\x7fv\\x11qt\\xc5.\\x13\\x07\\x1eo\\xca\\xd4)\\xa2\\xd6\\x94\\xaby\\x9a\\xdd\\xde\\xad>\\xf2\\xbb\\xe0\\x89\\xd5\\xaa\\xa8\\xc7f>\\x83\\xe9\\xf1l\\x8b\ri\\xe4ti\\x84\\x8ev\\xa6d\\xe1b\\xe7\\xbcu\\x92f\\x91\\xd8~2ct.t8\\xdc\\x8e\\x11z\\x0f\\xf0\\xe2\\x8b\\xc8\\xbc\\x90\\xdc\\xdb\\xdc\\xc5\\x94\\xc0\\x90\\xa9\\x90\\xda^\\xeb~\\xed\\x07'3cj\\xc0\\xf9\\x19!&\\x93\\xd4\\xd3\\xa3]{\\x19\\xa4k\\xfai3\\x9d]\\x15\\xac\\xf0;{\\xd8e\\x1fy\\x88\\xe8\\x8c\\xc4p\\x14\\xa7\\x04\\xec\\xfc\\x97t\\xab\\x17 \r\\x18\\xc7\\xba\\xa0\\xae\\x0b\\xdd\\x00h\\x1a\\x80c\\x8d\\xba\\xfdm\\xa9\\x9c\\xa5\\xa5e)\\xb0\\xfd\\xd2\\x97$\\xb7\\x9e\\x83\\xfd\\xf6\\xf4\\xdbs\\x12\\xc6\\x1e\\x9113\\x03%\\xcc\\x84l\\xca\\x17\\xc9\\xeb\\xd2c\\xf4\\x97\\xf2\\x07\\xe8\\xf9t\\x0f\\xc0\\xd7\\xc0t\\x06\\xd4\\xda\\x84s\\xbd\\xda?\\xd0\\xf3\\xa87\\x1f\\xc7\\xbb\\xe4d5\\xacf"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xaa\\x89u\\xbd\\xc5\\x8dxw\\xc7~o&\\xd1b\\xf1\\xd0\\xa9^\\x8b\\x99\\x1b\\xbe\\x85i6\\x06'\\\\x93\\x9b\\xf4\\xb7\\xc8\\xe2=\\xadn\\x81\\xf6w\\xee\\x1b\\x8ef\\xb9^<\\x93\\xe3e\\xa2\\x1d\\x89\\x12y\\xaa\\x08\\x83b\\x05p\\x1c/pj\\x96j\\xd78\\x85\\xe3&\\xb4\\xef\\xb8t\\xdfd\\x8d\\xb5y\\xf3;\\xf063\\xe0x\\xe7.n\\xc9,\\x8cip\\xda\\xeb\\xdf\\x9e\\xfd\\xa1\\xb3m\\x0ed,\\x81nq\\xd3\\xb3\\xb0&j\\x80\\x81\\x8e\\x8de0\\xae\\x8e\\x08\\x9ae\\x97*\\xcd\\xf6k\\x93\\xff\\xc0\\x9f\\xf2\\x9db\\x1a\\x95\\xf8-\\xe0\\xc5w\\x85\\xd5\\xa59]vxi\\x80\\x8c,\\x05\\xce\\xd5j\\xf4\\x9fs\\x1d\\xef\\x19\\xe5d\\x83\\x08b<]\n\\x00o\\x9f&\\\\xa2r\\x0bt\\xee\\xae\\x92\\x15\\xcfn\\xb1\\x9b'7\\xa5\\xfd\\xcac0n-<\\xc2\\xba>&\\xa8\\x12d\\x9d\\xcd\\xa6\\xad\\x83i\\xcb\\x8d\\xe4\\x81\\x056\\xc5\\x1c\\xa6\\x81\\x13;_\\x9d|\"\\xb8\\xe4\\x81\\x1a\\xdd[\\x9d\\xe8\\x86mc\\xb3\\x01s\\x9f\\xabkt\\xd1e+"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb0\\xff\\xe5\\xdc\\xeb\\xa0>|\\x829\\xb9#\\x13l\\x87\\x14ht\\x06\\x7f\\xd1a)\\xe86v\\xbb\\x7f*~k\\x00~\\x87\\xadh;\\xbe_`=\\xae\\xe8\\xb4a\\xd9\\x98\\xd8\\xe8\\x92\\x85l0\\xea\\xaa\\x05\\xf6f\\x90n\\xdd)i\\xf4\\xe4\\x92\\x9dz\\xb0oz\\x941<s)x\\x86\r\\xaf,\\xf6 \\x03\\xc3\\x94\\xdd\\xe6\\x15a\\xd1&l\\xd0\\x17c\\x19\\xb8\\x00\\xf2\\x97\\xe1m\\x97o\\x00\\x8ch4c\\xfa\\xd9\\x1f\\x86k\\x84jo\\x03cx\\x1f\\x8a\\x04?\\xb6u\\xd3\\xa6\\xc3 \\xf0\\xd0\nva~\\xab\\xb9\\xe5\\xef\\x99\\x00l\\xd2s5\\xdc\\xea\\xdby\\xd5\\x0f:t\\xe8c\\x81\\xea*\\xec\\xdd\\x9e\\xa9\\x82qy\\x03\\xf3\\xc4\\xdb-\\xf6\\x02\\x15\\x9fb\\x08\\xa2\\xf89\\x8d\\xea\\xda\\xae\\x80\n\\x11\\x8d\\xe3\\x87\\x90\\xc6o\\xad\\x82\\xdb\\xdbsb\\x82\\xa6]\\xe4e\\xc5\\xd0\t\\x87\\x1b\\x89\\xba|i\\xa3\\xf9*\\x02\\x12\\x97o\\xa9\\x91\\xaf4\\x87\\x02e\\xae\\xdb\\xe3\\xb35\\xad\\x91\\xb2}\\xc4^\\x9fet\\x8f\\xb9qy\\xf2$k@<"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xc3\\x83\\x16\\xc5\\x0e\\xbb \\xbbb\\x15\\xb9q\\xbc\\x84\\x8b\\xd1g\\x1c\\x01\\xb2\t3wa\\xf1_\\x9a\\xbd\\xael\\xa2\\xfaj\\xfe\\xe3\\x96j\\x1db\\xb4\\xcen\\xab\\xb4\\x98\\x19\\x10\\x81\\x12k3\\xb4%[_+\\x85s-\\x0fv\\x80\\x1a\\x18\\xb6\\x0c\\xf3y|\\x8d\\xf4+\\xc6\\xe1\\xd2\\xe2b\\x95\\x80{>\\xfex9\\xff$\\xdc\\xb2$\\x1b9[\\xd4\\xa1\\xf4n\\x18\\xe8_\\xb9\\x94<bd\\x864\\x00&\\xechzqrq\\xb8-\\xf4\\xd6\\xb7-\\x17\\xf40\\x1f\\x8e.\\xee\\xa8\\x80\\x0f,&7\\x8d(:c\\xabpc\\xab`\\xec\\xf8gh\\xa7x-\\xb0\\xdf\\xc4\\x97\\xba\r\\xd1\\xed\\xfa\\x14\\x94\\xf9\\x1c\\xf54\\xbc\\xc2`59\\xf1\\x80\\x1b\\xea\\x8cd\\xf1\\x90\\xe0\\xc7+f<o\\xe4}\\xcfg\\xd8r\\xbe\\xdby8\\xc0\\x18\\xf3\\x1a\\x94\\x93t>\\x8a)g\\xec\\xe5\\x85\\x97b\\xe0zt\\x9eah\\xbb\\xbb\\xb8\\xbc\\xd9 \\xa4l\\x90\\xf4\\xa4s\\x17 c\\x85\\x0e\\xa1i\\xd8\\xb8j-\\xaf\\x05\\xef\\xec/\\xd5^\\xa9\\xa8m\\xd6s{"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010,\\x88\\xb6\\x80\\x97l\\xac\\x8fj\\xd3\\x14\\x0cb\\xa5]\\x83}b/\\xb8{\\xa8\\x8d\\xd6;s+\\x7f\\xa3\\xf2c\n\\xa0\\xdde\\xdf\\xda[\\x07\\xb5\\xf3w\\x9b\\x02\\xf2\\xf7\\xe9\\xf5m\\x9a\\x89\\xbdn:\\xd0!\\xba\\xa0\\xb1\\xa8\\x8f8\\xc3\\xd2t\\xd6-\\x98\\xd4q\\xfa\\xe1cz(\\x1b\\xd9,\\x81\\x078\\x9ci*\\x823v9\\xcc\\xdf*\\xbf\\xde\\x8d\\xb8\\x92gc\\xe7\\x94\t@\\xde\\xb4h\\x87\\x062l\\x85!\\xaf\\xa8r\\x87\\xb8\\xc2\\x7f\\xde\\xcd\\xc1&\\xee\\xe2\\x85\\xb0$\\xf9\\x91j8\\xeaon\\xf3c\\x91\\xaaz\\xb4\\x9aq\\xd7w\\xbd5q\\x93\\xa9c\\x99\\xd1b&}\\x89\\xfdmsd\\xde\\xec\\x82\\x8b\\x8b\\x19\\x97\\xa6\\x0f=swm\\xe9\\x97\\xcca\\xfc\\xaa\\xd3y\\xfd\\xc3\\x1c%a)\\xac\\x0e\\xb8r\\xb5\\x8c{\\xe1b\\x80!\\xe1\\x9a\\x89\\xe3\\xb0\\x13bk\\xb10n\\xdaw8\\xa3i@\\x\\xc4\\xa3\\xd0\\x1bl0\\xf7\\x14n\\x02da,\\xd6j\\x1aq~t\\xe2*w\\xf36\\xdee\\x0f\\x8a\rh\\x0f t)"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x0107\\xd0\\x88\\x18?\\x90q\\xbb\\x1e\\x92w>\\x98mp\\x98w\\xc5\\xa7\\x96\\xf1\\xcd\\xbfa\\x9e\\xd0\\xf5\\xd9y\\xe8\\xea\\xe0\\xc1\\xe6\\xe5\\xee\\xaenw\\x18\\x8a&\\xe2\\xbd\\xfc\\xa8%\n\\xaced\\xd7s\\xe9\\xdf\\x8b\\xf2\\xf9\\xf8\\x89&\\xb2=\\x9f-\\x14\\xba\\x97s\\xe5\\x9b\\xe6}\\xb9\\xbc\\x9b\\xf3\\x83]\\xf0\\x98\\x85\\xb6\\x87<\\xe9\\x88\\xe7\\xaey\\x1cgd\\xc1\\xda\\x0c\\x9ad6z\\xf5nf\\xe4r\\x17)\\x85\\xae\\x13\\xee[l\\xfa\\xa3\\xdf\\x92\\x85\\x8f4[\\x85\\xdb\\xaf\\x08\\xf3\\xc5\\xeb%\\xc3\\xacp\\xe3 \\xd6\\xb2\\xfb\\x85\\xd7\\xa2f\\xd7\\xe5\\xefmq\\x7f\\xca\\xa7\\x08\\xa6o\\xd3\\x1f\\x92\\x8f\\x195w\\xa7\\xe7\\xe3i\\xf6\\xe9 \\xce+\\x8e\\x90\\xcb\\xc0\\x99\\x1f\\x06e\\xed\\xbdr9\\x94%\\xc3f\\x83\\x1c(\\x00\\x8a\\x07\\x9a/id\\xf8\\xe4\\xb3\\xfb\\xf8\\x95*d\\xea\\xb5\\xf3\\xcc\\x84p\\xb85\\xf9\\xf4\\xce\\xb5sry\\x048lt4\\x0c\\xd5\\x9c=_\\xfa\\xa0\t\\xda\\xe3er\\xe8\\xe9\n\\x83\\\\x9bv\\xd4\\xf5\\x87\\x12\\xcdb!\\xf1j\\xee"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010)n\\xad\\xd0\\xb6&\\xb7\\x8c\\xb3:&}\\x077\\xa6\\x94\\x0c\\x89>\\xb4\\xb0\\xb9k\\xdc\\x87\\x80o\\x8d\\x17\\x16z\\xf9\\x12\\x1ad\\$)\\x8f#\\x7f\\xec\tk\\xc7d\\xe9]$nh\\x81\\x05\\x82\\xc8\\x9cnm6w\\x7f\\xb2\\xe8\\xd8\\xe1\\x00\\xb8\\x80\\xd9\\x0c\\xdd -\\x813\\xe7\\xbd,j\\x98-\\xe4\\xf59\\x00j\\xbf\\xee\\x82c\\xc9\\xf76\\x8f\\x96q\\xf9)\\xc5\\x1c\\xec\\xca\\x11n]\\x00ube\\xc5\\x977\\x80\\xa5\\xf3\\xb5\\x8e8\\xba[m#\\x7fd\\xcc\\xd6\\xea'\\xd5\\x18\\xbc\\xf2\\xf7\\x0bg\\xa4gswl\\x81ab\\x060#7c\\x1d\\x91f\\xe1a{\\xa2\\x08\\xc6\\x84\\xb8.+\\xa20@\\xf4\\xbd\\xeb\\xfbw\\xd5\\xdb\\xed;\\xcf\\xc9q\\xed\\xff\\x08\\xb0\\xa3\\xd2\\xcb\\x83\\xc9\\xddz\r,\\xb8\\xfez\\xfe\\xd0\\xfac\\x1d%\\xad\\x97\\x7f\\xa6\\xd3\\xe6n\\xb4\\xdd\\xff\\x15z\\x1d\\xaf7\\xbc\\xe8\\x03\\xc5\\x1c%\\x94>\\xac\\x14&\\xcb\\x8e\\x9f\\x8e\\xe4\\xf5\\xa5q\\xf8\\x99!\\xba \\x83\\x91l[-f\\xd9!o`\\x08l\\x91\\xe9"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xff\\xc3\\xcb[\\xedt\\xbd\\xf3m\\xc3\\xc6\\x07\\x9e\\x892?5\\x96j\\x98\\\\xbe\\x9bl\\x1b$\\xca)\\x0e\\xa7\\x01\\xae\\x10\\x8e\\xe7l\\x1c+\\x10r\\xcc\\x1f\\xb7v\\x94\\x04k~\\x80\\xc36xo\\x1f\\xcd_\\xc1~\\x94\\xc0\\xd3\\x81\\xcdx\\xb9\\xe1\n\"/\\xb7u\\xfa\\xf6\\xca$\\x90\\xb6~\\xb1\\xb9\\xcdi\\xb7k+\\x1e\\xd3\\xc0\tj\\x08[\\xa2\\xf3\\x92\\x9d\\xc2t\\xce\\x9a\\x8ba\r\\xf1\\xaet)&\\x99\\xaa\\x0e\\xd6\\xd3\\x903por\\xf2[x,6+/kb\\xc01t\\x95\\xfc13zzr\\x12\\x8aje\\x18\\xb6\\x8a2g\\x0c\\xc4\\xf5\\xa4\\xfbefx\\xccca\\xb5\\xb43k\n\\x08|\\x06\\x89\\xf1\\x96*\\xe1v\\xedsg]\\xb7\\xac\\xb0/-\\x9f\\xfcno\\xcd\\xee\\xc6\\x10\\xda\\xdd\\xber}p\\xbb[v\\xcd\\x96b\\x0ey\\xe3/\\xf2\\x0bz\\x88\\x7fw\\x0b\\xae\\xd6}\\xed\\xaa\\xa4<&4\\xa1\\x8f\\x8f]\\x98\\xa29\\xc1\\x90\\x00\\x18\\xb8\\x84x\\xf0\\xb1\\xe2\\xfb\\xbe\"s\\x9c=u\\x0b\\xde\\x17\\x165\\xb0\\xe4"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010&5\\xc3\\xe7\\x94\\xb0\\x9d\\xc7k\\xbf\\x14d\\x14\\x95x\\xf2{\\xfe\\xea8\\x80k-\\xff\\xbcg\\x03+`\\xe8\\xe6\\xb4\\\\x94\\xb5s\\x83\\xcd/\\xde\\xf2\\x05=\\xd1\\x88b\r\\x81\\x7fk\\x91\\x9a\\xf0\\xd3s\\xa95,uv\\x13\r\\x9f\\xd3\\x19\\x0f\\xbb\\xc2\\xf6\\xb1x\\xbd\\xee\\xa5\\xaa\\xf7\\xb0c\\xbfp\\xd3*\\xf4\\xe4\\xb6\\xcf\\xf7\\xbf6\\xe7\\x8b^\\x08\\xd7g\\x8f:\\x9d\\x88~k\\x86izsc\\xb5\\xa1m:\\xfb\\xd0+k\\x86\\xbbj\\x84_\\xcfyotxo\\xdb_p\\xf0?i\\x07\\xc2@pt\\x11\\xae\\xd9\\xc3\\\\x98\\x11v\\xa1\\x18c\\xd6a\\x8a\\xb2k\\xc0\\xe4\\xd5 \\xb0\\x97q\\xce\\xf7\\x84;(\\x9b[\\xd1\\xea\\xc2c\\xb6\\x9d\\xd1\\xb3\\x15\\xe1\\xef\\xe0[jum\\xe2\\x8ej\\xfftm\\xa3yk\\x0f\\x8a\\xf7\\xc8\\xb8*9@%\\x1b\\xb4\\x92\\xe3\\xd6\\xc72]kj\\xe3\\xc3\\xaa\\xa4\\x07>\\x8a\\\\x7f\\x13]\\xbd\\xd7e\\xcc\\xa4k\\xbb\\x11/\\x00s\\xe78\\xd6yjjc4\\xba^\\xd7\\xae\\x0b8\\xd5\\xd8\\xc5ly"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xefv\\x0e\\xba\\xa3\\xe0\\xd5\\xab\\xce(y\\xaf\\x1c\\xd8n\\xdc\\xc6mw\\x87\\xe9\\xde8\\xb8e\\xc2\\x9fi\\x99\\x02\\x84\\x8c\\x8f\\xaar\r\\xe2\\xac\\xfe\\x15\\xed\\xd0l\\xc0\\xf4e\\x8a\\x1b\\x87\\xdb\\xbb\\x89\\x9a\\xc2\\xbb\\xac\\x97\n\\xac\\x92\\xc4u65v\\xb8\\x08\\xe6?\\xd3\\x91,b\\xfe\\x8a\\xab[c\\xae\\xde\\xfay;\\xdd\\x91\\x85\\x91\\xb6\\xba9]\\xc0m\\x1c\\xc3>\\x88a\\x86\\xc5\\xdf.\\x11x<b\\xb3\\xad\\xa2\\xb0\\xa6\\x03\\xac\\x95\\x1a\\xe5{m\\xa7\\x0b\\xc6a\\xaf6e\\xcc\\xad\\x81\\x99\\xee\\xdbv\\xe5m^\\xbc\\x12\\xcd\\xc4\\xe4\\xb1\\x8f\\x06\\x19\\x889\\xd4\\x80\\xb4\\x93o\\xc2b\\xc4\\x84\\xd1l\\xa8\\x80\\x05o\\xf24\\xb7@\\x83\\x90\\xe4\\xf7\\xe5r\\xf4(\\x82\\x93mg\\x98/l+\\x97\\xa6\\xb5\\xc4\\xfc\\xe7\\x84x\\xf2\\x1b\\xeb\\x93y\\x12\\xe4b\\x14\r\\xa6w\\x07=\\xb4\\x89\\x8f\\x85\\x8fr\\x08\\xe5\\x18\\x0bp7\\xe23\\x98y\\xa8qh\\x9f\\x1b\\x92(\\x0e\\xfbo\\x8fk\\xb8\\xef\\xd6f\\x8a\\xf6\\xe5k\\xd8;\\x9ck\\xd6\\x95\\x819\\xfd?\\xc5\\xa2"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xca\\xa1\\xd7y\\xc74\\x9byf@&k\\x81\\x83+p\\xd8-4\\x8eis\\x0c\\x85\\xc5\\xa2n27`\\x86\\xa5<\\x9e\\\\x15v\\x83\\xf9\\x15o\\x0b'9\\xd1\\xbe9\\x9c\\\\x0ek\\xdd)\\x85\\xa3\\xf2;\\x9c\\xc0\\xb4\\xed\\x87\\x93i\\x93\\xb3l\\x1c?\\xa8o\\xf5~f\\x8e\\x11\\xcd\\x04\\xc8\\x0bol\\x076ve\\xc3\\xd6\\xa5\\xc71\\xc9h\\x1b\\x95\\xa1<\\xbd0\\xfe\\xf2z\\xd9\\xec\\x82\\x9b\\xf9w\\x80\\x80[\\xf5\\xbf\t\\xca@u-\\x0e\\x88\\x0ethyqz~\\x94]\\x96a\\x12\\x97\\x7fr\\xb2\\xe2&\\x15\\x88b$\\xf8\\xa8\\x00<\\x96\\xf4\\xd3i\\xe9\\x1c\\xb70\\xa1z\\x8d\\x01afl\\xe5\\xf7\\x1a]\\x99e\\x08\\x87\\xf2\\xea)z>\\x02#t\\xd2\"\\xcd\\x80d \\x9cgh\\x06\\x83j\\xd8\\x08\\xbdg<x`\\xe4n3\\xbdd\\xb02\\x9f?\\x02\\x93y\\xdf&\\xf1\\xa6\\xa2\\xee\\x90\\x95\\x08\\xb2\\x17\\xa9\\x90\\x89\\xe3\\xa8\\xee\\xdc\\xf9p*\\xfe#<w\\xf7;\\x93\\x9ei\r\\x10\\x9c\\x01\\x03\\xf0]v\\xaf\\xe5q^^"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x90sw\\xf70n?\\x12\\xfa.]{4\\x17\\x87\\xd6m\"{a7\\xa5&s\\xe5\\xba\\x94\\xdfq\\x99\\xc5a\\x10\\xdb\\xab\\x9a\\xc4)\\xeb\\xd3#7\\x89\\xd9\\xc9\\x1ed\\x0f\\xb92\\x08\\xc27/\\xc2w?x\\xec_x\\x18yz\\xd9\\xaf\\x13_b\\xfdu\\xe8\\xc0\\xcb1\\x8d\\xbd\\xcea\\xe5;\\xcc\\xdcl.|\\x15\\x1a\\x9e\\xff\\xca\\x82\\x05\\xbc!\\xfd9\\xc0\\xd0!y\\xc5\\xa4\\x1e\\\\x7f\\xa7\r\\xedgu\\xfe]\\x8e\\x02\"\\x96\\\\x7f\\xe8\\x95>\\xde\\xcf\\xe8\\x94\\x17(\\x84\\x10?\\x18z\\xe8cj9\\xd8\\xee\\xdf\\xf1\\xe7\\xfa[gq5\\x15\\x9e\\x05\\xf58\\xbb\\x10\\xdb\\xc2g\\x94r\"c\\x04\\x8b\\x03\\xd5v\\x01\\xfch%\\xbf)\\xf0\\x94\"\\x1fh{l\\xdb<\\xbb3\\x84\\x0c\\xe2\\x9fd\\xbb\\x1e\\xb62~\\xc6?:|\\x9c\\xc0#\\x00\r\\xe2\\x1e\\xd2\\xc7k\\xdd\\x0c\\xf1\\xfd\\x17_\\xff\\x17\\xef'5]uv\\xa9\\xe6w\\x168\\x12d\\xb7+\\x96\\x89\\xd1y\\xe6\\x14\\xf3\\xea\\xaf?\\x0c\\xc9\\x01\\xb5\\x04\\x92\\xc1\\x82\\xaa5|"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xba7\\xb4\\xdd\\xbd\\x10\\x10\\xb3\\xd5*\\x81r?+e\n\\x1em\\xbe\\xf8\\x05ma6q\\xdc\\xe5\\x9f\\x0e?\\xc2\\x06;\\xb2\\xf3\\x89,\\xf8\\xf8\\xfd3}\\xce\\xd1\\x9b\\xb1dj\\x8faw\\xf5xh\\x85\\x90+\\xf4\\xb7\\x80.nqv\\xf6\\xcfy;tq7(\\xb8j\\xc7b5\\xef\\xf7ynk\\x82\\xc1\\xaay3eq\\xa8.r\n\\xc8\\xce0\\xf0\\xd8\\xd9.w4\\x96x0\\xaf\\xe3\\x07\\xde\\xbb\\x1c\\x9d\\xe5\\x9d\\xdd\\x05=\\xef\\xc8{5`o\\xa7\\x8a}\\xb2\\xa1!(b\\x07;xr[\\xf2\\x1be\\xbb\\xcc\\xfc\\xfe\\x05,\\xce+\\x19w\\x1d]3\\x0b:\\x8c\\xbd\\xb4\\xe2\\x98\\xec\\x88oj7\\xb0\\xe4\\xed\\xba\\xaf\\xa5\\xc1\\xbf)\t\\xaa\\xda\\x85\\x84\\x98\\x8c@\\x16\\xb2\\xad\\xa2\\xaf7\\xa3fs\\xaa\\xaex\\x95\\x8fz\\xf7\\xd9g\\xe7r\\x17r\\xf6p@\\xd7\\xaaj\\xe2\\x0f\\xbf\\xe0f\\x86*\\x0b;\\xdd\\x90!\\x9e\\xe2l\\xc8nu\\xfa\\xbc\\x87\\xbe\\xde8(n\\xfa}\\x01\\xe4f\\x17\\xa3\\x9e\\xeay\\xb5m\\xe4 d1"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x0103\\x92\\x93\\xbb\\xd0\\x13'\\x18nu\\xae\\x0e\\x18\"\t\\xaf\\xba\\xd6,\\x9e\\xb7\\xac6j\\xf1\\xa1\\x97\\xf0|m\\xdd\\xcf`\\x85\\x18\\xdcbt\\xe9>e,\\xe00\\xae\\xf7\\x81\\xa8\\xe1\\xf5p\\xe01l\\x19n\\x01a5\\xef\\xfb\\x8bo+\\x87\\xe1\\xe2\rs\\xfb(\\x0f\\xb7\\xbe_\\x10r\\xdcaj\\xf9\\x06\\x1b\\xf9\\x1e\\xa7\\\\xdbf2\\x1c\\xcb\\xb0&\\xf3\\x04\\xd5\\xf8\\xb9t4\\x08\\xe3\\x0e$r\\x97\\x056\\x15\\xf7)\\x90\\\\x8a\\xa5v\\xe1\\x7f\\x06\\x01=\\xab\\xe3+\\x8b\"h\\xf3\\xd3\\x11y\\xe1c\\xadm\\xdb\\xa0\\x97\\x85\\x17\\x92\\xb4ws\\x91\\x83\\x99\\xc8\\xb3\\xea\\x8e9w=h4\\xb6h\\xfd\\x8d\\x12\\x8c\n&\\xd9;4\\x7f\\x19ci\\xfd\\xd5\\xed\\xf6\\x9a\\xd8b\\x06v\\xe2\\xee\\xd2~\\x83\\xc2]\\x05\\xa6&\\xf1}a\\xc0d6$\\xdc\\xe4\\xaa{nq4_j;\\xf95\\xa6b\\xd2\\xf8hy\\x03\\xdf\\xff\\x90wt\\x9c\\xb5\\xbe\\x1e\\xc0\\x06\\xb0\\xb2{\\x82\\x8c\\x84\\xc8w\\xb5\\x8c/\\xae\\xd1\\xa1\\x01\\x8d1\\x84\\xab\\xd5\\x9a\\x8f\\x86"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xb7\\xd5z\\xca\\xa1\\xf0\\x99\\xee\\xa2\\xc4\\x10\\x87\\x98\\xa3\\xefc\\xe5\\xcf\\xc7\\xd7*\\x96\\xe94\\x90\\xec\\xd8\\xe3\\\\xedcga\\x05d\\xe8m_\\xc1\\xd9v\\x9a\\xc1w\\x99\\xeet\\x99j\\x83gv\\xde>f@c\\xb1\\xf5\\x1f\\xe2b\\xadx\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xa6x\\xa7=\\xe1\\x1d\\x83`o\\x1d?\\x16\\x94\\xfe\\xd6 \\xe7\n\\xa0\\x0ew}6\\xde\tey\\xe8b\\xbd\\x9bsx\\x80\\xe7\\xbbj\\xbfn\\xb1^@\\x8d\\xdd\\x14u\\xafe"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xfc,\\xd1=\\xad\\x9ao\\x1f\\x1d\\x13c\\xabh0\\xf1\\x85\\x15\\xbd\\x1a8\\x86\\xda,\\x1f\\x94\"\\xd9|\\x8e\\x1d\\xed\\x1f\\x8di\t\\xe1\\xbc*\\xfb\\xdc\\x9a\\xd7\\x1a\\xdd\n\\x8fqutg\\xe7`p\\xa6\\xa8y\\xaf\\xc4\\xc7\\x85\\x1d\\xc7\\xa2;\\xf3\\xca\\x90jzo:\\xe2^\\x1b\\xfc\\xb2e\\x1fx\\xb0\\xfc\\xb4m\\xaa\\xda\\x8bm\\x01a2\\xe5\\xa6d<y\\xa9\\xca\t\"\\xe2\\x040\\xed\\x90d6\\xe0\\xe2r\\x8fb~v\\xbe\\xc9\\x13\\xb3\\x9f\\x05f\\x9c\\xce\\xf7\\x04\\xfa\\x89\\x8a\\xdb\\xb9a\\xa9\n\\x07\\x03\\xf8m\rou\\xb9\\x06\\xf4\\xc6=\\xec\\xdfp\\xfc\\xae\\xe7\\xa0\\xe1\\xae\\xe1\\xf7~\\x99@\\xd1\\xe04\\x00\\xf7\\xa1#\n\\xea\\x00c)\\xa2\\x06-\\x1d\\x0fk\\x9e\\x19\\x99[\\xea=9\\xe1\\x94\\xc1v\\x18\\x0b\\x8al\n\\x9c?>\\xfc\\xa6\\xa5\\x00\\xb0\\xcdc\\xc7s\\xf6\\xd8\\xa6v\\xda\\x7f\\xb24\\xec\\x1c\\x1by\\xcf\\xb9\\xd8\\xe4\\xacw\\xc7d&s\\x89l\\xc0\\x93\\xd0@<\\x0c\\xc8\\xe0\\xaby\\xee\\x16\\xa7m\\xaam\\x93\\x96\\x0b\\xd5\tq\\xd4"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010,k\\xdc\\x8fp\\xd0\\xf6'\\xba\t\\x92\\xe9\\xa1\\x05\\xd1g;\\x05\\xc2\\xe1\\xa0!\\x80w5o\\xc7\\x18)\\xa3\\x87i\\xc5\\xdf\\x08i+\\x972\\x02\\x95\\x18\\x13\\x7f\\x9f\\xbbz\\xd9b{\\xcbi#k\\xbf\\xa0\\x0ed\\xb7\\x0bj\\x93goz\\xe8x8?\\xde\\x7fx\\x8d\\xc1\\x1f\\x8a1iq\\x7f5\\x93\\x7f\\x11\\xf0\\x1e'\\xce\\x90\\xe1\\x9a\\x10\\xfcb\\xcf\\xee\\xd2\\xc1\\xc1\\xcc\\xa9\\xdc\\x8c\\x83\\x1c\\xcc\\x1e\\x85\r\\xb4\\xaa\\xb4\\xda\\x13azpk\\x14y\\xae\\xdew\\x83\\xdb\\xb2\\xed\\xe6/\\x8c\\xdc\\x0f}).\\xec\\x99\n\\x87h\\xb6\\xd0\\x97\\x0e6m{r\\xfc\\xe7\\xe9\\x04\\xcc\\x1c\\xd3\\x14.\\x8a\\xd5\\xbe\\xa3\\x85\\xe8\\xa8\\x07\\xdbz\\xd0o\\x13\\xf5\\x90\n\\xce\\xc2\\xaewi\\xcc\\xee\\xaeg%\\x92\\x14\\x880\\x17\\xce\\x1bw\\xc7\\x0c\\x84\\x8c\\x9d\\x92\\x835s\\x99q\\x11vm\\xa8o\"q\r0\\xff\\xf5\\xe8\\xb5\\xa5p\\xf4z\\x80%|\\xeb\\xff2\\xf24\\xa5\\xf2\\xe0$\\x0c\\xc1a\\xab\\xe4\\x19q\\xb5\\xe8\\xc5\\x1c\\x0br\\xc6eb#\\x15@\\x1f"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010n\\xc7u\\x99fo\\xbf~\\x8at\\xde\\x0e\\xdf|\\xe3\\xeb\\xcep\\xf8g\\xff\\xe4\\xdas\\x8d\\xd1\\xd5l\\xb8\\xeb;;\\x8b\\xb5\\x92m\\x94p\\xa6\\xab\\x07)=\\xe4\\xa2\\x1d\\xd8!w\\xa2\\x0fd,\\xc6\\x18?\\xd8m\\xe4\\xc1p1\\xc8\\xc5w\\xa4\\xbb\\xde\\xaa\\x08\\xa0o\\x18\\x16\\xf3\\xba\\x02&\\xba\\xa2\\x9c\\x00\\x01r\\x95\\xbb\\x81\\xae#@(\\x85.\\x89\\xe2\\x83j|\\x12\\x1cb\\xd7\\xcf\\xac\\x1ftp16q\\xbf\\xa7\\xb2\\x95#\\xfao\\xba\\x15\t\\xca\\xa4~)v2\\xcbz\\x1c\\x8ah\\xbc)s\\xf1\\xc2b\\xf3\\x1c.\\x9cz\\xe8o\\xf4\\x01\r\\xc2\\x822\\xc7&\\xaea\\x9e{\\x80\\xf6`\\x1c\\xbf\n\\x1a\\xa3\\x80\\xb7\\xa7\\x10`\\xcf`lsh4%\\xf1\\xbbns\\x02\\xe5\\xa13\\xc9j8\\x19i\\xcf\\xc1\\xf1b\\x97\n\\x0246\\x1b\\xb6{\\xc8\\x0e3z\\xc0b)\\x16\\xb3\\xb7\\x96xw\\xa8t8\\xb3\\x84\\xa7h\\xe9\\x0b\\x80\\x97\\xfbq\\xf7k/\\xb0\\x16\\xdaf\\xcda\\xc1\\xbd\\xba~\\x03\\xeaw\\xd6x\\xa6\\xdd/\\x9e1\\x9a"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xd3\\xf6\\xff\\xb0]\\x8di\\xf2\\xc5>\\xe05\\x18{b\\xb9\\xe8d\\x0b\\xb2p\\x03\\x07d\\xa3}t\\xa1\\x9a\\xa6b\\x94\\xfa\\xaf\\l\\xe6?m\\x7fm\\x1a\\x03\\xff\\x10!\\x054\\xb2\\xf1(=\\x93z\\x9f\\xd7_\\x99y\\xe5\\x10j\\x99\\xf7\\xcf'\\x9a16\\xe7>n\\xb9\\x7f\\\\w\\xb3\\xbd\\xdf\\x13\\xc1\\x91\\xc3\\xd6\\x01\\xce\\xd1v,\\xe1\\xe8\\xee\\xad]\\x8f\\xf4\\x0c\\x0c\\xd8\\xfe\\x9c/\\x95\\xd9\\xe1\\x86d\\xbf0f\\xea\\xect\\xe8\\x1cl\\xed\\xda\\xeb\\x8b$\\xe3\\xe9\\xa5\\xca\\xc3(2m\\xedivo\\xd3]\\xd9\\x94\\x94\\x82d\\xd2\\xd4+\\xcb\\x85\\xe7\\xbf\\x9e\\xfa\\xaf\\xb7\\xb5\\x90\\x99\r\\xde\\xce\\xf2o\\xdc\"efg\\xe5z\\x96p\\xb7\\x97\\xf8\\x91-\\xd7&rone\\x97|\\xaf8\\x1a\\xa9\\xc8\\xe7\\xd7\\xa0\\x9a\\x10\\x9a\\x98d\\xa1\\xa8u\t\\xcfa$\\x05\\xb5\\x8a\\xfa\\x1ab6\\xe9\\xf2\\xd5\\x85\\xdaq\\xe1:\\x18\\x81iw\\x8cs?\\xf2\\xd56\\xbe\\xa8\\x9cjn[\\x9a\\xbbr\\xbd^\\x1ab\\xea\\x1d\\x03\\xe8\\xcd\\x8bk\\xbbvu\\xeb"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xb9\\x18w\\x19\\x1c4c\\x94!\\xf1d\\x93;?h@7\\xc3\\xa0\\x06i\\x16\\xcd]z\\xa9g\\xe1n\\xb7\\x89\\xa5\\xe7\\xdes\\xf1\\x90\\xb3\\xa8\\xf7\\xce\\x18m\\xb6\\x7f\\xa4%><\\xc7v\\x0c\\xd7\\x01\\xcc\\xe7\\x91j\\x95\\xa9\\x81\\xd1s\\x96\\xc2\\xe1we\\xfb\\x07\\xb3n`\\xed\\xc6\\xde\\x04\\xee\\xd9\\x10\\xc8w\\x19/\\xa4b\\xbd\\xd5\\xb1\\x06t\\x99\\xcd\\x88!.$g\\x83\\x1atm\\x85\\xb8\\xb6\\x17\\xb7m\\xc5\\x18\\xfd9\\xb4aippg\\xb4\\xd4\\x86\\x1br\\x9e\\x85rs4\\x86\nq\\x9f\\x91{\\x87\\x98\\x82\\\\x9b6gm7\\xe8\\x93\\x1d\\xb2e\\x84\\xd7/\\xa8\\xd4@\\xa2e\\xea\\xab\\xe93,\\xd0\\xed\\xed5z)4\\x15\\xe3\\x92k6\\xe38\\x9e.mq1\\xa4\\x80\\xacbz\\x99p\\xb1&\\xd8=6\\x8d3\\x8f\\x8c\\xb9\\x8b\\x91\\xe6`&1iz;\\x19y\\xf3\\xd7yw8\\x17\\xe2t|)a\\xb30\\x1fu\\x10}\\xb5\\xbc\\xd9\\xe4d.\\x82\\x18\\x8a\\x19|\\xa1\\xfd.h\\xe4e\\x00c\\x14'\\x1d<\\xcb\\xc4;"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x11\\xa28x\\xfd\\x84\\xa5\\xc2\\xa6\\x8d\\xebp\\x95\\xc8\\xf0nt\\xd5\\xa1\\xe3;\\xb4\\x1fv\\x0f,|\\xd7\\xe0\\xc8\\xfc\\xc8x\\xd3\n\\xad\\xe3\\xc4i\\xe1\\xe5!u\\xf4\\x16)q\\xd6\\xcd\\x1d\\xda\\x82\\xd2\\xed\\x9au\\xae=\\xc7\\xa4\\xb2\\xfc\\xd8\\xe0\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x17r\\xd7\\x87\\^\\xcf\\xbb\"s\\x8c\\x801i\\x05j7j\\xe7\\xfd\\xd3\\xfe5;b\\x82\\x91f&w\\xc4\\xfb\\xc2\\x08\\x90^\\xc5\\x03 \ny\\xb6\\x88v\\xcb\\xe1cl"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04#\\x0e\\xaf\\x85\\x92\\xbaj\\xcb\\x15\\x93\\xab\\xcb\\x07w0i\\\\xa1\\x18|\\xfb\\x86\\xba\\xc5\\xd4j4\\x08\\xa9h\\xb6\\xbe\\xca\\xbe\\xc2\\xf1\\xb3rdp\\xab\\xde\\xef\\xe3ea&\\x95\\x01##;\\xfb\\xe2g\\x92\\xf9\\x90\\x01\\xc0\\x07\\xd7\\xfe\\xd8\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xc5\\x0b\\xcc\\xb4kw\\xc2\\xba\\x8f\\xfa\\x06\\x03\\xf3x\\xbb\\x87\\xa6\\x84\\xd7d\\xca\\xb9\\xf4m\\x91_&\n\\xe5\\x1cs\\x8fm|_:\\xf5\\xad\\xe7\\xd3\\x99\\xe5\\xa2\\x04n\\x907\\x84"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xcem\\xade\\xb0\\x1c9\\xb3\\xd4\\x01\\xd0\\x06\\x1e\\xef8\\xd8\\x15\\x97n\\xfc\\xed\\xf6\\xd2pb\\x00\\x14\\xf8(\\x9f\\x1fk\\xeb9\\x0b\\x94\\x07w\\xa0\\xebx! h\\xe6\\xc4\\xf2\\x95t)\\x86\\xa6\\x01@_\\xd1\\x8d\\xd7\\x0c$\\xa7;a\\xb0\\xa5\\xc3\\xa6@\\x8e\\x03p\\x9b~\\x9e/\\x0c\\x8c\\xee\\xbe\\x1f\\x80%r\\xed7\\xdf\\xb3q\\x00\\xff\\xad\\xbf-e2g_\\xd8su\\xe7\\xa6\\xbb\\x8a\\x0bd\\xed`\\xd4\\xce\\x9d\\xc1\\xa96\\xc45vcd\\x90%\\x00ix\\xb3\\xad\\x90\\x10\\x05\\xcfe\\xe3\\x83\\xb2:\\xa2-\\xa4r\\x83cc:\\xa19\\xf2f\\x8b/\\xc0k\\xe1\\xcb\\xca\\x9f\\xd3\\xd7o&\\xb6\\xe5\\x18]\\xe57-\\x0e\\x8c\\x86\\xf5\\xeeyu\\xe1\\xb47\\x13\\x7f\\xc6j\\x97\tm\\xf8\\xba\\x07/\\xd9\\x17\\x00}\"\\xe9\\xa8q\\x935z\\xd3\\x93\\xcbef3\\xd9/\\x8f>d\\x12n\\xbe\\x1d\\xf9\\x933\\x9d\\xf45\\xbe\\x91\\xfe\\x14s\\x15z@l\\xfd\\xac\\xa6{\\x9d\\x88\\x7fx%\\xf5t\\xc0\\xec\\xa5\\x1e\\xf0\\xe8\\xc7>\\x0f\\xf5^\\xf3"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010z\\xc6\\xdb\\x01\\x94\\x83\\xe7\n\\xba\\xc5\\x9a\\xd7i\\xfb\\xfcv\\xc0\\xb1yc\\x00\\x81\\xf2\\xf3u\\xf3al\\x8d9\\xa7vh\\x10\\xc4'uhu4\\xc9|o\\xe3\t|\\xdab\\xffr\\x92u!tc\\x18\\x85cpc^_\\x95\\xeb\\xb7\\xb3\\xec\\x7fa\\xab\\x0ex\\xe8\\xe7\\x1d/\\x1d\\x81\\xa7\\x0e\\x1d\n\\x95\\x1e/\\x12:;y#\\xd0sz\\xa6h\\x99\\x9a\\x8e\\xcc\\xa2\\xf3\\xc0n\\xdc\\x8dc\\xa0\\x9fb\\x1e4\\x97\\x18\\x14za~v\\xab&|\\xe5\\xe9\\x1f\\xda\\x17d\\xcc\t\\x99\rp\\xfb\\xe5\\x81\\x19\\x85\\xac]\\x1d\\x12\\xd3\\xac\\x1a\\xf6\\xa5!\\x00\\x97\\x06\\x18(\\xb8(u%\\xdf\\x01v\\xdf\\xf6k\\x8c\t\\xaetv]\\x01\\x18\\x01\\x90l\\x8b\\xd7u\\x1bq\\x9e\\xf6\\xf5 \\xad\\xa2\\xfa;o'\\x12\\xf0b!\\x1f\\xfb\\x84\\xb0\\x97gv\\x85\\x15'b=\\x8b\\xc5!\\x8c;\\x85\\x1e\\xb9:\\x01\\xb5\\xa4\\xac\\x85\\xc0v\\x16\\xfa&\\x8dq\\x9c\\xd6\\xf0ew\\x8c\\xec\\xbd\\xd3\\xf0e\\xbfh6~q\\xef\\xde`\\x84\\xbd\t}!\\xff\\x92"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x16\\xbd\\xf7\\xfb*\\xce&s\\xca\\x16%\\x82de\\x05\\x9b+l\\xc3\\x920m\\xd58\\xe1b\\xa5\\xe6\\xb0\\x18\\xc9e\\xd3x\\xb6\\x90e\\xfe|\\xbb2\\x1b}cj\n\\xcb<\\xac\\x80c\\x95\\\\xcf\\xeaa\\xda)\\x9b\\x82k\\xe2y\\xfbb\\xdf\\x98\\xe6\\xb3\\xb0z\\xd9|\\x97\\xbc\\xa1\\x88\\xced\\xef\\x979s\\xb1\\xf6\\xaa\\xdb\\xa2\\xb7\\xe8\\xea\\x0c\\xf2xl\\xea\\xcct\\xb1f\\xb6\\x1d\\xd2\\xdf\\xf4\\xb5\\xf0c\\xd2\\x8e\\xaa\\xaf^9w\\x8eu\\xa9\\xe5z\\xc3\\x81l\\xbbx\\xc1h\\x0e\\x0e$\\xad\\xd2\\x18_\\xb0\\xb4\\x8a\\xa3\\xb3@\\x96\\xe7\\xb6\\x1b\\xf3h\\xa1\\xc6\\xbb\\xba\\x85\\xc7\\x8dj\\xd4\\x06\\xbd\\x96\\xbe\\xbe\\xa9*\\xf5 \\xa3\\x97,\\x16v\\xb9\\x17\\xaa\\xe9+f\\xac<d\\xdd\\xbe\\x99\\xbcq\\x1e@\\x87m\\x14\\x18\\xbdyk\\xdd\\xd9\\xf9\\xd2\\xd0\\xfep\\xe9\\xd6wl\\xeb\\xeem\\xc7\\xda\\x84\\xd0\\xcad\\xe06\\xbf\\xfa\n\\xe7\\x97\\xad\\x18\\x9a\\xbae\\x90\\xea\\xfb\\xe4\\xcb\\xa5\\xc8\\xec~\\xd0\\x1e\\x94jn\\xec\\xdf;\\xec\\x0c\\xfd\\xdb\\x03\\x80&\\xb1\\xd4\\xd3"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x041-\\xd9v\\x92\\xc1\\xec\\xec\\xe5\\xa7\\x11\\xd0\\xa6\\x1a\\x10\\x9b\\x94\\x08\\xf4\\xd4\\xa4seuv|\\xab?\\xcc\\x1b>\\x0fr\\x0f\\xc1'\\xf2\\xbd\\xf3\\xa5\\xaef\\x12\\x14\\xcc\\x89\\x05\\x85\\xb3\\xe7\\xbfmk\\x10`\\xd7%\\xd2\\xb0y\\x1ei\\xec\\xda\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000d\\x88fv\\x8c\\xb9\\x1e\\xbblo\\x17\\xc87/\\xb00\\xc3\\xcerz\\xe2\\xe9\t\\xa3j^\\xd5.\\x0c`|\\x7f\\xc2\\xcf\\xdb?\\xebtc\\xa3!\\x0f\\x965\\xb9\\xac?%"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe4]\\x99\\x8b\\xda_\\x00\\xb6&\\x97\\xb1\\xe3bb\\x0e\\xad\\x88\\xcc\\xe6\\xfc\\xa3\\xe2\\xc4\\xf3\\xf2%n0\\xfb\\xd5\\x8c\\xc7\\xfd\\xfb&x\\x1d\\xf0\\xe3\\x89\\xfe\\xff\\xdd\\x80j\\xce r<#\\x02\\xff\\xc2\\x16\\x91\\x1e\\x8a\\xf6s\\x0bk\\xee\\xfe\\xe0\\xbb\\x1a\\xb1l\\xa7xy\\xbb\\x14\\xe0|d\\xbf\\xed@\\xa8xyee\\xe8\\xa7h\\x0cxi\\x10\r\\x1ai\\x1b\\xb3\\xd8j\\x02\\xe4a\\x8168r\\xee\\xc3d8\\xf7\\xab`9s\\xbd\\x1e!6\\xb0\\x0cu\\xd9z4\\x12\\x9fj\\xdb\\xdbu\\x8bk\\x14=\\x86\\x9dujecy\\xa2\\x86\\xd1.\\xd6\\x8a$\\xf3\\xb2f\\xbfw\\x920[\\x05\\xd8\\xe7\\xec\\xf5\\x15zh\\x14'j\\\\xad#}x\\x95f\\xb32\\x9c\\xda\\xb0\\x03\\xb0\\x11\\xe8\\x97b\\xb8\\x94fk\\xb8\\xd5v\\xa6\\xb9\\xfb\\x9a!\\xe5].\\x7f\\xa7xr\\xbd\\x12x\n\\x19\\x8f\\xfd\\xd2\\xf9\\x9f\\x0c\\xe1\\xed\\xca\\x13$\\x1b\\x8b\\xff\\x89\\xc5_\\x11g\\\\x8c\\x8c\\xca\\xa4r\\xde\\x14\\x7f%n\\xe2h^\\xe5i\\xf6q\\xc0w\\xd3\\xe3\\xa4"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x824\\xf8\\xaf!fl\\xd2\\xa4b_\\xa8\\x0b\\xad\\xb7<\\xfap\\xeb\\x85m\\x12m\\xed\\xe2\\xc6\\x84\\xf9\\xb9i\\xb1\\xa1\\x89\\xdb\\x82\\xedy7e\\x16po\\xef.\\x8e:\\x1d{\\xbf\\xa2\\xbc~\\xa9\\x1f\\x98zf\\xb5d*\r\\xca\\xe0\\xe7\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x88\\xff\\x93\\xa7\\xcf\\xd9\\xc6\r\\xe8]i\\x07\\x96\\x12\\x97u\\x88\\xa7\\x92\\x15mrt\\x82i\\xc2\\xa9\\gk\\xc8\\xca\\xac<\r\\xd9\\x9b\\x9c\n.\\x8e\\xed\\xcc\\x10\\xb9\\xb2t\\xdc"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe6@\\xf5gzh\\xbchu\\xa8\\xb8^\\x95l\\x93;\\xc2\\xf6\\x8c\\xd4.`\\x13\\x0cp\\x96s\n4\\xf7]\\x14g\\xddc4>\\x84\\x9c\\xc8\\x9a0{yx\rn\\xc1wr\\xe0\\xbd\\x0e_ow\\xaf\\xa2\\xcb\\x17\\xdadk\\x91#\\xec\\xdf*\\xd7@vo\\xec%\\x03i\\x95[j\\xe9o\\xe8\\xc7\\x97s^\\xc3<z~a\\x82\\x12\\xc2\\xd8\\xac\\xdc\\xc2\\xe9\\xb0\\xca\\x05\\xf6\\x07\\x1d\\x03rm\\xe3$\\x1a\\x9d\\xdb\t\\xff\\xbf\\xe3l~\\x17\\xcb \\xfb\\xa0\\x81\\xce\\xc7\t\\xc1,\\x08\\xafu\\xe2y\\xaf\\x87-\\x86\\x85c\\xd0\\xabt\\xd3\\xc7\\xfd\\xb7\\x0f$\\xff\\xc7}zh\\x8d\\xb3\\xbd\\xd7-\\x18\\x12ac\\xa8\\x1b\\x06\\xc5\\x8db\\xf3\\x8a\\xc8\\xcav\\x94p\\x988\\xfc\\xd8\\xdf\\xdc\\xa3\\xfbb/\\x9f\\x1e\\x18\\x9f\\x80^\\xe6\\x94\\xf2r\\xf4\\x82\\x93\\x9d\r\\xb5\\x07f\\x02\\xdd]:e\\x1f 4\\x0e\n\\xf9\\x80\\x0b?\r-1\\x81t\\x1e\"v\\xcc\\xca\\x19\\x7f\\xbc\\xb8\\xb2|\\x04\\xf7\\xcc\r!\\xf0\\xcd?\\x9c\\xc1\\xb6cq\\xad_\\x05"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xa8\\xb2\\x15\\xf9{\\xdd\\xd8{\\xe1\\xc9\\x90\\xcea\\xdf!\\xa9\\xdd\\xf3\\xafg-\\xd8\\xae\\x08\\xf7\\x11\\xe9|i\\x19\\xb3\"\\x19\\x8fw\rc\\x19\\xd4(a\\xf4d#m\\x17\\xbek\\x08\\x15yvp\\xc4\\xb1$l\"\\xde\\x93e\\xd8r\\xca\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xad\\x9b\\xc6\\xe7\\xb5\\xba\\xcf\\xd2n\\x8c\\xc18\\xeeu\\xe3s\\xaat\\xad\\xe1\\x04p\\x1c\\xe6\\xd3#x,$\\x89\\x1c\\x01wl\\xabp\\x8egq\\x99\\xea\\xf4\n\\x9f>fj-"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010r\\xd9\\x9c\\xbc\\x98m\\x87m\\xb5q@\\xed\\xbd=\\x9f)\\xb3\\x14\\xddo\\x9d\\x89-~\\x9b\\x98\\xbf\\xec'\\xc6\\xcc\\xc8o)r\\xc5\\xf9\\x8a_j\\x89\\x82\\xec\\xc1\\x8d\\xffa\\x97r\\x90\\xc0\\x0b\\x84\\xcc2&u\\xe5\\xf2tc\\x13\\xf2xg6\\x1awc\\xc6pt\\xb6\\xbda\\x00n\\x13cv{g\\xce\\xcfx\\xf9\\x1bzy\\x05\\x19\\x1bmdp\\x89\\x1c\\xefg\\x10\t'j\\xfe_\\x95^\\x05\\x1a\\xbac\\xb1x?7l\\xbf\\xc6\\xac\\x8d\\xd5\\xe6\\xa7\\xd6\\xbbv\\xc6\\x06\\x8e\\xcaca\\x12<\\xbc\\x8d\\xa5\\xcd\\x9es\\xda\\x8fnv\\q\\x11\\x8c;))[\\x9f\\xd1\\x03s\\xadzu\\xeei\\xe3\\xa1[\\xcd\\xf3\\xccv\\\\x9d4ao\\xaf1\\xce\\xa7\\xce\\xd5\\x84\\xc5:\\x1dgkb\\xd6 w\\x16-?\\x00_[t{\\x89\\x14nc\\x85\\xc2\\x14k\\x16\\x11\\x81\\xf8\\x8d\\xd1\\xb8\\xb3b\\xd3\\xb6v\\xda\\\\xda\\xf2u\\xec\\xd0s\\xee\\xbc\\xd1\\xe6\\x18\\x0f\\x8e\\x19\\xde\\x1d\\xd3u\\xbd\\xe2g\\x08\\x04`h\\x8bk\\xe4\\x87 d\\xdf"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010 /\\xafl\\xdca\\x90@j\\x07j\\xbf\\xa4\\xb9\\xc66\\x19dtl\\x87gowse\\xdc\\xd3\\x81sv\\xdf<u\\xf5\r\\xc8a6=\\xbe\\x0f\\xf7\\x18\\xf7\\x8d\\x97p5\\xb9-nc\\x0b\\xc3\\xac\\xe9@\\x18\\x08y\\x97n\\x1da\\xe6\\xee\\x8a\\xfa;\\x03}\\xa9\\xd1\\xa2\\xe44h,[\\x02)\"_':\\x9dx\\x8f\\x1f=\\x9cn\\x05[ni\\xc4\\xf1\\xcat\\xbfw\\xf0\\xd7\\xc5\\xd1t\\x964\\x08$\\x9c\\x0f\\xde\\xec\\x10\\xd5\\x0c\\x0cj\\xb7\\xadb5o\\x11c{a\\xf6y\\xa0\\xe5s\\x16!\\xa7\\x9b!u\\x92^~\\x1562\\x1d;!a(2y_\\xc7\\x10h,/^de\\x9a\\x1c\\xadf\\xd6\\\\xf4\\xf7\\x01\\x87\\xc5\\xd0]u\\xef\\x9b\\x1e^\\x947\\x9f\\x1d\\xe6\\x8bv\\xdc\\xff\\x98\\xeex\\x8c\\xeeu\\x08\\xca\\xff\\x12qsy\\xe2vg%r\\x8a+e\\x9e\"dm\\xf6m3e|\\xa1h\\xe1\\xb8*\\xff\\x05\\xfc\\x1b\\xeczq\\x8ab\\xec\\xa8\\x98\\x89v\\xb0xy\t9\\xb7\\xe8q\\xc3\\xc0\\xc2p"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xc7=\\xb1\\x18\\x16i;\\xa2\\xdbv\\x00+\\xcd*\\xaf\\x96\\xc0\\xfa\\xf5<\\x00\\xb5h\\x18\\x9b\\x0fx?\\xb8\\x17\\x07\\xf3\"\\x15\\xb9\\x7fyj[\\xb2\\xbf|\\xaf\\xd3\\xb1\\xae7+\\x11\\xc6\\xfa\\xda6\\xe1p\\x87\\x9d1\\xc7z\\xb6\\xee<\r|r \\xe63\\xcby\\xcb\\xbe\\xe0\\xd5\\x8c@*\\xc7:~\\xd5\\x7f\\xdbcu5lh*\\xe5b\\x12[\\xd0\\x1a`e\\x8e:v\\xcd\\xf8\\x1d9\\xa3\\x9e5xl\\xb2\\x0c\\xe9w\\xc3\\x1fv\\xd0\\x98\\xfa\\xed.\\x84\\x93\\xdcs\\x00\\xbb\\x8b\\xe2\\xa0\\x1b\\x9e\\xb8a\\x90q\\xf9\\xb8\\xedb\\xf8\\xacf\\xdd2\\xd0;$!\\x15n\\xe7%\\xe1\\x93\\xc4\\xce\\xe30\\x7fd\\xf0\\x058/\\x8dv\\xba\\x90_\\xa2\\xc8y\\xea\\x8d\\x85\t\\x94d\\xa3\\x00!q\\x7f\\xb26\\x93p\\xfb\\x90p\\x8c\\x8d\\xbd-\\x9c\\x83\\x9dr\\xd1j\\x1b\\xc0y\\xa4qsf\\x99\\x81\t87\\x1e\\x8cmh\\xf1\\x1f\\xaf\\xba\\x05*\\x85\\xcd\\x8a\\xa7\\xb0<th\\xdew@6\\xa5ko\\x0c\\xbc\\x0c\\xc8]\\xdf\\xa9q\\xd4h\\x87,"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x0107\\xf8a!\\x98\n\\x96)g\\xb2\\xab\\x13\\xe3\\xa0\\xd3w\\xcc\\xf7kj\\xeb\\xca9i\\xa4\\x96\\xa4\\xc3?\\xee\\x86\\x84\\xd2\\xfd\\xee\\xeb\t\\xe3,$\\xe0\\xd1d\\xe2\\xa0\\x0ca\\x8f\\xb2h\\x0e\\x08_,t\"_\\x99\\xe7\\xa4\\xb2d#\\x1e\\xaa\\x8e\\x16r\\xa6\\xab\\x89\\xa6-i\\xa4\\xa0jr\\xa6\\xe1\\x0c\\xd7\\xa9\\xde\\xa8\\xcc{8y\\x8e\\x05\\xa4\\xa7\\x9f\\x14s\\x19\\xed\\x1f\\x83=\\x96\\xa7z\\x125m&\\xce\\xcd{\\xae]&\\x14y5\\x84`\\xdcg\\xc7\\xca\\x06pn+\\xda\\xa0]b$\\xdb'\\x80\\xb9\\x03\\xf9\\x12\\x05\\x91\\xe2\\x1ax%\\x92\\xb8\\xa0v^\\xc3/\\x08n4\\x9b\\xd1\\x92\\xb8(h'\\xea\\x19e\\xc7\\xcf5\\x10\\x8a\\xa7>\\xab\\xd6\\xc2'\\x1e\\x14\\x93\\x06\\xaa\\xe9\\xf3zq\\x84\\x99\\x9cr\\xad\\xddqylf\\xad\\x16\\xba\\x96\\xba\\xb0>m/\\xdc\\x94\\xa1\\xf7\\xde0=>\\x82\\x1f{\\xe9\\x80 \\xfd%\\xac\\xae\\xb9\\xab9\\xdb\\x1e\\xbb\\x11\\xe6)\\xadtw\\x13\\xc6\\x07_\\xdfr\\x98\\x18w\\xa1yf\\xb9\\x1d\\xa08\\xbe"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010x\\xab\\xc4\\xf9n\\xc2yx[\\xa2\\xac\r\\xde;\\xa59e\\xb8\\xa3vrecoh\\x0f}a\\x01ss\\x9f\\xe4\\xdaprd\\x92\\xf1\\x9b\\xf7j\\xc2\\xd7\\xf2:\\xf7\\xf6\\x85\\x9ewpe\\x16j\\x93.z\\x87\\xb0\\xdd\\x16\\x93'\\x0f\\xf3^\\x0faihw\\x1f\\xd1@\\xd1\\x1f\\xc4\\xc8#\\x1a\\x0e,\\xb2\\xdfi\\x7f\\x98\\xcc\\xdf\\xea=\\x8a\\xa6%\\x18\\x1b\\x83\\xca\r\\xa1g\\xcf\\x92\\x89\\xf3|\\xfa\\xca.^\\xec\\xff\\xc4\\xff\\x9f\\xaew\\\\xc1\\x90\\x1e#\\xfdd,\\x9b\\xeb\\xb75\\xa1\\xa08a`\\xaa\\xeft\\xbe{%\\x1c\\xf0\\xa9p\\x96\\xb5\\xc9 o\\xcd\\xabei\\xc7\\x0c.\\xd9+\\xd1{\\xfe\\xb4*\\x0b\\xdf\\x1f\\x86\\xe9\\x05n\\xbd9\\xdf\\xc4\\xcett\\xa7\\xa3\\x1ap\\x9bu.^;\\xb9s\\x0es\\x94$\\x99\\x8csb\\x11\\xc3\\x9bh\\xa4=e\\xb6lf_g\rr\\xef\\xdc\\xb3\\xbc\\x8d\\xa4}\\x83\\xdb\\xcf\\xf3\\x9e\\xf2\\x7fw\\x9f\\x04\\x99\\xae\\xcb\\xa0\\xa1'\\xe7,4\\xd1}\\xfe\\xc79\\\\xee9\\xc5\\x8f9nl\\xaf"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xce\\x82\\x0c\\xa2\\x8b\\xb0\\x11\\x1cx\\x88\\x83j\\xe7:\\xe8\\x1c\\x97\\xd5\\xa9\\xf9\\xad\\xf1-\\xa8\\xb1\\x15:\\x1e\\xdeh\\xca\\x87\\xdc9\\x1co\\x7f\\x0b\\xdc8\"\\x91\\x88\\x04>?c\\xde\\x8ek\\x94&q\\x06\\x03\nv\\x84i'swprgez\\xd49&7d\\xe2\\x08\\xe1n\\xdd\\xc8\\x15c\\x98\\xffjz\\x93r\\x15[\\x0b~[_\\xd1\\xe4\\x832\\xfd\\xa4\\xc5\\xf8\\xbf\\xd1\\xbb\rx\\xc7]^\\xd7\\xcc@\\x8a\\x01\\xb5\\x94\\x13\\xc9\\x94\\xa6\\xf2\\\\xed\\xfean\\x8c\\xd6\\xb28\\xca\\xf8\\xa1\\xff\\x162\\xe2\\xd8\\xb8\r\\xc0\\x85t\\x88x\\xbe\\x8b\\xdd{_\"\\x19:\\x8c\\x06\\x8c\\xdbgr\\xd5_\\x17\\xd3\\x88\\x84uhh\\x8a\\xc1iqc\\x02hm3b\\x0c\\xe7\\xfa/\\xb4\\xcc\\xf5\\xc2&\\x12\\xbd6\\xa4`,\\xf7\\xd1\\xb9\\x03\\x86\\xc6\\xcf\\xc4\\x0b\\x11\\xfbg\\xcc\\xfa\\x9e\\xba\\xb8y[\\xbd>`\\x83d\\xf4a,\\xc9\\xe1\\xd0\\x89\\xd7\\xb6r\\x10\\xa14b\\xcew\\xf7\\x12\\xf1zb\\xa2\\xdf\\xd3\\x0e\\xa7&\\x18npe\\xbc\\x90\\xa8\\x02"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xd1(\\x9a\\xf0\\x12\\x01\\xcc#\\xbfi\\xe0.\\xc2\\x81u\\xf4\\x90:\\x1e\\xb1\\x9e\\xbc\\x9c\\xff\\x92\\xe3\\xb7~\\x81^\\x14\\xed6\\x16\\x05\\xf1dv\\xb9\\x89\\x84\\xaf\\x8eu\\xc9s\\xc4'\\x93\\x9c~/`\\x97\\xb2\\xb7g,\\xfe\\x95\\xfe\\x00\\x08r\\x90j\\xd6nm\\xa48e\\x15\\xb7\\xba\\xd1/\\x0f\\x8fx\\xe3\\xb1j\\xd7\\x92i\\xbf\\x00fi/t\\x16{\\xde \\xc8\\xec5\\xa0\t\\x98#!o\\x86,\\x9d\\x82[\\xa5}\\x88\\x16\\x80\\x0b\\x84\\xb2\\x05/v\\xa1\\x85#\\x8f\\xb1\\xee\\xfa8\\x00|\\x823\\x02\\xab\\xa3n\\x1d\\xdd\\xefz\\xebg\\xcb\\x8bude\\x08gaz\\x9by\\x1c)\\x0f\\xbe\\xf8g\\x01g\\xed\\x87f\\\\x96n7\\xaf\\xca\\xe3%\\x16\\xc7\\xbak\\x89\\xb2\\xc3\\xa1v\\xee\\xd8\\x9c%wh\\x89\\x19!n\\xd6e@\\x88\\x10zk\\xc5\\xb2\\x9e\\xe4`mf\t\\x7f\\xda\\xec\\xc9\\xa2\"\\x94%\\xbegj\\x9e\\xa6\\x90\\xc7\\xa3\\xcc\\xc6w\\xd3\\xcc\\xa45r\\x02\\xd8\\x1e\\xb6%$twb\\xd1\\xa7\\x8cb\\x9d\\xb3\\x07\\xb6\\x10\\xf7a"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe8\\x15s@\\xe0v?\\x80\\x86\\xb5\\xa3\\x83\\xaf\\xfb\\x947\\xd6\\xba\\x98\\x1b?\\xbb\\xf8\\x9a1\\x93mdw\\x8d\\xd8\\xca\\x\\xae\\xe2\\x1cf\\xa7\\xd0\\x02\\xe7\\xcd_b6\\xc0\\xc1\\xc4\\x8b\\x86t\\x06*\\x1fw\\xcb9\\xba\\x83\\x1bo\\x07t\\xf1\\x93\\xaf$\\x81j`q\\xcci\\x08=bj\\x02\ty!\\xf4\\x00\\xe7\\xccqf\\xd3\\x1f\\x19\\xb2[\\xf4\\xc6?'\\xaa[c&\\x13\\xe2a\\xf7y\\xcf\\xa3|d]\\xcfw\\xb1\\xc4\\xfe)\\x01\\xa9y\\x93\\xcb\\x07t\\xd4f\\x99\\x10\\x83\\xbe04wrwd<\\xfb\\x0e[\\xa3a*\\xfcjkn\\x96\\xb8\\x94g\\x17yl\\xfb\\xebvw*\\x12\\xdd\\x8fd\\x06\\r\\xc3j\\x99\\xb5\\x8f\\xc2\\xea\\x06\\x106\\xba\\xe0\\x03\\x89p\\x0f\\xb0p\\xbeb\\x9bn~v\\xbbbzk\\xeaq\\x17\\x8f%zf2\\xfe\\xaa1i\\xe0\\x07\\x03\\x98\\xd6\\xdea\\xff\\xa2b\\x0f\\x93f\\xa59\\xf8!\\xc2=n\\xc3\\xa7\\xd8\\x16\\xebo\\x8a\\x9a a\\xce\\xec\\x03\\xbal\\xeckr\\xc9\\xabcit\\x99\\x18"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010sx\\x8f\\xd4\n\\x04\\xdf\\xf5\\x13\\xec8\\xb5m\\xd8\\x10j2\\xf18\\xc4n#\\xae\\x96\\xb8\\xc2wjp!\\xf2]\\xd2\\x8f]1\\xb3m7\\x92qd(ia\\xbf\\xa1\\xa7ap\\xd6k\\xb0#\\xaex\\xd1\\xcb\\x84\\xdck\\xaa\\xdc\\xf9\\x8c,uh\\xfbv\\x02\\x80c9\\x05\\x15xzx\\xe3l\\x7f\\x1b\\xad\\xd6\\x0e\\x1f,\\x0e\\xc5\\xa6\\xa4\\xe5\\xee\\xe0.j\\x95\\xa5\\xb4\\xc7\\xc2z\\x18\\xb1$0s\\xa1j\\xbf\\xbcyh7\\xac\\x06\\x10a\\x139\\xb4l\\xcf\\x8dd\\xc3\\xcci\\x8e\\x1bq\\xfc\\xa2\\xde\\xa0'ev\\xe0bd\\xf4`o\\xac\\x16\\x97\"\\x95\\x8f(\\x8e\\x89g\\xcdd?x\\xd7q6\\xbf\\xf7\\x88\\xbcmn\\xedag3d\\xe2\\xca'\\x91\t\\x87\\x8c#\\xfd\\xee\\xd4o\\x93\\xdav\\xca\\xcbn/\\xf8\\xa9\\xe4\\xbd\\x1b\\x91cw\\x03\\xa9\\x11\\x05\\xe0\\xf4\\xdd)z7\n\\x03\r\\x13x\\xfey\\xc1y\\xa2r[\\xcc\\xad\\xb0#&\\x9ed\\x10i\\xaa\\xfbn\\x08\\x07\\xb1'e\\xd5>\\xdf\\xff\\x95\\xf1\\xf5\\x1f00\\x1a\\x1d"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01\\xf0\\x04\\xa7\\x80d\\u\\xd3\\xe7v\\x1b\\xf9\\xd1_\\xf3\\x85uw\\xd1\\xab<\\xdap}.\\xce6\\xcd\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01\\xe8\\x95\\x1d=\\xf1x?i\\x19zf\\x1a\\x03\\x7f\\xbbx\\xe6\n\\x89\\x87\\x8dq\\xa2\\xab\\xdb=t\\xf9\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01\\xff\\xce >\\xcf\\xa1.+y\\xbd\\xc0\\x02;$\\x9dk\\x1b\\x8a\\x81\\xe3\\xa0qa\\xd8\\xdfa\\xba\\xef\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01wc\\xc6\\xf0\\xb7az\\x06\r\\x8b\\xc7[\\x158\\xfc6g\\x17\\xc3\\xb6\\x1ce\\xd8&f]q1\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01w\\xf2\\x980\\xe3\\xcf\\xa78\\xcfl\\xf3\"\\x14d\\xe5\\xce?a^\\x95\\xc6)e\\x7fd\\x84\\xc04\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01\\xa3\\x91\\xf7?\\xfe\\xd1e$\r\\xaf\\x9c\\xbd\\xd4\\x8b\\x01\\xb9\\xdb\\x02t\\x0e\\x11_\\x05o)j\\xedk\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01p\\xc9\\xf9\\x90}enw\\xe4\\xe0%\\xfaxs\"q\\xb8f\\xa1\\xe0\\x89g\\xa8\\xa7\\xb4\\x13\\xea\\x18\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01\\x13\\xc1qf\\x13\\xd3\\x80\\\\x91tu0\\xf9\\xa4d\\xb9\\xbd\\x0c5\\x1cn\\x1c\\xb3\\xd0\\xccc\\xa9d\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x0b\n\\x83\\xc7\\xfe\\x07m\\xe8\\x83\\xf1ri\\xacg\\xdfj\t\\xc1\\xf6\\xd0\r\\xac!y\\x14\\x06#`,\\xf20(jfq\\x90\\xd3\\xa9\\xc0;a\\xbaw\\xdax\\xb1\\xcb\\xf7\\xba\\x1ftl2\\x1a\\xb1\\x16o\\x94(%\\xde\\xb8vx\\xdb\\x02\\x97\\x17_\\xbdv\\xa7\\xb5g\\xfc\\x81\\xe8x\\xa3g\\xfcb\\x1d\\xc0kz\\xfagb%u\\xe0{\\x1a3\\x9c\\xef\\x8cb\\xb5hc\\xa3m\\xa0\\x15y\\xe7okl\r\\xfc\\xc3\\x0e\\xe8\\x94i\\x07)\\xe5\\x88\\x0fw:c.\\x80x\\x0cu\\x8bl\\xb2s\\xc5 \\\\xf1\\x13\\xdb\\x04\\x02\\xe3z\\x15\"\\xb4c\\xda\\xe7^<.\\x16\\x92\\xa4m\\x95\\xd2-o\\xd8\\xe86\\xeft\\x89z\\xc4{\\x8f\\xbb\\xf2\\xfe\\x1b\\xc8m\\xdb\\xb0\\xcb\\xf39\\xb2\\x9a\\xae7\\xf4\\xd7\\xb7\\xd5\\xee\\xe8nm\\xc7w8\\x90n\\x17\\xad\\xb9\\x043?p,y\\xf9\\xb7\\xed\\xf8\\x8a\\x95rn\\x0f\\xd8(\\xdb\\x8fb\\xa8<\\x8d\\xb3\\xb3\\x97\\xe5\\x08\\xa0\\xec\\x85k\\x03b\\xe9x\\xb5hpn\\x0f\\xfa\\xfb\\xe9.\\xc6gh"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xa6\\xe3\\xcfn\\xf4\\xa7\\x9ae\\xcc6\\xc9\\x00\\x98\\x1a\\xc5\\x12,f\\xf5\\x11\\x14:\\xb0*s\\x9b\\xad\\x8c\\xab\\xe7k\t\\x7f}\\xa1\\x11\\x9dpt\\xca\\xf28\\x19\\xa4a\\x89\\xc6\\x04\\xaa,\\x96f\\x06b'\\x0e\\xe8\\x8b%\\x07\\x8e`&t{\\xc1]tq\\x05y;\\xb7`\\\\x92_\\xeb\\xed\\xb4\\x85z\\x86t\\xfe\\x14t\\xacq\\xd5b\\xe1\\x0b\\x85\\x88\\x84\n\\x07\\xafyy\\xf4;\\x10\\xbav{\\xa1\\xaa\\x88\\xcc<\\x08\\xa7\\x81\\x8dzt\\xbd\\x8e=\\xe0\\xaa\\xa4\\xa6\\x02e%^\\x0c^t\\xbf\\x97\\xdf\\xe9\\x0c\\xea\\xe6?\"\\x9b\\xae\\xcf1c\\xd9|\\xdc}\\xa6\\xc8\\xd29\\xe5\\xccvh\\xf54p\\x8ej\\x98\\x82\\x12.\\xea6\\x1b\\x11\\x88sz7\\xfc)\\x07\\x02\\xb2|h\\xb9\\xf9\\x81\\x7fx\\xf2\\xcb\\x18\\xf2&|yp\\xac\\xd3k\\x16\n\\x9ag>/\tq\\x15\\q\\x8d\\xf9\\xbe\\xf0\\x1e\\x0f#\\xa9cn\\xc3\\xc6\\x8d70\n\\xed\\xe4\\xb1\\xaf\\xf5\\xa5\\xb9\\xb6\r|\\x8e?3m\\x81fd\\xea(\\x1f\\x8f\\xbf\\x9cg\\x86t"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01\\x8e\\xc7\\xd3\\xdf\\xbbl\\xc3}\\x7fq\\xc4m\\x84\\xd7fw7\\xa4\\xf6k\\x9f\\xc3\\xcao\\xfa\\xd3}\\x93\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01$]\\xe1\\x822\\x01\\x04v\\x1d\\x96\\xc3io\\x14\r\\x91\"\\x04\\x82\\xe7\\x0fg\\xca\\x99\\xb4n\\xe4\\xf7\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01\\x9e\\xc3g\\xca\\x11\\xeb\\xb5\\xe7\nc\\xfd\\x18r\\xf2\\xc7\\xb6\\xb5\\xce\\x91\\xa2c\\xc1i\\xa6\\xdc\\x90\\xd1\\x11\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01<d\\x8d\\xbd\\xb0\\x8a~\\x04\\xe9b\\xb2\\x18\\x8c\\xbe\\x9a\\x94\\x0e\\\\xfbn\\xfa\\xa5\t\\xb0)s\\x10|\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01j4\\x89\\x081\\xbf9\\xbau\\x95\\x12`0\\x9b\\x8f)\\x9f\\x0c\\xf1^\\x92\\xc0\\x8a\\x1c\\xfdb\\x15`\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04r\\xfe\\xec\\x1f\\x07\\x800\\x19\\xd5\\x052\\xea\\xc0ya\\xeao\\xac\\x11f\\x1c\\xde\\xa1\\xa7zzq\\xdc8\\xbd#k\\xbd\\xc3\\xcfs\\xf8m\\xdc\\xdf.%\\x002\\x87bgh\ng\\xd6c\\x18u\\xbc\\x92\\xfcs\\xe9\\x83`\\x07\\xa1\\xf7\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xcba\\x83ruk\\x1d\\x10\\xcc\\xc3\\xba\\xca\\x1cj\\xb6zbp\\x1fl\\xce\\xea!\\xb8\\xf3\\x038\\xd4\\x0fw+\\x85\\xfe2t@gn\\xdf\\x91\\x00\\x85s\\xa6-\\x0b\\xac\\"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04:\\xca[s\\xf3\\xa6\\x13\\xd4\\xd9/\\xf6\\xfe\\xc6\\xbb_\\x0b\\xc1*\\xe5=\\x1f \\xfa4(6>%c`.\\xbf\\x9f%\\xf4v\\xb6\\x14j\\x92\\xf4\\x03\\xcf\\x00\\xd9\\x81\\xf5\\x89\\xeb\\x81z\\xa9_\\xf5\\xba\\x9er\\x16n\\x88l\\x9e\\xe3\\x8a\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xf9\\xc6\\xb4)`op\\xa4\\x10\\x8e\\x05\\x08+;wl\\x9c\\xda\\x8au\\xe4\\x88\\x05\\xaf).`\\xf7l\\xd27\\xf5\\x05\\xb1j\\x92\\xfbq\"6\\xd7p\\xdf$\\xbe\\xad\\xdf\\xed"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xc6\\xdd)\\xd1\\xa4\\xad\\xeal\\xecq\\x93]\\x12\\xc8\\xc0pg\\xd1\\xd9a\\x0c\\x84\\xddc@\\xb0\\x0e\\=\\x808\\xe9\\xc2uj\\x89\\x08j\\xa7\\x98\\xde\\xe1\\xb9\\x8c\\x0c\\x18h\\x82\\x930\\xbbl\\x1a\\xed!\\xf7[ 'w\\x04\\x04\\x91\\xd4\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x90q9\\xb4n\\xf6tjn!\\x8c\\x97o\\xc6\\x00\\xfd\\xb7\\xd2\\x9f'/,\\xc7^\\xc3\\xaa\\x1f\\xe7\\x9el\\x11\\xaa\\xdb\\xa9q\\xceu\\xb55\\x1f\\x81:{z3\\xf0\\xf7p"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04m\\x87\\xea\\xf9\\xd4\\xc9`&\\xe2\\x1b\\xbf6[sm\\xc9\\xd0y\\x0f\\x11\\xf3z\\x9bk\\xfeg{\\xbb\\xd4\\xa5\t\\xfc\\xdd\\x9au3&\\x9a\\x01@m\\xe3&\"\\xccxi\\x17<\"b\\x895`\\xe246/\\xdc4lt$\\x98\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x0009x/4\\xb6\\xe4p\\xa1/\\xc4\\xb6\\x8e\\x81rlp\\x06\\xf2n\\x80\\xa4\\xce\\xee\\xac\\x94\\x7fs\\x88o\\x8d\\xe7\\x14p\\xed%\\x07\\x14\\xe1\\xcb\\x8f\\x98\\xba\\x1dq\\xa99(\\xf0"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04}\\x0b\\xa6e\\xb3\\xa4r\\x17\\xd4r\\x86\\xa9\\xff\\xc4\\x0by\\xbe%tr67\\x13\\xed\\xa7\\xbc\\xa9\\xaew\\xc7g\\x84*\\xf4\\xcb}\\xa7i\\xf9\\xca\\xee\\xb7\\x03\\xd9\\x07\\xca\\x0c\\x00\\xebw/\\xd4k\\x9f;\\xb2\\xa5\\xf5\\x95r\\x06\\xc3\\m\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x96\\x9fn\\xea\\xde-\\x1b\\x1esye\\x86\\xfe6\\xbev\\xa58\\xd2_\\xb6:\\x96\\xd5\r\\xf6\\x84\\xba\\xf5\\xff\\xdd\\x97\\xddx\\\\xeb\\x86\\xf2\\xb4\\xfa\\x9d\\\\xdf\\xbe\\x05\\xdey\\xdd"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04b\\x1d~\\x86e\\x1c\\xe5\\x89^\\xeci\\xd1,g\\x16\\x89\\xc3\\x13\\x166(\\xd3\\xe1\\x92\\xbf\\xd7\\xdfx\\xf9\\x05v\\xbc\\x95\\xc0:\\xde&\n\\x1c\\xd8\\x037\\xe1\tr\\xbdy\\x14\\x92[=\\xc8z\\xb3\\xa9\\x0e\\xfa\\xf5\\x88\\x95%\\xf1z\\x82\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xa9o\\xdeg\\x03\\x9e\\x8f\\x1d \\x9cnsr\\xc9\\xbc@\\x02\n!\\x1b\\xc9\\x0be\\xaf\\xc8\\x82r\\x0b\\xdc8\\x82\\x00\\x089k\\x94,lf\\xe4\\x82n\\x8da\\xa6\\x8cf,"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x83\\x01\\x00\\x00\\x7f\\x03\\x01]\t\\xf8\\x01>/\\xb2\\x84r$6\\x91\\xfb\\x985\\xe8s\\x9d\\x8dp\\x1b\\xa0l\\xa3'\\xeb\\x989\\xecb~\\x17\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00>\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00%\\x00#\\x00\\x00 omextemplates.content.office.net\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xdaf9uzc\\x0c\\xbf\\xbd\\xbda\\xfa\\xdf\\x8a\\x94{\\x018xdn8p$1 \\x00\\x91\\xbd\\xf0\\x9f\\\\x03\\x88i\\x85\\xbd\\xed\\xe8\\x97\\xe5w\\x1f\\xac8*\\x98\\x13\\xd6\\x96g\\x98\\xa6\\xc2~\\xf5\\xb7\\xbf\\xc1\\xb6\\xf1\\xae\\x0b\\xdf\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xec\\x96\\x86\\xb7po\\x1fo\\x83<\\x05\\xd5\\xaf\\xe9\\xa2\n\\xa1g\\xc6\\x8cm\\xcf\\xdd\\xe9\\x15\\x87(\\xeb5\\xac\\x1e.\rb\\xb0(\\xd8\\xb1\\xdek\\xc6\\xdf\\xed+\\x18hp\\x1a"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04v\\x04\\x13\t:\\x9e\\xe0\\xaa\\xc1\\xae|7\n\\xf3\\xdf\\xe0\\x9d{\\xaf\\x0b\\xea\\xbd\\xc5_\\x00p\\x17^\\xe5\\xaf\\x15\\x8f7\\xd5\\xe6\\xac]\\xcdw]\\xe5\\xeb\\xe4\\x93\\x94\\x9a\\xfb\\xa2w\\x08\\xcc\\xa2\\x0f\\xe7b\\x198z\\x96\\xcc\\xaaz\\x94\\x8b\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000x\\x8dqt\\x07o\\x91\\xd0ae\\xe9\n\\x07#\\xfc\\x0c\\xa9\\x9f\\x18/\\xab\\xa9\\xb8\\x7f\\xa7\\xb5\\x99\\xba\\xd6\\xcdh\\xbd\\xa3\\xdb\\xa5\\x95\\x13e\\x06^\\x18.\\xdd\\xd3@wh\\x1c"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04j_e\\x9b\\x9a\\xebbh[\\xa0\\x0f\\xdf\\xd6\\xabr|zl.3\r\\xe1_\\xe3\\xa4,q\\xf4\\xf0\\xf4rt\\x8c\\xdff\\xc0\\xed\\xa54\\xf9\\xe3h\\xc9\\x87'e\\x84\\xa9k\\x12\\xfc\\x8aj\\xcas&\\x1c:\\x19m\\xd9y\\xc0f\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x81\\x01\\xde:}dv\\xbb\\xe1x4\\xee{\\x17\\xdb}_\\xd4\\xc0\\xa6\\x95:n\\x1cei/&\\xc7h>4\\xbb\\xe3\\xc2\\xf8g\\x17_\\xa4l\\x00\\xcc_?q\\xc6\\xcd"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x99u\\xe2&q\\x85\\xd2\\xc8\\x8dq\\xdehr\\xd2\\xc0\\x04\\x02;v\\x94_\r0\\xd7\\xcbw\\x9a\\xea\\xfd\\x9bs\\xd0\\x12z\\xb4\\x19\\x18\\xfb\\xd1\\xd1\\xe9v,\\xb4\\xbd\\xb9\\xeckxk9\\xd3\\xcbvh!\\xba}ke\\x04\\x17\\x7f\\xd5\\xeat\\x87\\x87?\\x90\r\\xfe\\x9c\\x1d\\xad\\xfb\\xfe]\\x98\\x85\t\\xdc\\xfdb6lo\\x0b\\xaf\\xa9\\x9c\\x0c\\xabk-pkj\\x96\\xcbc\\x0bz\\x82r\\xf5\\xfd\\xdd\\xbe\\xad\\xc0\\x84\\x04\\xf9\\x98\\x93y\\x8db\\x06?\\xbd\t\\\\xf4,\\xbb\\xaah=\"x\\xbe[k\\xfcv\\xa1>\\xa701\\xd2o\\xact\\x8cd!\\x948i\\xe6\t\\x11\\xac5s\\xb8\\xccjaz\\xbc7^8\\xbb!s`\\xe7\\xff**\\x99ont\\\\xb5\\x13m\\xd8\\xc4\\xb7i\\x9c\\xa1rl\\xa7\\x93\\xff\\x89\\xaa\\xf5_\\xf1\\x00\\xdaxp\\x00g\\xd6\\xbbxy\\xeb\\xd6\\xf8\\xd0x\\xea\\x9e9\\xba'1y\\x14\"\\xb4k\\xad\\xa3\\xdb\\x9d\\xd8\\xa7\\x96d\\x81\\x8f\\xa4;t\\xe9\\x12\\xca\\xd0\"\\xb7{\\x9f\\x83\\x10\\x03\\xfc\\x12"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\ry\\xabh\\xa1\\xe9\\xf9^\\xf7\\x1f\\xcc\\x80\\xc4\\xf8\\xc3\\xd6$^\\x19_\\xcb\\x8a\\x82[bh\\x85\\xed\\xd0\\x8e/i\\xc8\\x8e\\xc6[\\xa9\\x10d\\xc7\\x8a\\xec\t\\x14(@[t\\x95\\xa0\\xff\\x07\\x04\\x90\\xcch\\xd2)\\x9bqd\\xdbtp\\xebf\\x14\\xdf\\x88\\xdd\\xb5p\\xe8\\xaa\\xd3\\xcf\\x12\\x13\\x89\\xbb\\x9d0\\xc0\\x91\\xc9\\x0b2\\x06s\\x83$b\\\\x11\\x1c\\xbb\\x94\\xd4\\xad\\xd2\\x17\\xcf\\xa0\\xae5\\xff\\xf0r2\\x80'\\x12\\xf5\\xdd\\x11\\xc1\\x85\\xe0&\\xccn\\xd7\\x89\\xcab\\x03d\\xb7\\xc8<\\xea\\xcb\"-\\x19\\x80\\x9f\\xa3\\xccq\\x1b\\x16\\xc7b\\xf4\n\\xdbr\\x8d\\xb9\\x90\\xaae\\xed\\xee$\\x1e\\x7fv\\x8c\\xf9\\x7f\\x0e'\\xc1\\xbe\"\\xeb\\x1f\\x8c/\\xc4wl\\xdf\\xb4\\xac\\xb3\\xc4\\x85\\xf9\\x9a\\xea\\x97\\x0f{\\xe1\\x86\\xfb1\\xd7~\\xb8\\xbc?\\x08\\x86\\xda\\xf7m\\xff\\xaa4qr\\xfc\\xe3\\xa2\\x86\\x15\\xd77\\x8e*\\\\xb7\\xd0\\x8c\\x01\\x98\\x83\\xedp[\\x94\\x85\\xdb\\xf7g\\xdb*\\xc1?}me\\xcd\\xbc\\x13\\x1c\\xf7\\xe25\\xda\\xcb|be\\x165b"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x0f\\x86\\x96\\x8e\\xb4\\xd7\\xc4\\x80\\xf3\\xa1\\x08\\xcb\\x84\\xa5\\x0e\\x97\\xde\\xad\\xc8\\xdd\\xdat\\xe4\\xff\\x13\\xb3\\xa7a\\xa6\\x07\\xb3\\x05s\\xef\\x89\\x11\\x18v{\\x9cub#\\xa6\\xa57\\xba\\xd3\\x8b\\xc1\\xba\\xf6>\\xb573\\x0bz\\xa9\\x9c\\x8c5\\xf5\\xad\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000:\\x17_uq\\xef\\xb8\\x08'\\x07[\\xd7\\xc3\\xdey\\xfc\\xd5\\x94m&\\xe4\r\\x17[\\xc3\\x8bs\\xc29\\x88a\\x0e\\xc8\\xc1:v\\xcf\\x8b\\xc0j\\x07\\x8drv\\xf1]\\xb3g"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x86%\\xd1\\xfd%x\\xf3r4\\x84\\xf3}:?\\xc5\\x0b\\xc2\\xe6\\xbb\\xdf\\x97d\\xeck\\xa7\\xfcb\\x00+\\xd2\\xaf\\x08*\\xca\\xee\\xcbm\\xaf^\\xf6\\xf0\\x9d\\xc7\\xd1\\xaap\\xff\\x17\\xaf\\xce\\x1d\\xa3~\"\\xc2\\x8d\\x9b\\xf4.!\\xbe+s\\x0ef\\xd2\\x8an\\xf2x\\xb15=m\\x8e\\x83^\\x05}.\\xa6\\xc8\\x83\\xe7\\xea\\x96o\\xbe8~9}m\\x00\\xdc\\xe6\\xdd\\x19_3f32\\xc5\\xb1^ze\\xcc\\x93~\\xf6\\x8b\\x02\\xa7c\\xbf&\\x91\\xb4w\\xd7\\x08\\xc1\\x0b\\xfb\\x04\\xc9\\xd3\\xf1\\xac\\xd6\\x83\\xc0\\x8a\\xd4\\x1a\\xb4\\xaf\\xe5\\x0c\\xff{\\x07\\x07\\x06k\\xed\\xd5\\x19\\x8c\\x10\\x82kw\\xa1\\xd8j\\xdc\\x8e\\xfbk\\xdb\\x8e\\xf5\\x98t.\\x17t\\x81n\\x17\\x8a\\xd9\t\\xc0\\xc7p\\xfa\\x19agt\\x82pe\\xc5\\xd9\\x1b\\x89\\xcf\\x04\\xc6\\xa6t*\\xc9\\xc1\\x14\\x06\\x18\\x8f6\\xb1\\xafl\\x0b\\xe2\\x1a\\x85m\\x9c\\xae\\x06\\xf7\\x85\\x12b\\xb7e%\\xc9\\xbc\\x02\\x1c\\xee>z\\x90\\xd8\\xed\\xbaz\\xd2\\xbe\\xc2ce\\xeec\\xc5\\x8d\\x8a\\xc4e\\x05\\xd5a\\xf6\\xee"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xaa\\x1a\\x1ckl]5\\xfe\\xbea\\x8d\\xeb|\\x13@\\x8c\\x99\\xe8\\x07\\x95\\x90v\\x0e\\x87d\\x8b\\xe6\\xf08\\x7f\\xbcj\\xb0\\xfac\\xaf\\xf17\\x17{\\x1f\\xcf\\xf3.\\xe1\\x1d\\xb8p@\\x04\\x1e6\\x92\\xfcf3\\xcc)#\\xbd\\xe72d{\\xc8\\xff\\xb0\\x8e\\xc8\\x15\\xdd\\xa2#\\x0f\\x0fr\\x9c\\xca\\xd5\\xa3\\x8d>f\\xe4\\x05j\\xe6\\x9c\\xb9\\xd0\\x92\\xa1\\xaf\\xea\\xec\\xe9\\xf2d)0\\x98\\xba\\xbd\\xd7\\xc6}\\xf3u\\x87-(y\\xdf\\xc5'\\xe9\\x17\\xa6\\xaac\\xe9\\x97ux\\x84\\x9c\\x15\\xb3\\x9d\\x1d0\\xbf\\x886\\xcf\\x83u|0\\xb9\\x88\\x1e\\xac9\\xcb\\xc1\\xf8~\\xb7f\\xa4\\xfb\\xd2\\x86&\\xfe:\\x87\\xc5\\xbej\tb\\x97a/\\xcd\\xe8\\xe1=yq\\x8d\\xf0<\\xdbo\\xe56c\\xe6\\xb2\\xf6\\xd6\\xd0\\xba\\xe4*is\\xb4\\xcb6\\x06\\x81\\x81\\xedo\\xd9\\x8c \\xd9o\t\\x11\\xb29\\x02\\xb4t\\x1fk\\xb6r@@\\x06g\\xe7mes9\\x05qcr\\xf8\\xb9\\x1c\\x1f\\x9bh#\\xa5_\\x9d\\x8f}p\\xb8\\x975<\\xc5z7\\x8e\\xef\\x95\\xeb"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010cow)\\xc7\\xe3\\xde|t\\x7f\\x12\\xfb\\xe3qa2\\x9b\\xfdq\\xb5?\\xfd\\x01&a\\xde'zz \\xbd\\xb8\\xdf\\x18d~\\xee\\x91}\\x92x\\x0bt\\x8f\\x9d\\x92\\x99jjy\\x8fb\\x9c\\x83\\xb2\\xee\\x01n\\xc5\\xc2\\x91tx\\xf7da\\xae\\xccz\\xd4\\x1e\\x10hg\\x9e\\xda}mx\\x01\\x9a\\xb8-\\xd8\\x01hi\\x19q\\xfb\\xec\\x03\\xf5vrzjso\\x99\\xd145\\x07\\x1f\\xec\\x1c\\xd5<\\x04\\x91\\x13\\xc7\\x96\\x8e\\xfb\\xb3\\xd9\\xbc\\x0c\\x94 \\x1d$-\\x9b/\\x12/\\x12\\x19\\x98\\xdb\\x0b\\xe3/a\\xbd\\x99\\xbb\\x9al\\xba\\xed\\x824\\x9egg \\xf3\\xb4g\\xf2j\\x85m\\xcbua\\x9a\\x0b\\x19\\xe9\\xe5\\xcd\\xfc\\x81ds\\xbfc\"+\\x9cr\\xd5n\\xb9n&\\x9f\\xb6\\x88\\xfc\\x1b\\x7f\\xa0\\xb1\\x19\\xa0\\xa5\\xc3\\xb5\\xb8?\\x03!\\xa2n\\xa3\\xc5\\x12|\\xf5r\\xa2\\x0e\\xe9\\xbc\\x0c\\xfd\\xe5\\xff\\xde\\x1c_%9\\xef\\xd4\\xbb\\xaf\\xb6\\x7fm\\xa8\\x1e\\xa0jts\\xe6\\xc3;w\\xfe\\\\xc0qh^+%\\xa95q[\\xf1bz"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x86[\\x1a\\xaa\\xc1u\\xd6\\xfe}\\xda\\xaf'\\xbd\\x94m\\x84\\xda\\xb3\\xb6\\x98\\xee\\x97\\xae\\xef\\xb4\\x97\\xe4\\xc4~\\x03\\xdf\\xf9c\\x8d\\xdby\nx/\\xbe-\\x16\\x97\\x11\\xff\\xe9\\xec\\xee\\x17\\x11\\xad\\xba\\x8c{y\\xf2\\xaf\\xe6\\xdcd\\xd5\\x9f\\xb9\\x99\\x96\\x8f=\\xd7\\xb2\\xe3\\xa6ns\\xc1-c7\\xdbi\\xe6s\\xe1%\\xd0t\\xf0\\xde\\xc6\\xe9\\xc6gm\\xd2@\\x8fs_\\xbe\\xee\\xd0$\\xea\\xe0\\xb6:\\x83\\x03\\x88\\xac\\x9b\\x12\\x11\\x91\\x03\\xd2<\\xdc\\x86ve5\\xf8\\x93e]u$\\xcc\n1\\xc6k\\xeap\\x02\\x97.d\\x91\\xba\\x14wqp\\xea\\xe4\\xe6\\xb7\\x91\\x0ec\\xf5\\xf1i\\x0e\\xf4\\xc09\\xf0\\x8b\\x8edle\\x16\\x8cd'\\x97\\xf2\\xdb\r+e\\xee#ou\\xc0\\x90\\x99j\\xb5\\x8f7j\\x81f}\\xff\\xb7\\xc7_^e\\xbd\\xcd\\xb0]\\xf0'a\\xbd\\x9f\\x9f\\x9e\\xa5\\xe0x!\\x0f\\xaf\\xba\\$\\x8e\\xb6\\x1d\\x93\\xa0\\x94\\x89r\\x10\\xaaxr?\\xe4\\xbd\\x03s\\xa8z\\x9b~\\x82f\\x1d\\xa4y|t\\x16a\\x1d\\xcc\\x0e@'\\xe9"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x01/)\\x9f11\\xdd\\xfa\\xb2'\nb\\xf4\\x18w\\xa1\\xc3k\\xb7\\x84\\xa5\\xf7i\n\\xaf\\xb2\\xba\\xaf\\x7f\\xaan{\\xd6ck\\xc4a\\xbea\\xfa;\\xa5\\xe9\\xcd\\xa7\\x01\\xef\\xcb\\xe3\t\\xee@hao=\\xb2\\xf5\\xf2\\x8a\\xc1\\x07t\\x1b\\xd1\\x81\\xb3l\\xdfwl\\x9cg\\x08y*2\\xa0\\xb4\\xbf\\x1aw\\x12\\xb9?g$\\xe8\\xde\\x8ct\\x89\\xd3\\x94'\\x81\\xbc\\x04\\x8b3\\x88x\n\\x15\rj\\x05\\x18\\x96\"\\xbf\\x1bys\\xbe\\xde(\\x93c\\x8f\\xaf&\\xb7.\\xb5\\x02\\x95\\x94uz\\xe1n(}t\\~\\x95\\x829\\xc99~\\xfdf\\x90y\\x15kw\\xc6\\xc5^\\xe9\\x94*\\xa7r\\xbfk\\xb1\\xd9\\x07\\xe0\\x8d\\x97\\xd7\\x7f\\x85<x\\xfc\\x80\\xd4\\x17>e\\xdb\\x98\\x9ee\\xca\\x0e\\xbd\\xc1[\\xa0j\\xbc\\xf1\\x95j\\x00\\x13\\xf6\\xdbc:\\xf0]\\xb6(\\xe0\\xad2\\xc8\\xf7'\\x02\\xbb\\xa6\\x83\\x04\\xbd\\xb6\\xb28\\xdc\\xf1\\xa48k\\xeaw\\x02r\\xe4\\x98\\xf3\\xe1u\\x93k\\xa5\\x96\\xd8c\\xa8u\\x9c\\xfe\\x9fegd\\xc1\\x15\\x19\\xcdf\\x7f"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xe7-\\xf3\\xfcs\\x84\\xa0\\xe1x\\x9f\\xa3\\x0c\\xd6\\xdf\\x15\\x94.(\\xd6g\\xc0\\x86\\x8c.7@\\x9c\\x9a\\xa2>\\x1c g\\xe3d\\x9e\\x99\\x91.\\xc8\\xf1\\x16\\x8d\\xf8\\xd2\\xef\\xae\\xe4\\x12\\xe7\"f\\xa5\\x95\\x96\\xa0\\xa2\\xe2\\xf9\\xde\\x9d\\x85\\xc9\\xb7\\x93\\xa4\\xe7\\xcer+\\x8f)-\\x9f\\xba\\xca\\x82\\xfer[\\xa8]\\x99\\xfdg#\\xdf\\xfdl|9\\xcb\\x9bs[\\x15\\xb3\\xbc\\xb5\"\\x99\\xfb\\xf6wjsl\\x1ej\\xc2\\xd6\\xab\\x1bt^\\xb4\\x92\\x19p\\xcd\\xb6\\x95zo\\xf4\\x86\\xe6wj\\x07\\xe8\\xb4\\x9a-\\xf1dx<\\xec\\x17\\xd2\\xa2\\xeab\\x93&\\xe9n\\x7fc3d0l\\xdb\"\\x00\\\\xc3\\xe9q\\xf5\\xc8\\x00r5\t\\xcco\\x94}\\x0bzu\\xc9\\xb4\\xac(2\\xef\\xc7\\xdc\\xe7\\xd8\\x8bo\\x02\\xa4\\xaf\\x13>fl\\xa5\\x14n\\x06l\\x16\\xb9\\x02\\xf4\\x91|.\\xfb*\\xd4\\xc5\\x85\\x86\\xb6\\xaft\\xed\"\\xc7\\x866|\\x13d\r\\xdf\\xe1z\\xa0\\x08\\xd68\\xa54\\xfe\"ru(\\x80\\xb1\\x8c\\x98\\x855o2\\x80\\x92<o\\x15\\xee"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010f\\x06\\x9c\\x95\\xaev\\xd2j\\xdd\\xa3\\x03:\\xe4\\xc9\\xe0z\\xb0\\x91a\\xa9e\\x9a$p\\xb0\\xc0\\x10\\x0b,\n\\x8c\\xe6\\x18\\x02\\xe1e\\x81\\x19p~\\xd3\\x98\\xead\\xc9\\x96?\\xf9\\xa7\\x8c\\xa9y\\xac\\xaa]\\x8d\\xe48er\\x003i\\xb7e\\xa1x.\\xe4k\\xcbu\\xe9h\\xc4\\xb0\\xb2\\x1ee\"\\xdf\\xcf\\x11\\xeb\\x1ca\\xf3\\xa6\\x16\\xfa\\xa9'\\x8b/u\\x0c\\xcah_\\x15\\xc8.\\x08\\xe0\\xae\\xaa\\xfc\\xf4\\xf1\\xd1\\x93\\xf1i\\x80.v\\xaa\\x10\\xefy'\\x1d\\x97\\xa5:s&\\xee\\x87\\xb5\\x03\\x86\\x04y\\x82\\xe9\\xe3~\\xb1<-\\x01z\\xfa\\xf8y\\xa8gl\\x81.\\xbd#%\\xe3\\x18\\xf3k\\xea\\xde\\xfdf7j\\x87:n\\xd8\\xda \\x11\\x06\\x8d\\x81\\xa9\\x9brw\\xe4\\x1c\\xacn=z\\xddaax.k\\xa4cs1i\\x9d\\xc2\\x8bpo\\xf9x\\xf9w/\\xa5\\xf5)`\\xed}\\xf1\\xf1\\xc7b1\t\\x96~f|\\xc2\\x85\\xac\\x97\\xfc\\xc5\\xaf\\xc7\\xa1\\x88\\xc6\\x8c\\xf4\\x9b\\xffj\\xf3\\x19\\x8dcaz\\xd7\\x9c\\x16=\\x88\\xdd\\xc8t"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x0108\\x05\\xf1\\x9avy \\xc5\\xc2q]\\xe1|r\\xc1\\xfa\\x80\\xa0\\xb7c\\xfcv\\xbf\\xdaz\\x83c\\x19\\x16\\xc0\\x11\\xee\\x02\\x0br@\\x89\\xc5+\\xc4\\x0eaq\\x96\\x8b!o\\x1d\\xf9sy;l\\xe9&e\\xf0@!k\\xf7\\xa5\\xd9]}qg\\xbc^\\xb6\\xe8 \\xfd\\xc0\\xa6\\xf5\\x1e\n\\xd4\\q\\xfc\\s\\x08w\\xd5\\xf2\\xd0<\\xbcb\\x8by\\x02u\\xb2*\\x80\\xab#@\\xa8\\xa6\\x0c\\x0b\\xfb;\t\\xc7\\xda\\xc0,\\xfc\\x19ki\\x10)\\x1f(+\\xbd4\\xe3\\xb0\\xc8\\xce\\x08v\\xff\\xf1e\\xf7n\\xed&l\\x00\\xa6\\xc8\\x08\\xe0\\x7fl\\xd5\\x05\\xecj\\x05m\\x83+ly\\x0eqa\\xad\\xc4\\x8aj\\xf8^\\x82*\\xfa\\xae\\xe5\\xcf\\x91u\\xcdyn'!\\xdf|\\xa3\\xe38\\x81\\xb2\\xf3}i\\xff05\\xfdt\\x03\\x86\\xc9\\x08\\xbcze\\xf1\\xd4\\xeb\\xf2f\\xd1]\\xf7\\x0cl:\\xdes)\\xc2t\\xfb\\x90m\\x07\\xfa\\xd6\\x0egf#\\xe6\\x18\\xa6\\xael\\xfe\\x07\\xeaaw\\xe8\\x1ex{\\xe9\\x1f\\x86m\\xd2\\xb1\\x92\\xbc\\xc4mv\\x16"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x02\\x86\\xa7\\xe8\t\\x8d^\\x9c\\x93\\x8c\\xc3r\\xab\\x8d\\xd3tzah\\xcbb [`\\x04h\\xb6\rm\\xcd\\x95/\\x99y\\xfe\\xaaz\\xfbh\\xb7\\xc0s#>\\xa3\\xebv\\xdc\\x94(\\xe2k\\x98\\xb6\\x07\\x0b5\\x80\\xd8\\xc1\\xbe\\xd0\\xf7\\x19\\x17\\xd1\\xf2\\x93\\xd7\\xc1\\xcb\\x198\\x8a\\x8e6*\\x8b\\x9dj\\x1b\\xcf\\x18%'\\xc9=7\\xbfj\\xe7\\xd7\\xd7\\xdf\\x7f\\xdfq\\xe3\\\\xde\\xa3m\\x82\\xa3\\xd5y\\xf2g\\xeb\\xf5\\x0e\\x1e\\xdf\\x99_\\xb0\\xda?\\xad\\xd9c=n\\x010\\x0e\\xe9i=\\x10fz\\x8f\\xd9\\xaet\\xaa\\x91\\xa6\\x80\\xb6\\xf6\\x19:\\xd1\\xbf\\x8d-\\xc7y\\xa3{\\x14\t9~\\x97\\x00\\xcdc\\xef\\x18\\x17c\\x05\\x0breb\\x18@\\x9d\\xeb}}2\\xe0\\xe1g%s\\xfc\\xdb\\x196\t\\xc1bp>\\x84\\xec\\xc5\\xa7]\\x8b\\x9a\\xa2\\x18\\x83\\xe1\\x19\\xeb\\xcf\\xad\\xa5\\x893{\\x0b\\xc9\\xc4\\xcf`j\\x97mw\\xc8$\\x00\\xc0hm\\x87n\\xe6\\x01w\\x9eu8\\x90\\xf8s\\x85\\xae\\xa1_\\xb6\\xb4\\xcaq\\xa7\\xb9\\xd2\\xfb|=//"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010u\\xe8\\xde\\xbd\\x1f\\x1aiag\\xfd<\\xb6\\xc3a\\x9et\\x1c\\xe8h#a>\\xee3\\x10#\\x83`\\xff\\xdf\\xe8n\r\\x9a\\xb2\\xa1\\x01e\\xd6\\xcb\\x89\\xddd\\xa0:\\x1b\\xa6\\xdc\\xa5\\xeeog\\xbc\\x17\\xf3k\\xad` \\xabi\\xab\\x13\\xe0;\\x9b\\xb9\\xff\\xae\\x1f\\x8b\\xd9l|c\\x93\\xdb+o\\xb0\\x86\\xae\\x0e#3u\\x8f\\xff\\xf2\\xac\\xc1\\x8d\\x16ge\\xe4bw\\xa1xc\\xc6hj\\xf43\\xb1s2:\\xaa-\\xe2\\xb8\\x7fr\\x06\\x05\\xe1\\x92\\xd2\\xa4\\xfa\\xc6\\xae\\xaff\\xc4\\xe5]\\xff<k\\xcf\\xc1\\xcc\\xc1\\x19\\xa2\\xb5\\x1d\\xd8\\xc5\\x18\\xf7k<o)\\x86)el\\x16\\x8a\\x9f%\\xfah]dg\\x1c\\xdc\\xf0u\\xf8\\x87\\xe8\\xc5oi\\xdd~gx\\xb2|\\x8d7ex\\x11\\xf7z\\x1f\\xffz;\\x18u\\x17\\xffas\\xfb)v\\xf9t\\x1c\\xbc/\\xa0\\xce\\x01\\xbans\\x97\\x1d\\xc1\\xa4v\\x12\\u\\xc08\\xb1\\xd8\\x82j\\x95\\xb4\\xf3\\xe9\\x04\\xdes\\x03\\xfb\\x15mw\\xe5,\t@\\x84t\\x9c\\xbd \\xda\\x816y+\\xf4\\xd1"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\xc2\\x9f\\xf5\\xcd\\x17\\x07g\\xe1r\\x1b0}4\\x80!\\xeb\\xe9\\xe4\\x01\\xca\\xaf>8f,\\xf9v\\xd4`%yg\\xd8\\xafj\\x80\\xa1\\xc1\\xaa\\xac\\xdb\\xb4\\xe3\"\\xfd'\\x97)\\x0f\\xdf\\xe2zf\\xd2r\\x17\\xa0\\xbdf\\x90\\x18\\x884n\\x8a\\x1a\\x89#\n\\xd7qzsf\\x1c\\xf4\\x13\\xa5\\x0e\\xc2o\\xf2\\xa7\\\\xee=t3\\x90\\xf6pv\\x9e\\xd1\\x9a\\x18\\xfe\\xc5\\xe2a\\x10\\xcau3xc\\xaa\\xd3\\xd7f\\x8d\\x7f\\xb6\\xd8%\\xe9\\xc9-#az\\xdbi}\\xee{g\\x90)\\xd0*&\nk\\xf7\\xfe\\xa3!\\x80\\x0e;\\xd3\\xfc\\xdcj\\xb6\\xb1\\xf3k\\xab\\xaf\\xd5\\xe0\\x04wm\\xf4\\x08\\x87 fa\\xff\\x08\\x85vg,\\x87\\x05)\\x82\\xc4\\xd05\\xf8no\\xa4\\xad\\xd0\\xf0e\\x0e^05\\xc4j\\x1c\\xbf\\xcb\\xdf\\x83\\x89\\xb5\\xf1\\xa6e\\x16\\x18c\\xea!\\x84\\xaa\\x19i|o\\x0f.\\1\\xced\\x98m\\x8bm\\x12\\x15vor\\x111\\xec\\x16~-\\x05\\xdd\\xdbs\\xe6\\xbb\\x92m7(\\xd1\\\\x83n\\rh\\xf8r\\x81"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010i\t\\x01\\x88\\x1a\\x13\\x98\\xaca\\xa5\n\\xd4\\xa8\\xb6\\xe2\\x84\\x02li\\x1544\\xedq\\xff|\\x88\\xf0\\x96w\\xad \\xe4\\x1e\\x1b\\x1a\\xac\\x0b\\x92\\x8b\\x14\\xf2\\xf4i\\x97\\xc8u\\x03\\x8d\\xc0\\xa9&\\xd2e\\xaa\\xfa\\x87\\xd4go\\x8f\\x8e-\\x10\\xe7\\x1b\\xb6\\xfe\\xac:\\x85\\xaa\\xc2\\xe5\\xa3r\\xbc|d'\\x9d\\xfc\\xf1\\x1b\\x83\\xbe\\xc7\\x08o\\xa1\\xc4u\\x19\\x05\\xc2\\x83\\x98,&\\x01\\x12\\x9a^\\x8bej\\x89\\x1f\\xefgc\\x01\\xf2mk\\xb2u-7\\xda8j\\xdb\\xa9m\\xd5\\xf7\\x84c\\xa2\\x07\\xe6\\x1a]>!\\x8f\\xee\\xbd\\xb7\\xe0<\\x07\\xe7\\x01o\\xbd-\\x02\\x8f\\xdd\\xb8_it\\x14%\\x85\\xfcc\\x82\\x11i\\xa1\\x1f\\x06}\\xe6\\xf6\\x05\\xae\\x94\\x0b\\xc2\\xbe\\x157\\xe0#\\xd5\\x05\\x11x\\xd3\\xc4\\xf4\\x13\\x1b\\xc6\\xc3\\xfd\n\\xa58\\xeb\\x85\\x19\\x92\\xfa\\x1e\\x00[@\\xb5\\xbd\\xdd\\x9e\\x845\\x8d*\\xc2\\x00\\xffq\\xd5\\xf0\\x99db\\x94\\xefu\r/1l\\xbd\\xb5o6\\xa1\\xe2\\xack\\xaf\\x0eh\\xec.\\x9e\\x86g\\xad\\xf8\\xa2\\xbepi\\xe0\\xcc"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04)-\\x11\\xbe\\xd6\\xda\n>\\xe4\\x10\tm\\xc91^\\xd4\\xd8\\x17\\xd0\\xa7p\\x84\\x8bdn\\x82\\xbd\\x0fq\\xfc\\x85\\xb9),w\\x8f\\xe9\\x06\\x16d\\xb7s\\xa4\\xcb\\x9f\\xa6\\x1b\\xe8\\xe3)h\\x99\\xa8\\xca>\\xa3\\x80\\x8e\\xeb\\xb0\\x84%-)\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\x9d\\x7fw\\xb0\\xa3 \\xfd\\x83d\\xf3\\xb8h\\x8a\\x0c\\x0fc>\\xb9\\xd9\\xe4p\\xb6\\x01a\\x8a\\xb4\\xad\\xcdl\\x1e2\\xe08/\\xd6\\x9e\\xc4\\x85`\\xbb\\xca\\xea\\xdf\\xd5\\xef(\\x1a\\xbe"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\x85i\\x0f\\xf8\\xd2gbr\\xc4o<\\xf2\\xe0\\xc7\\xcdn\n\\xec\\xca\\xc8dx\\x05+\\xd0d\\x7f\\x00\\x086\\xaa\\xbc\\xbdz\\x85\\xda\\x17\\xafp\\xae\\x17\\xc4\\x8cu\\x16\\xd5/\\x16\\xfav\\xa8}<\\xa9\\xb4y\\x03t\\x8e\\xbbfv\\xa7$\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xbep\\xea\\xf5\\xe4\\xa3oc\\xc3\\x02z\\x16\\x0c2g\\x96ivpa\\x94]\\xbal\\x03\\x99\\xf2\\xef&\\x16\\xe5\\xab\\x19\\x0e\nn\\x890o\\x98\\xa0\\xdeg1s\\x061+"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04\\xba\\x8d\\xb8\\xfc;p\\xf75\\xd4\\xecv\\xc3\\x87\"\\xf2\\x9c\\xf4ce=,\\xde\\xcfn\\xb2im\\x91\\x1en\\xeb\\x9f\\x0c\\xebr\\xe7\\xce\\x94#@c\\xae\\xc3\\x84w\\x9e\\xa0\\x91e\\x1a\\x93\\x85z9\\xfff\\xbf\\x02a|\\x93q\\xbb\\x9c\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000\\xc7c\\xac/\\xf1\\xe0\\xe4\\xb0w\\xcey\\x96\\x93\\xe0\\xe1\\x93\\xb0\\xff\\x82\\xe0\\xe6\\xf6\\xe3\\x16\\x13\\xae\\x85\ru\\x94\\xce8_\\xcc\\xb7i\nep\\x97\\xd2\\x8f\\x8c\\xbee\\xbf.\\xb3"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x7f\\x95\\x9694\\x80[w\\xb5{\\x8d\\xc4b$\\xf8f2 \\xf1\\xd2\t\\xdap\\xcbu\\xb1\\xcf]\\x13i\\x89\\xb7m`\\x19\\x87f\\xb5\\xd2\\xb5\\x80\\xdd\\x04\\xcf\\xb0p\\xbd\\xea*k\\xce\\x98\\xaau[-\\xf6!q\\xc9\\x1bu5a\\x109\\x804@qn\\xdd`\\xa3\\xc5-\\x8b\\xce\\xb1\\x13~\\xef\\xee\\x08\\x85=\\x96\\xf7\\xa4\\xfa@ \\xc4\\xe9\\xfd\\x10h\\x12\\x97r\\xb8?(\\x91\\xdeu\\xf7\\x9a\\xcanbn\\x1c\\x04\\x9d\\xa0\\x17\n\\xc9\\x05n5\\xacm\\xe7\\xe8\\x06neij\\xb6\\xb8oqc\\xcb_\\xfdk\\x06\\x08\\xd4c|\\x0e\\xa9zv\\x1c\\x9f>\\xc8m\\xfc\\x0e\\xf8?\\xb34/n\\x08\\xafq\\xd6vt7\\xca\\x9e\\xc8\\xb6\rn\\x04~\\x93\\xb5\\xf5\\x8daza\\xe7\\xd8@q\\xb0\\x81\\xe3\\xc9\\x94\\x87\\xdd\\x07f\\x8a\\xc0+q\\x8dp\\xda)$\\xfb\\xab\\xc8\\xe7\\xce$\\xdde\\x8c\\xc4\\x0c\\x13v\\xfc'\\xc8\\xd2:j\\h*\\xe1\\x7fu\\x06+\\xae\\x818\\4'x{\\xa7\\x9d\\x1e\\x12!\\x81\\xe8n\\xa6x"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x94\\x82|\\x8b\\xd2\\xde\\x1c\\xc1\\xec\t_\\x91d\\x0b\\xa6\\xe0y\\xf2\\xbe>\\x87)\\xb7\\xf7\\x96\\xc4\\x848\\x8b\\xb8\\x16u\\xa2\\xa8\\xd2\\x94\\xfd.\\xf9}$>\\x11\\xd1\\xca\\xb7\t+4;#\\x82w\\xd4\\xd49\\xf3.[\\x1d1\\xd2\\xd8\\x1f p\\x17\\xcbvm\\x17\\xa0\\xd6\\xf5\\xba\\x1a\\xcdzf\\xa6\\x96}\"\\xd7\\xfc1\\xc1\\xc2(\\xec\\x9b\\xff\\xd8\\xf6hp\\x81\\xa3\\xce\\xea\\xb3\\xc5h\\xfb\\x0b\\xb22\\xc9a\\xa5g\\xfb\\x18p\\x9a1\\xe6\\xc1\\x85\\x04\\x1c6\\x18\\xe0\\xd4\\x18\\x11\\xcdma\\xe0\\x00h\\xa2\\xae\\xaf\\xd3\\xd7\\xd4\n\\x01\\x8b\\x06\\x0f\\x1c\\x85\\xb2p\\x15\\x04nw\\xc01|j\\x81b&\\x9a\\xa0\\xb5<\\x8ckz\\x97\\xd29\\xad\\xb8\\xf6\\xa1p\\x7f\\\\xb0\\xe1\\xb3\\xc5l\\xf4\\xb5\\xb9=\\x0ce\\x02qo\\xe8\\xe7\\xba\\xd7;\\xa2\\xbf\\xfa\\xbc<>\\x90\\xd6?\\xda{\\x98\\xbd\\xca-\n\\x84\\xb3\\xc0i>\\xd0\\xc0\\x16\\xffx*#c\\x0395\\xc5\\xde\\x9111\\x07d2w\\xf8\\x00\\x04t7\\xa0\\xb9s\\xd1?\\x01\\x04j\\x89%"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x010\\x0fj\\xb3k[u\"f\\x05tv\\xfa\\x15\\x8e\\xde0q\\xd6\\xc3\\xfd\\xe2\\x0c\\x17\\xf2@w{\\x85\\xcem\\xc4\\x05t\\xcfv\\xb6x\\xc2\\xf8\\xd3\\x85f\\xad\\x97\\xafe\\x96\\x18\\xd2\\xfb\\l\\xbb\\xe1t\\x00\\xab\\x01\\xf4i\\x97\\xf0\\x0e2\\xd1\\xa02=k\\xf2\\xc1o\\x0b\\x96\\xfak\\x1fo\\xca\\xads{\\xa2\\x94\\x19\\x11\\xcbk\\xe6\\x0e\n~\\xea\\x85\\x92\\xd8\\xce\\xdc\\xc0\\xd0\\x1d;\\xb9^\\x92]y\\x00\\xbb\\x15\\x8a\\x7f\\xc0\\x02n.\\xf9.\\xb8\\x1e\\x9a\\xf2)*\\xba\\xcc\\\\xc0\\xb2q\\xec\\xaa;1$\\x8aa\\xe4\\x87\\xbd%c\\x08\\x88vsw\\x03\\x02\nj\\xb2\\x97\\x14\\x13\\x97\\xb2ir\\xc1y\\xd6\\xfd\\xe4\\x00\\xa6\\xff\\xaa\\xd4\\x111\\x88\\xa2\\xc4\\xa1\\xa4\\\"\\xcf\\xbct\\xe6\\xbb<\\xf0~sjn\\xaa\\x15\\x82\\xect\\xae7\\x1a\\xce\\xf4\\xd5\\x94[x\\x0b\\xe8k\\x86\\x1c\\xcd]\\xb4`n\\xe9\\\\x02\\xa3\\xd7\\x1e\\xbd\\x81+j\\x84\\xd8p\\x98dwwo\\xa6\\xf4\\xdd\\x19;\\xfb\\x05\\x1cb\\xd3\\x05dp\\x84rxv`\\xbd\\xc6"
- },
- {
- "http_request": "winword.exe_WSASend_get /pki/crl/products/microsoftrootcert.crl http/1.1\r\nconnection: keep-alive\r\naccept: */*\r\nif-modified-since: thu, 07 mar 2019 06:00:16 gmt\r\nuser-agent: microsoft-cryptoapi/6.1\r\nhost: crl.microsoft.com\r\n\r\n"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00\\x7f\\x01\\x00\\x00{\\x03\\x01]\t\\xf8\\x05q\\x16\\xf4g\\xedwl\\xf6x\\x94\\xb1\\xe3\\x14\\xb2\\x19\\x82\\xc3)tc\\x88:t\\xfd\\x95\\x84\\xe1\\xc4\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x00:\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00!\\x00\\x1f\\x00\\x00\\x1cactivation.sls.microsoft.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x01\\x06\\x10\\x00\\x01\\x02\\x01\\x00-a\\xd1%\\\\x1e\\xee\\xbb\\xbc\\x1d\\x19\\x96\\xfa\\xc1\\xe5`\ru\\xd2\\xfe\\x19\\xdep>\\xec\\x14\\xd8\\xe2\\xd0=\\xaa\\xf8\\xc1\\x89-\\xcc\\x124g\\xc6y\\x9e\\xd5\\x92\\xe7\\xe5b\\xc6q0\\xa7\\xfb\\x7fy\\x11\\x1f7\\x80l\\xc6\\xd6\\xb3f\\x84\\xd9\\xb9\\x13\\xeb\\x881\\x85\\x11x\\xb6\\x1a\\xcac,g\\xc0\\xc4?\\xbb\\xed\t\\x90\rrp4\\x7fk\\xc74\\x8a`q\\xbaa\\x90\\x17}o\\xbc\\x8b\\xde\\x0c\\xe7\"\\xdd\\x85\\xf9\\xf5\\x9c\\xa0=~<4\\xccklhw\\xecbb\\xd5\\xf7\\x97q\\x03\\x810\\xb3\\x9a\\xcd\\xdd\\x12\\xf0\\xaex\\xd4\\xd5\\x89\\xfa\\x08\\xe0\\xb04\\xb0\\x1b\\x1e\\xba\\xd3c\\x83\\xe20\\xe4\\x8f\n\\xc7>\\xa9\\x94\\x99\\x81`\\xe9\\xcaj\\xc0dr\\xb2.;otc\\x1b\\xb0e2\\x17\\x1b\\x08od\\xb3\\x17\\x05\\xe0_\\xd5\\xe2\\xf3\\x93\\xd1v\\xd9\\xd5f\\x15l\\xb7g&\\x82rq#k\\xd2s@:c49\\xab\\xbf\\x87\\x92\\xaa\\xb5\\x04\\x053\\x8f\\xaa3\\xd4\\xd0v\\xba2^\\x03k\\xf2\\x12\rv"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01`\\x99p\\x8fm\\xcc\\x13\\x9b3\\xce\\x95q\\xb96t\\x14h\\xc6\\xfb\\xbdy\\x87-\\xbf\\x8e\\xab4^\\x9f\\x94>\\xdfi6y\\xc4\\x81 7q\\x9d\\x01\\x87\\xd1\\xf4\\xed@\\xab\\xa0a\\xb9\r\\x07}^\\xc6*\\xe3\\xba\\xe2\\xb0p\\xfab\\x97\\x0c\r\\x1c\\x11a\\xf9x<\\xc5b\t\\xe4:gm\\xe5\\x07\\x88\\x08\\xeb\\xe8xz\\x92\\xe3{a$yejqx~\\x8ec\\xef\\xdca.\\xd1\\x9c+i\\x9c\\x14c\\x16e0\\x7f\\xa7w\\x9cu\\xe5d\"\\x83q\\xc3\\xbd|z#\\xd1\\x9a\\xef\\x81(\\x8b@s\\xcb\\x82\\x81\\xf2[f\\x00&^\\xb1\\x1bsle\\xe7\\xd8^vp\\xaa\\xa0;\\x10\\xf0\\xac}\\x17od\\x9c\\xe6\\xd7\\xff\\x14*/\\xc8\\x0b`\\xb2\\xe9\\x042\\xae\\x1c\\x9d!\\xf9&i\\x83\\xc1\\x04n\\x16k\\x9b.\\xa6\\x8e\\x17|\\x1ad\\x80\\xdd\\xa1\\xc2s\\xe9\\x80\\xc5q\\x9d\\xb4\\xe6m'\\x0f\\xf2\\x02\\x02u?\\xf4\\xe9$l\\xf24\\x9e\\xd4\\x88\\xd2\t\\x8a\\xb4\\x8f\\xe4g\\\\x04\\xeb\\xa5\\xa5/\\x97\\xc2\\xb6\\x9f\\x19<\\xab0"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x019p\\xbfe\\xde\\x84c\\xd3]?\\xd4\\xc2\\xba%\\x95\\x9d2\\xb1\\xb0\\xb7\\x9b\\x18<2x\\xe0,\\x0b\\xff\\xdal\\xc4\\xd9\\xbe{\\xf0\\xab!\\xef@\\x98\\x17.\\xd9\\xe8\\xb2\\x9fn\\x94\\xd1\\xd9\\xe2\\xfa e5\\xbc!m1\\xd0\\x15d\\xba\\xd1\\xe4\\x17c\\x99\\x9d\\xef\\xce\\xb8\\x87\\xb8\\xd07\\x9d7\\x1e\\xa4\\x14\\x0cq\nx{\\x18\\xcc9\\x93\\xd8+x%\\xa53i\\xf76\\xf1\\xa9\\x96h\\xe5nuh\\x83\\xcea/\\x81\\xfdz\\x9d\\xa1\\x9f\\xabg\\x11\\xa6t\\x8dn\\xeek\\x96\\xcc\\x16\\xde\\x94\\x9b\\x06/h\\xdd\\x06\\xe7d\\xd6;\\xbf\\xdec`\\x96\\\\x84b\\x86k)w\\x9b\\xae]\\xf3d/m\\xf1\\xf6b2'z\\x95\\xc5\\x83h\\xcf\\x06f\\x86\\x96 f\\xb1pm\\xd2\\xd2/\\x1aw\\x9c\\xe2\\xd5\\x07\\x90\\x87\\x02\\xc0\\xc9s\nw\\x07[s|)=\\xbd\\xc3x\\x18\\xe5\\x1a`\\xc1\\xa0\\x8bg\\x91\\xe3\\xb1\\xbd\\xc31t\\x83\\x99\\xa6m9;\\xe5ws\\x06\\x8f\\x83p\\x18\\xdf\\x16\\x11n\\xf9w\\xd6\\x94\\x1ey\\xf2\\xa3\\x80\\x11\\x03\\;"
- },
- {
- "http_request": "winword.exe_WSASend_\\xa4\\x01\\x01\\x00z\\x01\\x00\\x00v\\x03\\x01]\t\\xf8\\x12\\x1d\\x8bc\\x0e52)\\x9d\\x1b\\xd1kg\\xf4c\\x14|r\\xf0\\xe5\\x93\\x906\\x99\\xcd\\x10\\x8cj\\x82\\x00\\x00\\x18\\x00/\\x005\\x00\\x05\\x00\n\\xc0\\x13\\xc0\\x14\\xc0\t\\xc0\n\\x002\\x008\\x00\\x13\\x00\\x04\\x01\\x00\\x005\\xff\\x01\\x00\\x01\\x00\\x00\\x00\\x00\\x1c\\x00\\x1a\\x00\\x00\\x17odc.officeapps.live.com\\x00\n\\x00\\x06\\x00\\x04\\x00\\x17\\x00\\x18\\x00\\x0b\\x00\\x02\\x01\\x00"
- },
- {
- "http_request": "winword.exe_WSASend_\\x16\\x03\\x01\\x00f\\x10\\x00\\x00ba\\x04{\\x90\t\\xc7\\xc05\\xf8\\xc1\\x0e\\xb1\\xbf@\\xbf\\xe4\\xffb@\\x9a\\xdf<:\\xda\\xece\\xf2w\\xff\\x03\\x96\\xd2!\\x08h\\x18i\\xea\\xb5\\xf1 \\xca^\\x05x!k\\xd29\\xf8\\x05\\x04\\xab\\x0b\\xa0\\x00\\x86\\x93\\x9f\\xb5xw\\xc3]\\xbb~\\x14\\x03\\x01\\x00\\x01\\x01\\x16\\x03\\x01\\x000$)[\\xd7\\xa5\\x87%\\xbaw\\x13f\\xd8\\xf5\\xf3\\xe2>*w\\xfdq\\x1a\\xd4yg\\xe1~\\xd0\\x91\\xa4\\x80\\x83=\\x9f\\x0c\\xc8\\xd3\\xda\\xfdl\\xd3\\x19}g&vn\\x10,"
- },
- {
- "http_request": "winword.exe_WSASend_\\x17\\x03\\x01\\x01p\\x12>k\\xb3o\\xe8c\\xf4d\\xbc\\xe2d\\xac^\\xae\\xe7j\\xfd\\xb8i[\\xa1\\xbb\\x7f\\xb8=\\x00\\x85\\x15,&i\\xf1\\xb2\\x90\\xdef\\xc1\\x0c\\x06mun\\xad\\xda\\xe9s;s^t\\x9a\\x83\\x04\t\\xc9>\\xed\\x08]a\\xfc\\xf3\\x93\\xea|\\x84\\x14u\\xe6\\xa5\\x1e{\\x80a\\x18n\\x10\\xc6\\xfe-m\\xb2\\xf2\\xb6\\x98-\\xf9=\\f+\\x7fw\\xc8\\x955\\xc6\\xf1\\x10\\x0e\\xad\\xbd\\xf0\\xc6\\xaf\\xe2\\x8d\\xa1y\\xefa\\xf7b\\x1f\\xb8q\\x03\\xed\\x1a\\x8b\\x03)\\x89h\\x02n\\x95\\xf0\\xba\\xe99\\xc2\\xcd\\xbb\\xad\\x1d\\xe1\\xca\\xd0b9\\x8cjy\\xe7\\x10\\xfc{m\\x1b\\xa2\\x81\\xd7\\x12g\\xfb\\x88\\xd6+\\x7f\\x10\\xdc~\\xab\\x8ce\\xe5\\xaf;\\xa3\\xa2\\\\x8bg\\xc8\\x00\\x87f\\xe6z\\x7fx\\x13\\xcc\\xacoi1z^\\x1e\r'\"`k\\xb9#\\x1f\\xc6p;\\xe5;\\x14\\xbec\\x9a\\x91\\xe1`\\x15\\x9d\\x8b\\xd3s\\xe7\\x92\\x80\\xfd\\xe53\\x08q\\x17\\x86\\x14eyva\\x8d\\xd0w\\xda\\xe3\tf0@\\x02\\xa4\\x1f\\xe0\\xa8\\x1b\\xcc\\x95z="
- }
- ]
- },
- {
- "Description": "Creates a hidden or system file",
- "Details": [
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\~WRL0001.tmp"
- },
- {
- "file": "C:\\Users\\user\\AppData\\Local\\Temp\\~WRL0003.tmp"
- }
- ]
- },
- {
- "Description": "File has been identified by 28 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "MicroWorld-eScan": "Exploit.CVE-2017-11882.Gen"
- },
- {
- "FireEye": "Exploit.CVE-2017-11882.Gen"
- },
- {
- "McAfee": "Exploit-CVE2017-11882.bu"
- },
- {
- "Arcabit": "Exploit.CVE-2017-11882.Gen"
- },
- {
- "Symantec": "Exp.CVE-2017-11882!g3"
- },
- {
- "ESET-NOD32": "probably a variant of Win32/Exploit.CVE-2017-11882.A"
- },
- {
- "Kaspersky": "HEUR:Exploit.MSOffice.Generic"
- },
- {
- "BitDefender": "Exploit.CVE-2017-11882.Gen"
- },
- {
- "Ad-Aware": "Exploit.CVE-2017-11882.Gen"
- },
- {
- "Emsisoft": "Exploit.CVE-2017-11882.Gen (B)"
- },
- {
- "F-Secure": "Exploit:W97M/CVE-2017-0199.B"
- },
- {
- "DrWeb": "Exploit.ShellCode.69"
- },
- {
- "McAfee-GW-Edition": "Exploit-CVE2017-11882.bu"
- },
- {
- "Sophos": "Troj/RtfExp-EQ"
- },
- {
- "Cyren": "CVE-2017-11882.C.gen!Camelot"
- },
- {
- "Avira": "EXP/CVE-2017-11882.Gen"
- },
- {
- "MAX": "malware (ai score=94)"
- },
- {
- "Microsoft": "Trojan:O97M/Obfuse.AE"
- },
- {
- "AhnLab-V3": "OLE/Cve-2017-11882.Gen"
- },
- {
- "ZoneAlarm": "HEUR:Exploit.MSOffice.Generic"
- },
- {
- "GData": "Exploit.CVE-2017-11882.Gen (2x)"
- },
- {
- "ALYac": "Exploit.CVE-2017-11882.Gen"
- },
- {
- "TACHYON": "Trojan-Exploit/RTF.CVE-2017-11882"
- },
- {
- "Zoner": "Probably W97NativeOnly"
- },
- {
- "Rising": "Exploit.CVE-2017-11882!1.B40D (CLASSIC)"
- },
- {
- "Ikarus": "Exploit.CVE-2017-11882"
- },
- {
- "Fortinet": "MSOffice/CVE_2017_11882.BB!exploit"
- },
- {
- "Qihoo-360": "virus.exp.21711882.d"
- }
- ]
- }
- ]
- [*] Started Service: [
- "osppsvc"
- ]
- [*] Executed Commands: []
- [*] Mutexes: [
- "Local\\2BF388D5-6F8C-40A0-A7EE-996D005C4E14_Office15",
- "Global\\MTX_MSO_Formal1_S-1-5-21-0000000000-0000000000-0000000000-1000",
- "Global\\MTX_MSO_AdHoc1_S-1-5-21-0000000000-0000000000-0000000000-1000",
- "5CAC3FAB-87F0-4750-984D-D50144543427-VER15",
- "CicLoadWinStaWinSta0",
- "Local\\MSCTF.CtfMonitorInstMutexDefault1",
- "Global\\MsoShellExtRegAccess_S-1-5-21-0000000000-0000000000-0000000000-1000",
- "Global\\552FFA80-3393-423d-8671-7BA046BB5906",
- "Local\\{F99C425F-9135-43ed-BD7D-396DE488DC53}"
- ]
- [*] Modified Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\Docs_e5eedd3ea0def63d52e914333dca815e.doc",
- "C:\\Users\\user\\AppData\\Local\\Temp\\~$cs_e5eedd3ea0def63d52e914333dca815e.doc",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRF{1D551D94-0E19-4215-913F-F6A797F919FF}.tmp",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\15.0\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=10",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\6BADA8974A10C4BD62CC921D13E43B18_88614FFAD35D353421B8A7E1FE18FCE4",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\37D958F0157C4E87D39A5E7FAB3AECCC_090773D7F9DBE1D85BCB60985361F32E",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab1180.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar1181.tmp",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS{B70E099B-142A-4FF5-8065-BBE6C3CCEF31}.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\AutoRecovery save of Docs_e5eedd3ea0def63d52e914333dca815e.asd",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\~WRD0000.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\~WRL0001.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\~DF9008C172DCE5C303.TMP",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3A66.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3A77.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3AC6.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C1F.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C20.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C30.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C60.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C81.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DBD.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DBE.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DAA.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DAB.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DBC.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3F75.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4021.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4032.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4043.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4054.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4076.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4065.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4096.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4044.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4191.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab45F7.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4627.tmp",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab4A4E.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar4A4F.tmp",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab5231.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5220.tmp\\TabbedArc.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5270.tmp\\Element design set.dotx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5220.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab54C3.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar54C4.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328951[[fn=Tabbed Arc]].glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab5542.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5270.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55DF.tmp\\ThemePictureGrid.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55DF.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55E0.tmp\\iso690.xsl",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55F1.tmp\\InterconnectedBlockProcess.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55E0.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5611.tmp\\content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55F1.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab5A3C.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD579A.tmp\\pictureorgchart.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5799.tmp\\sist02.xsl",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5A0C.tmp\\ThemePictureAccent.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab5A4D.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD579A.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5A0C.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5611.tmp\\Metropolitan.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar5A3D.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5799.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5AFB.tmp\\content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5AAC.tmp\\chicago.xsl",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5AFB.tmp\\Dividend.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5B79.tmp\\Text Sidebar (Annual Report Red and Black design).docx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5B79.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5AAC.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328935[[fn=Picture Organization Chart]].glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5CA3.tmp\\ieee2006officeonline.xsl",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Building Blocks\\1033\\TM03998158[[fn=Element]].dotx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab5D9E.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328975[[fn=Theme Picture Accent]].glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5CA3.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328925[[fn=Interconnected Block Process]].glox",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851223[[fn=iso690]].xsl",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851227[[fn=sist02]].xsl",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328986[[fn=Theme Picture Grid]].glox",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457491[[fn=Metropolitan]].thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab5F93.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851217[[fn=chicago]].xsl",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Building Blocks\\1033\\TM02835233[[fn=Text Sidebar (Annual Report Red and Black design)]].docx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar5F94.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457464[[fn=Dividend]].thmx",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851222[[fn=ieee2006officeonline]].xsl",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6022.tmp\\PictureFrame.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6022.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6052.tmp\\Headlines.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6052.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328932[[fn=Picture Frame]].glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD60D0.tmp\\content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD60D0.tmp\\Frame.thmx",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM10001103[[fn=Headlines]].thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab618C.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457475[[fn=Frame]].thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab61EB.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD620B.tmp\\Crop.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD620B.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM10001105[[fn=Crop]].thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6306.tmp\\Badge.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6306.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM10001106[[fn=Badge]].thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab6643.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD66A4.tmp\\gb.xsl",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6925.tmp\\CircleProcess.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD66A3.tmp\\BracketList.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD66A3.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6925.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab6D7F.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6DA1.tmp\\TabList.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6CE2.tmp\\gostname.xsl",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6C15.tmp\\ConvergingText.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6CE1.tmp\\chevronaccent.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6C14.tmp\\architecture.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D80.tmp\\VaryingWidthList.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D91.tmp\\mlaseventheditionofficeonline.xsl",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6C15.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD66A4.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6DA1.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D80.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6C14.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6E7D.tmp\\Berlin.thmx",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328990[[fn=Varying Width List]].glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6CE2.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6CE1.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab714D.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D91.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD71AB.tmp\\APASixthEditionOfficeOnline.xsl",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328884[[fn=architecture]].glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6E7D.tmp\\content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7239.tmp\\content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7269.tmp\\harvardanglia2008officeonline.xsl",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328893[[fn=BracketList]].glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7239.tmp\\Quotable.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab744E.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328972[[fn=Tab List]].glox",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851218[[fn=gb]].xsl",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7269.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab7549.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328916[[fn=Converging Text]].glox",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851225[[fn=mlaseventheditionofficeonline]].xsl",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD71AB.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328908[[fn=Circle Process]].glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7644.tmp\\HexagonRadial.glox",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851219[[fn=gostname]].xsl",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033917[[fn=Berlin]].thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7644.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328905[[fn=Chevron Accent]].glox",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851216[[fn=apasixtheditionofficeonline]].xsl",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Bibliography Styles\\TM02851221[[fn=harvardanglia2008officeonline]].xsl",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457503[[fn=Quotable]].thmx",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\SmartArt Graphics\\1033\\TM03328919[[fn=Hexagon Radial]].glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7868.tmp\\content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7898.tmp\\Circuit.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7899.tmp\\content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7868.tmp\\Wood_Type.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7899.tmp\\Savon.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab78E8.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7898.tmp\\content.inf",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03090434[[fn=Wood Type]].thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\~WRD0002.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM03457510[[fn=Savon]].thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\~WRL0003.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7B2B.tmp\\content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7B2B.tmp\\Droplet.thmx",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033919[[fn=Circuit]].thmx",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033925[[fn=Droplet]].thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab832B.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab839A.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD83D9.tmp\\Feathered.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD83D9.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM10001104[[fn=Feathered]].thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8486.tmp\\content.inf",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8486.tmp\\Main_Event.thmx",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\TM04033927[[fn=Main Event]].thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab8AB1.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8B9C.tmp\\Insight design set.dotx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8B9C.tmp\\Content.inf",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Word Document Building Blocks\\1033\\TM03998159[[fn=Insight]].dotx"
- ]
- [*] Deleted Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab1180.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar1181.tmp",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Schemas\\MS Word_restart.xml",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\AutoRecovery save of Docs_e5eedd3ea0def63d52e914333dca815e.asd",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\~WRD0000.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Word\\~WRL0001.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM04033937[[fn=Vapor Trail]].eftx",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM04033937[[fn=Vapor Trail]].xml",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM04033937[[fn=Vapor Trail]].xml",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM04033929[[fn=Slate]].eftx",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM04033929[[fn=Slate]].xml",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM04033929[[fn=Slate]].xml",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab4A4E.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar4A4F.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM04033921[[fn=Damask]].eftx",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM03457515[[fn=View]].eftx",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM03457496[[fn=Parallax]].eftx",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM03457485[[fn=Mesh]].eftx",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM03457496[[fn=Parallax]].xml",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM03457515[[fn=View]].xml",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM04033921[[fn=Damask]].xml",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM03457485[[fn=Mesh]].xml",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5220.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM04033921[[fn=Damask]].xml",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM03457515[[fn=View]].xml",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM03457485[[fn=Mesh]].xml",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5270.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM03457496[[fn=Parallax]].xml",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5220.tmp\\TabbedArc.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab54C3.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar54C4.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DAB.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55DF.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55E0.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55F1.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5611.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM03457444[[fn=Basis]].eftx",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM03457444[[fn=Basis]].xml",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD579A.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5799.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5A0C.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM03457444[[fn=Basis]].xml",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5AFB.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5AAC.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab5A3C.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar5A3D.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5B79.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5CA3.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD579A.tmp\\pictureorgchart.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4076.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5270.tmp\\Element design set.dotx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab5231.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Effects\\TM03090430[[fn=Banded]].eftx",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Fonts\\TM03090430[[fn=Banded]].xml",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5A0C.tmp\\ThemePictureAccent.glox",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\15\\Managed\\Document Themes\\1033\\Theme Colors\\TM03090430[[fn=Banded]].xml",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C1F.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55F1.tmp\\InterconnectedBlockProcess.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3F75.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55E0.tmp\\iso690.xsl",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C60.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5799.tmp\\sist02.xsl",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD55DF.tmp\\ThemePictureGrid.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4032.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C81.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5611.tmp\\Metropolitan.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4627.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5AAC.tmp\\chicago.xsl",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5B79.tmp\\Text Sidebar (Annual Report Red and Black design).docx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3A66.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3AC6.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5AFB.tmp\\Dividend.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD5CA3.tmp\\ieee2006officeonline.xsl",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab5542.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Cab5F93.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6022.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DBE.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Tar5F94.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6052.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD60D0.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6022.tmp\\PictureFrame.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4044.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6052.tmp\\Headlines.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab5D9E.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD60D0.tmp\\Frame.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab5A4D.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD620B.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD620B.tmp\\Crop.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6306.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab618C.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6306.tmp\\Badge.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab61EB.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD66A4.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD66A3.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6925.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6C15.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6CE1.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6CE2.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6C14.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D80.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D91.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6DA1.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6E7D.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D80.tmp\\VaryingWidthList.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4054.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD71AB.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7239.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6C14.tmp\\architecture.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4043.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD66A3.tmp\\BracketList.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4096.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6DA1.tmp\\TabList.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4191.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD66A4.tmp\\gb.xsl",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C30.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6C15.tmp\\ConvergingText.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6D91.tmp\\mlaseventheditionofficeonline.xsl",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DAA.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DBC.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6925.tmp\\CircleProcess.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3C20.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7644.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6CE2.tmp\\gostname.xsl",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4065.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6E7D.tmp\\Berlin.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab6D7F.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD6CE1.tmp\\chevronaccent.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3DBD.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD71AB.tmp\\APASixthEditionOfficeOnline.xsl",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab3A77.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7269.tmp\\harvardanglia2008officeonline.xsl",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab4021.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7239.tmp\\Quotable.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7644.tmp\\HexagonRadial.glox",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab6643.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab45F7.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7868.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7899.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7898.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7868.tmp\\Wood_Type.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab714D.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7899.tmp\\Savon.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab7549.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7B2B.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7898.tmp\\Circuit.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab744E.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\~WRL0003.tmp",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS{B70E099B-142A-4FF5-8065-BBE6C3CCEF31}.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\~$cs_e5eedd3ea0def63d52e914333dca815e.doc",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD7B2B.tmp\\Droplet.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab78E8.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD83D9.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8486.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD83D9.tmp\\Feathered.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab832B.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8486.tmp\\Main_Event.thmx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab839A.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8B9C.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\TCD8B9C.tmp\\Insight design set.dotx",
- "C:\\Users\\user\\AppData\\Local\\Temp\\cab8AB1.tmp"
- ]
- [*] Modified Registry Keys: [
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\&>'",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2E\\52C64B7E\\LanguageList",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\RemoteClearDate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\Last",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\FilePath",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\StartDate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\EndDate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\Properties",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\AllUsers\\office15client.microsoft.com\\config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4569&crev=1\\0\\Url",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Internet\\WebServiceCache\\LastClean",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Security\\Trusted Documents\\LastPurgeTime",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingConfigurableSettings",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastSyncTime",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Roaming\\RoamingLastWriteTime",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ReviewCycle\\ReviewToken",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\120502D",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\120502D\\120502D",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\OUTLOOKFiles",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\General\\LastAutoSavePurgeTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005119110000000000000000F01FEC\\Usage\\ProductFiles",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\120502D\\12F7988",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03090434",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457503",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033917",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457510",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001105",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033919",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457464",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457475",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033925",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033927",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457485",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033937",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001106",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033921",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457444",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03090430",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457515",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457496",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033929",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457491",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001103",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM10001104",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328998",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328990",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328986",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328983",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328975",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328972",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328951",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328940",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328935",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328932",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328925",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328919",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328908",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328884",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328916",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM02835233",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM01840907",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851223",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851226",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851225",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851227",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851220",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851219",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851216",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851222",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851218",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851221",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851217",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851224",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM03998159",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM03998158",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328893",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328905",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Licensing\\09D07EFC505F4D9CBFD5ACE3217F6654",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109F100A0C00000000000F01FEC\\Usage\\SpellingAndGrammarFiles_3082",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109F100C0400000000000F01FEC\\Usage\\SpellingAndGrammarFiles_1036",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109F10090400000000000F01FEC\\Usage\\SpellingAndGrammarFiles_1033",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Arial Unicode MS",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Batang",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@BatangChe",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@DFKai-SB",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Dotum",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@DotumChe",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@FangSong",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Gulim",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@GulimChe",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Gungsuh",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@GungsuhChe",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@KaiTi",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Malgun Gothic",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Meiryo",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Meiryo UI",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft JhengHei",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft JhengHei UI",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft YaHei",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@Microsoft YaHei UI",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU_HKSCS",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU_HKSCS-ExtB",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MingLiU-ExtB",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS Gothic",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS Mincho",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS PGothic",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS PMincho",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@MS UI Gothic",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@NSimSun",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@PMingLiU",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@PMingLiU-ExtB",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@SimHei",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@SimSun",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\@SimSun-ExtB",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Agency FB",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Aharoni",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Algerian",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Andalus",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Angsana New",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\AngsanaUPC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Aparajita",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arabic Typesetting",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Black",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Narrow",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Rounded MT Bold",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Arial Unicode MS",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Baskerville Old Face",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Batang",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\BatangChe",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bauhaus 93",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bell MT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Berlin Sans FB",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Berlin Sans FB Demi",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bernard MT Condensed",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Blackadder ITC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT Black",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT Condensed",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bodoni MT Poster Compressed",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Book Antiqua",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bookman Old Style",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bookshelf Symbol 7",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Bradley Hand ITC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Britannic Bold",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Broadway",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Browallia New",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\BrowalliaUPC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Brush Script MT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Calibri",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Calibri Light",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Californian FB",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Calisto MT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cambria",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cambria Math",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Candara",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Castellar",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Centaur",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Century",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Century Gothic",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Century Schoolbook",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Chiller",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Colonna MT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Comic Sans MS",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Consolas",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Constantia",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cooper Black",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Copperplate Gothic Bold",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Copperplate Gothic Light",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Corbel",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Cordia New",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\CordiaUPC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Courier New",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Curlz MT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DaunPenh",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\David",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DFKai-SB",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DilleniaUPC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DokChampa",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Dotum",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\DotumChe",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Ebrima",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Edwardian Script ITC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Elephant",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Engravers MT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Bold ITC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Demi ITC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Light ITC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Eras Medium ITC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Estrangelo Edessa",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\EucrosiaUPC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Euphemia",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\FangSong",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Felix Titling",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Footlight MT Light",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Forte",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Book",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Demi",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Demi Cond",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Heavy",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Medium",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Franklin Gothic Medium Cond",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\FrankRuehl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\FreesiaUPC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Freestyle Script",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\French Script MT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gabriola",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gadugi",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Garamond",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gautami",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Georgia",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gigi",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans MT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans MT Condensed",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans MT Ext Condensed Bold",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans Ultra Bold",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gill Sans Ultra Bold Condensed",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gisha",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gloucester MT Extra Condensed",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Goudy Old Style",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Goudy Stout",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gulim",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\GulimChe",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Gungsuh",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\GungsuhChe",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Haettenschweiler",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Harlow Solid Italic",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Harrington",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\High Tower Text",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Impact",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Imprint MT Shadow",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Informal Roman",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\IrisUPC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Iskoola Pota",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\JasmineUPC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Jokerman",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Juice ITC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\KaiTi",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kalinga",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kartika",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Khmer UI",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\KodchiangUPC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kokila",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kristen ITC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Kunstler Script",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lao UI",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Latha",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Leelawadee",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Levenim MT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\LilyUPC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Bright",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Calligraphy",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Console",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Fax",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Handwriting",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Sans",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Sans Typewriter",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Lucida Sans Unicode",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Magneto",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Maiandra GD",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Malgun Gothic",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Mangal",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Marlett",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Matura MT Script Capitals",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Meiryo",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Meiryo UI",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Himalaya",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft JhengHei",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft JhengHei UI",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft New Tai Lue",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft PhagsPa",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Sans Serif",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Tai Le",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Uighur",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft YaHei",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft YaHei UI",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Microsoft Yi Baiti",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU_HKSCS",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU_HKSCS-ExtB",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MingLiU-ExtB",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Miriam",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Miriam Fixed",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Mistral",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Modern No. 20",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Mongolian Baiti",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Monotype Corsiva",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MoolBoran",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Gothic",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Mincho",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Outlook",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS PGothic",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS PMincho",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Reference Sans Serif",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Toolbars\\Settings\\Microsoft Word",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS Reference Specialty",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MS UI Gothic",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MT Extra",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\MV Boli",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Narkisim",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Niagara Engraved",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Niagara Solid",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Nirmala UI",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\NSimSun",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Nyala",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\OCR A Extended",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Old English Text MT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Onyx",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Palace Script MT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Palatino Linotype",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Papyrus",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Parchment",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Perpetua",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Perpetua Titling MT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Plantagenet Cherokee",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Playbill",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\PMingLiU",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\PMingLiU-ExtB",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Poor Richard",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Pristina",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Raavi",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rage Italic",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Ravie",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rockwell",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rockwell Condensed",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rockwell Extra Bold",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Rod",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Sakkal Majalla",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Script MT Bold",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe Print",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe Script",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Light",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Semibold",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Semilight",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Segoe UI Symbol",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Shonar Bangla",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Showcard Gothic",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Shruti",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\SimHei",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Simplified Arabic",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Simplified Arabic Fixed",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\SimSun",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\SimSun-ExtB",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Snap ITC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Stencil",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Sylfaen",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Symbol",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tahoma",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tempus Sans ITC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Times New Roman",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Traditional Arabic",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Trebuchet MS",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tunga",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tw Cen MT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tw Cen MT Condensed",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Tw Cen MT Condensed Extra Bold",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Utsaah",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vani",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Verdana",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vijaya",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Viner Hand ITC",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vivaldi",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vladimir Script",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Vrinda",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Webdings",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wide Latin",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wingdings",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wingdings 2",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\MathFonts\\Wingdings 3",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\00005109E60090400000000000F01FEC\\Usage\\ProductNonBootFilesIntl_1033",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\NextUpdate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\LastUpdate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\NextUpdate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\LastUpdate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0\\File Path",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0\\Datetime",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Reading Locations\\Document 0\\Position",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Common\\Cloud Storage",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ForceCacheRefresh",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OnceSucceeded",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINT\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365MOUNTED_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINT\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\O365_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\OFFOPTIN_DOCSTORAGE_LIMITED\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\DefaultFolderRelativePath",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINTGROUP\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\HideIfEmpty",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\ONPREM_SHAREPOINT_OTHER\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\RegularExpression",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLINBOX_SKYDRIVE\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_CONNECT\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_MARKETPLACE\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Capabilities",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ConnectMechanism",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsManaged",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\IsRemovable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceOwner",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SortOrder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\SupportsMultiple",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\CapabilitiesMetadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Description",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Name",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceId",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\ServiceUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultCreateRelativePath",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\DefaultFolderRelativePath",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\KeyTip",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\RegularExpression",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Metadata\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url16x16",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url32x32",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\WLMOUNTED_SKYDRIVE\\Thumbnails\\Url48x48",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\NextUpdate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\LastUpdate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\NextUpdate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\LastUpdate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\MTTF",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\MTTA",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\Feedback\\AppUsageData_1",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\MTTT"
- ]
- [*] Deleted Registry Keys: [
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\&>'",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\StartupItems\\~\"&",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851220",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851226",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328940",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocBibs\\1033\\TM02851224",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328998",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\WordDocParts\\1033\\TM01840907",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\SmartArt\\1033\\TM03328983",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033937",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033929",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM04033921",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457515",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457485",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457496",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03457444",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\LCCache\\Themes\\1033\\TM03090430",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\120502D\\12F7988",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\Resiliency\\DocumentRecovery\\120502D\\120502D",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\CacheReady",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastRequest",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\LastUpdate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Common\\ServicesManagerCache\\ServicesCatalog\\NextUpdate",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Word\\MTTT"
- ]
- [*] DNS Communications: [
- {
- "type": "A",
- "request": "blogmason.mixh.jp",
- "answers": [
- {
- "data": "150.95.52.111",
- "type": "A"
- }
- ]
- }
- ]
- [*] Domains: [
- {
- "ip": "150.95.52.111",
- "domain": "blogmason.mixh.jp"
- }
- ]
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.usertrust.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.msocsp.com",
- "version": "1.1",
- "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
- "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.comodoca.com",
- "version": "1.1",
- "path": "/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY",
- "data": "GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 25,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/microsoftrootcert.crl",
- "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 3,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
- "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.comodoca.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "www.download.windowsupdate.com",
- "version": "1.1",
- "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
- "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.thawte.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "th.symcd.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.digicert.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.pki.goog",
- "version": "1.1",
- "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
- "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "redirector.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe",
- "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "HEAD",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "HEAD /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=0-7102\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7103-18212\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=18213-29313\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=29314-40414\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=40415-63266\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=63267-110661\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=110662-165003\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=165004-302452\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=302453-495140\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=495141-806691\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=806692-1309037\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=1309038-2258543\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=2258544-3096732\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=3096733-4185520\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=4185521-5795954\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=5795955-7539026\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=7539027-8767370\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=8767371-10078926\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=10078927-11935558\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://r4---sn-tt1e7n7k.gvt1.com/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "user-agent": "Microsoft BITS/7.5",
- "method": "GET",
- "host": "r4---sn-tt1e7n7k.gvt1.com",
- "version": "1.1",
- "path": "/edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes",
- "data": "GET /edgedl/release2/chrome/ANcTHgjx95-y_74.0.3729.169/74.0.3729.169_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=172.98.67.13&mm=28&mn=sn-tt1e7n7k&ms=nvh&mt=1560934413&mv=m&pl=24&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Tue, 21 May 2019 04:56:27 GMT\r\nRange: bytes=11935559-12296959\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r4---sn-tt1e7n7k.gvt1.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {}
- [*] Resolved APIs: [
- "mso.dll.#1443",
- "mso.dll.#9214",
- "mso.dll.#199",
- "mso.dll.#1073",
- "mso.dll.#4255",
- "mso.dll.#3459",
- "mso.dll.#1262",
- "mso.dll.#5709",
- "mso.dll.#7353",
- "mso.dll.#5228",
- "mso.dll.#2155",
- "mso.dll.#1725",
- "user32.dll.RegisterWindowMessageW",
- "secur32.dll.FreeContextBuffer",
- "ncrypt.dll.SslOpenProvider",
- "ncrypt.dll.GetSChannelInterface",
- "bcryptprimitives.dll.GetHashInterface",
- "ncrypt.dll.SslIncrementProviderReferenceCount",
- "ncrypt.dll.SslImportKey",
- "bcryptprimitives.dll.GetCipherInterface",
- "ncrypt.dll.SslLookupCipherSuiteInfo",
- "user32.dll.LoadStringW",
- "ncrypt.dll.BCryptOpenAlgorithmProvider",
- "ncrypt.dll.BCryptGetProperty",
- "ncrypt.dll.BCryptCreateHash",
- "ncrypt.dll.BCryptHashData",
- "ncrypt.dll.BCryptFinishHash",
- "ncrypt.dll.BCryptDestroyHash",
- "crypt32.dll.CertGetCertificateChain",
- "userenv.dll.GetUserProfileDirectoryW",
- "sechost.dll.ConvertSidToStringSidW",
- "sechost.dll.ConvertStringSidToSidW",
- "userenv.dll.RegisterGPNotification",
- "gpapi.dll.RegisterGPNotificationInternal",
- "sechost.dll.OpenSCManagerW",
- "sechost.dll.OpenServiceW",
- "sechost.dll.CloseServiceHandle",
- "sechost.dll.QueryServiceConfigW",
- "cryptsp.dll.CryptAcquireContextA",
- "cryptsp.dll.CryptCreateHash",
- "cryptsp.dll.CryptHashData",
- "cryptsp.dll.CryptVerifySignatureA",
- "mso.dll.#4314",
- "cryptsp.dll.CryptDestroyKey",
- "cryptsp.dll.CryptDestroyHash",
- "sxs.dll.SxsOleAut32MapReferenceClsidToConfiguredClsid",
- "bcryptprimitives.dll.GetAsymmetricEncryptionInterface",
- "ncrypt.dll.BCryptImportKeyPair",
- "ncrypt.dll.BCryptVerifySignature",
- "ncrypt.dll.BCryptDestroyKey",
- "crypt32.dll.CertVerifyCertificateChainPolicy",
- "crypt32.dll.CertFreeCertificateChain",
- "crypt32.dll.CertDuplicateCertificateContext",
- "ncrypt.dll.SslEncryptPacket",
- "mso.dll.#6484",
- "mso.dll.#8499",
- "mso.dll.#9871",
- "mso.dll.#4743",
- "mso.dll.#5452",
- "mso.dll.#2088",
- "mso.dll.#5274",
- "mso.dll.#3195",
- "mso.dll.#8165",
- "mso.dll.#9175",
- "mso.dll.#5315",
- "mso.dll.#8140",
- "user32.dll.IsWindowEnabled",
- "ole32.dll.CoGetCallState",
- "ole32.dll.CoGetActivationState",
- "advapi32.dll.RegisterWaitChainCOMCallback",
- "ncrypt.dll.SslDecryptPacket",
- "winhttp.dll.WinHttpReceiveResponse",
- "winhttp.dll.WinHttpQueryHeaders",
- "winhttp.dll.WinHttpQueryDataAvailable",
- "winhttp.dll.WinHttpReadData",
- "webservices.dll.WsCreateError",
- "ntdll.dll.EtwEventWrite",
- "ntdll.dll.EtwEventRegister",
- "ntdll.dll.EtwEventUnregister",
- "webservices.dll.WsCreateHeap",
- "webservices.dll.WsCreateReader",
- "webservices.dll.WsSetInput",
- "webservices.dll.WsFillReader",
- "webservices.dll.WsReadToStartElement",
- "webservices.dll.WsReadStartElement",
- "webservices.dll.WsReadType",
- "winhttp.dll.WinHttpCloseHandle",
- "crypt32.dll.CertFreeCertificateContext",
- "rpcrt4.dll.RpcBindingFree",
- "webservices.dll.WsFreeReader",
- "webservices.dll.WsFreeError",
- "webservices.dll.WsFreeHeap",
- "webservices.dll.WsCreateServiceProxyFromTemplate",
- "winhttp.dll.WinHttpOpenRequest",
- "winhttp.dll.WinHttpAddRequestHeaders",
- "winhttp.dll.WinHttpSendRequest",
- "winhttp.dll.WinHttpConnect",
- "winhttp.dll.WinHttpCrackUrl",
- "winhttp.dll.WinHttpSetStatusCallback",
- "winhttp.dll.WinHttpOpen",
- "winhttp.dll.WinHttpSetOption",
- "winhttp.dll.WinHttpWriteData",
- "winhttp.dll.WinHttpSetCredentials",
- "winhttp.dll.WinHttpQueryAuthSchemes",
- "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
- "winhttp.dll.WinHttpGetProxyForUrl",
- "winhttp.dll.WinHttpQueryOption",
- "webservices.dll.WsOpenServiceProxy",
- "webservices.dll.WsCall",
- "webservices.dll.WsAddCustomHeader",
- "shlwapi.dll.StrStrA",
- "shlwapi.dll.UrlUnescapeA",
- "user32.dll.IsHungAppWindow",
- "ole32.dll.CoTaskMemFree",
- "ole32.dll.CoTaskMemAlloc",
- "ole32.dll.CoInitializeEx",
- "ole32.dll.CoUninitialize",
- "cryptnet.dll.CertDllVerifyRevocation",
- "profapi.dll.#104",
- "sensapi.dll.IsNetworkAlive",
- "rpcrt4.dll.RpcBindingFromStringBindingW",
- "rpcrt4.dll.RpcBindingSetAuthInfoExW",
- "rpcrt4.dll.NdrClientCall2",
- "winhttp.dll.WinHttpSetTimeouts",
- "winhttp.dll.WinHttpGetDefaultProxyConfiguration",
- "winhttp.dll.WinHttpTimeFromSystemTime",
- "shlwapi.dll.StrStrIW",
- "cryptnet.dll.I_CryptNetGetConnectivity",
- "cryptnet.dll.CryptRetrieveObjectByUrlW",
- "setupapi.dll.SetupIterateCabinetW",
- "kernel32.dll.RegOpenKeyExW",
- "kernel32.dll.RegCloseKey",
- "cabinet.dll.#20",
- "cabinet.dll.#22",
- "devrtl.dll.DevRtlGetThreadLogToken",
- "cryptsp.dll.CryptSetHashParam",
- "sechost.dll.QueryServiceConfigA",
- "sechost.dll.QueryServiceStatus",
- "rpcrt4.dll.RpcStringBindingComposeA",
- "rpcrt4.dll.RpcBindingFromStringBindingA",
- "rpcrt4.dll.RpcEpResolveBinding",
- "sechost.dll.LookupAccountSidLocalW",
- "rpcrt4.dll.RpcStringFreeA",
- "webservices.dll.WsResetHeap",
- "webservices.dll.WsCloseServiceProxy",
- "ws2_32.dll.#3",
- "webservices.dll.WsFreeServiceProxy",
- "ncrypt.dll.SslDecrementProviderReferenceCount",
- "ncrypt.dll.SslFreeObject",
- "user32.dll.RegisterPowerSettingNotification",
- "powrprof.dll.PowerSettingRegisterNotification",
- "user32.dll.GetWindowThreadProcessId",
- "user32.dll.GetWindowTextW",
- "mso.dll.#25",
- "mso.dll.#1056",
- "mso.dll.#8136",
- "mso.dll.#8931",
- "shell32.dll.SHGetFileInfoW",
- "mso.dll.#5362",
- "mso.dll.#6044",
- "mso.dll.#6516",
- "mso.dll.#6221",
- "mso.dll.#5780",
- "mso.dll.#4870",
- "mso.dll.#6046",
- "mso.dll.#1241",
- "mso.dll.#2821",
- "mso.dll.#2340",
- "mso.dll.#7287",
- "mso.dll.#5290",
- "mso.dll.#1508",
- "user32.dll.IsZoomed",
- "user32.dll.GetWindowPlacement",
- "user32.dll.GetWindowRect",
- "mso.dll.#821",
- "user32.dll.GetSystemMetrics",
- "user32.dll.MonitorFromWindow",
- "user32.dll.MonitorFromRect",
- "user32.dll.MonitorFromPoint",
- "user32.dll.EnumDisplayMonitors",
- "user32.dll.GetMonitorInfoA",
- "user32.dll.EnumDisplayDevicesA",
- "mso.dll.#2378",
- "user32.dll.SetWindowPos",
- "user32.dll.AdjustWindowRect",
- "mso.dll.#5912",
- "mso.dll.#9719",
- "mso.dll.#8824",
- "mso.dll.#6117",
- "mso.dll.#3307",
- "user32.dll.SendMessageW",
- "user32.dll.DestroyIcon",
- "mso.dll.#3813",
- "mso.dll.#1815",
- "user32.dll.PtInRect",
- "mso.dll.#1613",
- "user32.dll.SetWindowTextW",
- "user32.dll.GetClassLongW",
- "mso.dll.#8572",
- "gdi32.dll.CreateDIBSection",
- "gdi32.dll.CreateCompatibleDC",
- "gdi32.dll.GetViewportOrgEx",
- "gdi32.dll.SetViewportOrgEx",
- "gdi32.dll.SetBkColor",
- "gdi32.dll.ExtTextOutA",
- "mso.dll.#1573",
- "mso.dll.#8612",
- "user32.dll.SetScrollRange",
- "mso.dll.#2509",
- "user32.dll.BeginDeferWindowPos",
- "user32.dll.DeferWindowPos",
- "user32.dll.EndDeferWindowPos",
- "user32.dll.OffsetRect",
- "user32.dll.EnumChildWindows",
- "user32.dll.GetScrollInfo",
- "user32.dll.MapWindowPoints",
- "msptls.dll.?FsCreatePageFinite@Ptls6@@YGJPAUfscontext@1@PBUfsbreakrecpage@1@PAUfsnameclient@1@PAU_fsfmtr@1@PAPAUfspage@1@PAPAU31@@Z",
- "gdi32.dll.DeleteDC",
- "msptls.dll.?FsTransformRectangle@Ptls6@@YGJKPBUtagFSRECT@1@0KPAU21@@Z",
- "mso.dll.#6126",
- "msptls.dll.?LsCreateLine@Ptls6@@YGJPAUlscontext@1@PAUlsparaclient@1@PBUlspap@1@JPBUlslinerestr@1@PBUlsbreakrecline@1@PAPAU61@PAUlslinfo@1@PAPAVCLsLine@1@@Z",
- "gdi32.dll.GetFontRealizationInfo",
- "gdi32.dll.GetFontFileInfo",
- "gdi32.dll.GetFontFileData",
- "mso.dll.#7261",
- "mso.dll.#9540",
- "usp10.dll.ScriptGetFontScriptTags",
- "usp10.dll.ScriptGetFontLanguageTags",
- "usp10.dll.ScriptGetFontFeatureTags",
- "msptls.dll.?LsGetObjectName@Ptls6@@YG?AVLSNAMEEXP@1@PBVCLsDnode@1@@Z",
- "msptls.dll.?LsdnFinishWordRegular@Ptls6@@YGJPAVCLsDnode@1@JPAUlsrun@1@PBUlschp@1@PAVCLsObject@1@PBUOBJDIM@1@HHH@Z",
- "msptls.dll.?LsdnSetRigidDup@Ptls6@@YGJPAVCLsDnode@1@J@Z",
- "msptls.dll.?LsQueryLineVisibilityWord@Ptls6@@YGJPAVCLsLine@1@PAJPAH@Z",
- "msptls.dll.?LsQueryLineMaxDepth@Ptls6@@YGJPAVCLsLine@1@PAJ@Z",
- "msptls.dll.?LsEnumLine@Ptls6@@YGJPAVCLsLine@1@HHPBUtagLSPOINT@1@@Z",
- "msptls.dll.?LsModifyLineHeight@Ptls6@@YGJPAUlscontext@1@PAVCLsLine@1@JJJJ@Z",
- "msptls.dll.?FsQueryPageDetails@Ptls6@@YGJPAUfscontext@1@PBUfspage@1@PAUfspagedetails@1@@Z",
- "msptls.dll.?FsQueryPageSectionList@Ptls6@@YGJPAUfscontext@1@PBUfspage@1@JPAUfssectiondescription@1@PAJ@Z",
- "msptls.dll.?FsQuerySectionDetails@Ptls6@@YGJPAUfscontext@1@PBUfssection@1@PAUfssectiondetails@1@@Z",
- "msptls.dll.?FsQuerySectionCompositeColumnList@Ptls6@@YGJPAUfscontext@1@PBUfssection@1@JPAUfscompositecolumndescription@1@PAJ@Z",
- "msptls.dll.?FsQueryCompositeColumnDetails@Ptls6@@YGJPAUfscontext@1@PBUfscompositecolumn@1@PAUfscompositecolumndetails@1@@Z",
- "msptls.dll.?FsQueryTrackDetails@Ptls6@@YGJPAUfscontext@1@PBUfstrack@1@PAUfstrackdetails@1@@Z",
- "msptls.dll.?FsQueryTrackParaList@Ptls6@@YGJPAUfscontext@1@PBUfstrack@1@JPAUfsparadescription@1@PAJ@Z",
- "msptls.dll.?FsQueryTextDetails@Ptls6@@YGJPAUfscontext@1@PBUfspara@1@PAUfstextdetails@1@@Z",
- "msptls.dll.?FsQueryLineListComposite@Ptls6@@YGJPAUfscontext@1@PBUfspara@1@JPAUfslinedescriptioncomposite@1@PAJ@Z",
- "msptls.dll.?FsQueryLineCompositeElementList@Ptls6@@YGJPAUfscontext@1@PBUfsline@1@JPAUfslineelement@1@PAJ@Z",
- "msptls.dll.?LsDestroyLine@Ptls6@@YGJPAUlscontext@1@PAVCLsLine@1@@Z",
- "msptls.dll.?FsDestroyPage@Ptls6@@YGJPAUfscontext@1@PAUfspage@1@@Z",
- "msptls.dll.?FsDestroyContext@Ptls6@@YGJPAUfscontext@1@@Z",
- "user32.dll.SetRectEmpty",
- "user32.dll.InflateRect",
- "mso.dll.#1100",
- "mso.dll.#7047",
- "msptls.dll.?LsQueryLineDup@Ptls6@@YGJPAVCLsLine@1@PAUlslinearea@1@@Z",
- "user32.dll.GetCursor",
- "user32.dll.GetClientRect",
- "user32.dll.SetScrollInfo",
- "user32.dll.SetScrollPos",
- "mso.dll.#3747",
- "mso.dll.#8218",
- "mso.dll.#5394",
- "mso.dll.#331",
- "mso.dll.#6829",
- "mso.dll.#539",
- "mso.dll.#4959",
- "mso.dll.#6463",
- "mso.dll.#4987",
- "user32.dll.GetWindow",
- "mso.dll.#7195",
- "mso.dll.#7573",
- "mso.dll.#445",
- "user32.dll.GetCaretBlinkTime",
- "user32.dll.CreateCaret",
- "msptls.dll.?LsQueryLineCpPpoint@Ptls6@@YGJPAVCLsLine@1@JJPAUlsqsubinfo@1@PAJPAUlstextcell@1@@Z",
- "user32.dll.IntersectRect",
- "user32.dll.DestroyCaret",
- "user32.dll.GetCaretPos",
- "user32.dll.SetCaretPos",
- "mso.dll.#5932",
- "mso.dll.#2071",
- "mso.dll.#1024",
- "mso.dll.#6245",
- "mso.dll.#9041",
- "mso.dll.#1767",
- "mso.dll.#9369",
- "mso.dll.#4617",
- "user32.dll.FillRect",
- "mso.dll.#343",
- "mso.dll.#9636",
- "mso.dll.#2022",
- "mso.dll.#4750",
- "mso.dll.#4577",
- "mso.dll.#850",
- "mso.dll.#1776",
- "mso.dll.#9026",
- "mso.dll.#4497",
- "shell32.dll.SHAddToRecentDocs",
- "mso.dll.#4647",
- "mso.dll.#8926",
- "mso.dll.#7212",
- "mso.dll.#5407",
- "mso.dll.#5152",
- "mso.dll.#3327",
- "mso.dll.#6333",
- "mso.dll.#420",
- "mso.dll.#1335",
- "mso.dll.#2041",
- "mso.dll.#7834",
- "mso.dll.#239",
- "mso.dll.#6357",
- "mso.dll.#7026",
- "mso.dll.#1671",
- "ole32.dll.PropVariantClear",
- "oleaut32.dll.#9",
- "oleaut32.dll.#7",
- "mso.dll.#8263",
- "mso.dll.#9307",
- "mso.dll.#1441",
- "mso.dll.#9223",
- "mso.dll.#6453",
- "mso.dll.#8044",
- "mso.dll.#3698",
- "mso.dll.#8565",
- "mso.dll.#8373",
- "mso.dll.#9741",
- "mso.dll.#478",
- "mso.dll.#479",
- "mso.dll.#340",
- "bcrypt.dll.BCryptOpenAlgorithmProvider",
- "bcrypt.dll.BCryptGetProperty",
- "bcrypt.dll.BCryptCreateHash",
- "bcrypt.dll.BCryptHashData",
- "bcrypt.dll.BCryptFinishHash",
- "bcrypt.dll.BCryptDestroyHash",
- "bcrypt.dll.BCryptCloseAlgorithmProvider",
- "mso.dll.#8633",
- "mso.dll.#5213",
- "mso.dll.#6163",
- "mso.dll.#552",
- "mso.dll.#5630",
- "mso.dll.#2513",
- "mso.dll.#1607",
- "mso.dll.#791",
- "mso.dll.#1848",
- "mso.dll.#8735",
- "mso.dll.#9374",
- "mso.dll.#5286",
- "mso.dll.#6368",
- "mso.dll.#4262",
- "mso.dll.#1010",
- "mso.dll.#7979",
- "mso.dll.#8549",
- "mso.dll.#8970",
- "mso.dll.#9198",
- "mso.dll.#4795",
- "mso.dll.#1865",
- "mso.dll.#9688",
- "mso.dll.#320",
- "advapi32.dll.RegDeleteKeyA",
- "user32.dll.DestroyCursor",
- "mso.dll.#7173",
- "mso.dll.#8511",
- "mso.dll.#3299",
- "mso.dll.#7001",
- "mso.dll.#3913",
- "user32.dll.PeekMessageA",
- "mso.dll.#1380",
- "mso.dll.#9500",
- "user32.dll.TranslateMessage",
- "user32.dll.IsWindowUnicode",
- "user32.dll.DispatchMessageA",
- "user32.dll.DispatchMessageW",
- "user32.dll.UpdateWindow",
- "mso.dll.#999",
- "mso.dll.#287",
- "dwmapi.dll.DwmIsCompositionEnabled",
- "mso.dll.#1575",
- "mso.dll.#5034",
- "mso.dll.#1517",
- "mso.dll.#718",
- "mso.dll.#4708",
- "mso.dll.#8046",
- "mso.dll.#4175",
- "mso.dll.#8672",
- "mso.dll.#1990",
- "mso.dll.#3051",
- "mso.dll.#1819",
- "mso.dll.#1419",
- "oleaut32.dll.#147",
- "kernel32.dll.WerRegisterMemoryBlock",
- "dwrite.dll.DWriteCreateFactory",
- "advapi32.dll.RegQueryValueW",
- "apphelp.dll.ApphelpCheckShellObject",
- "ole32.dll.CoRevokeInitializeSpy",
- "comctl32.dll.#388",
- "gdi32.dll.GetCurrentObject",
- "gdi32.dll.BitBlt",
- "gdi32.dll.GetClipBox",
- "gdi32.dll.StretchDIBits",
- "riched20.dll.REExtendedRegisterClass",
- "user32.dll.GetWindowLongW",
- "user32.dll.GetSysColor",
- "user32.dll.SetWindowLongW",
- "user32.dll.RegisterWindowMessageA",
- "user32.dll.RegisterClipboardFormatW",
- "user32.dll.GetDoubleClickTime",
- "user32.dll.SetCaretBlinkTime",
- "user32.dll.SystemParametersInfoW",
- "user32.dll.GetKeyboardLayoutList",
- "mso.dll._MsoGetFidUspDll@0",
- "mso.dll._MsoLoadLocalizedLibraryEx@12",
- "usp10.dll.ScriptGetProperties",
- "usp10.dll.ScriptItemize",
- "user32.dll.LoadCursorW",
- "user32.dll.IsWindowVisible",
- "user32.dll.GetKeyboardLayout",
- "user32.dll.PostMessageW",
- "user32.dll.DefWindowProcW",
- "uxtheme.dll.IsThemeActive",
- "uxtheme.dll.IsAppThemed",
- "uxtheme.dll.OpenThemeData",
- "user32.dll.GetDC",
- "user32.dll.ReleaseDC",
- "user32.dll.IsIconic",
- "user32.dll.GetParent",
- "usp10.dll.ScriptGetCMap",
- "user32.dll.InvalidateRect",
- "user32.dll.HideCaret",
- "user32.dll.ShowCaret",
- "user32.dll.NotifyWinEvent",
- "user32.dll.GetWindowTextLengthW",
- "user32.dll.EnableWindow",
- "msctf.dll.SetInputScope",
- "user32.dll.GetWindowRgn",
- "gdi32.dll.CreateCompatibleBitmap",
- "gdi32.dll.SaveDC",
- "gdi32.dll.SetPixel",
- "gdi32.dll.GetPixel",
- "gdi32.dll.RestoreDC",
- "imm32.dll.ImmAssociateContext",
- "mso.dll.#806",
- "mso.dll.#4908",
- "user32.dll.SetRect",
- "mso.dll.#8439",
- "mso.dll.#2736",
- "gdi32.dll.GetTextAlign",
- "gdi32.dll.ExtTextOutW",
- "mso.dll.#8122",
- "mso.dll.#2114",
- "mso.dll.#6558",
- "gdi32.dll.GetFontData",
- "usp10.dll.ScriptItemizeOpenType",
- "usp10.dll.ScriptShapeOpenType",
- "usp10.dll.ScriptPlaceOpenType",
- "mso.dll.#8395",
- "mso.dll.#379",
- "mso.dll.#6338",
- "mso.dll.#7964",
- "mso.dll.#1437",
- "mso.dll.#1427",
- "mso.dll.#6137",
- "winmm.dll.timeGetTime",
- "mso.dll.#5940",
- "usp10.dll.ScriptPlace",
- "usp10.dll.ScriptShape",
- "usp10.dll.ScriptJustify",
- "usp10.dll.ScriptTextOut",
- "usp10.dll.ScriptCPtoX",
- "usp10.dll.ScriptXtoCP",
- "usp10.dll.ScriptFreeCache",
- "usp10.dll.ScriptCacheGetHeight",
- "usp10.dll.ScriptLayout",
- "usp10.dll.ScriptBreak",
- "usp10.dll.ScriptIsComplex",
- "usp10.dll.ScriptGetLogicalWidths",
- "usp10.dll.ScriptApplyLogicalWidth",
- "usp10.dll.ScriptGetGlyphABCWidth",
- "usp10.dll.ScriptGetFontProperties",
- "usp10.dll.ScriptApplyDigitSubstitution",
- "usp10.dll.ScriptRecordDigitSubstitution",
- "usp10.dll.ScriptGetFontAlternateGlyphs",
- "mso.dll.#7578",
- "mso.dll.#8483",
- "mso.dll.#2613",
- "gdi32.dll.GdiIsMetaPrintDC",
- "mso.dll.#7848",
- "user32.dll.GetForegroundWindow",
- "user32.dll.GetFocus",
- "user32.dll.GetClassNameA",
- "user32.dll.IsWindowRedirectedForPrint",
- "gdi32.dll.CreateRectRgnIndirect",
- "user32.dll.GetUpdateRgn",
- "gdi32.dll.GetRgnBox",
- "user32.dll.ValidateRect",
- "user32.dll.GetUpdateRect",
- "user32.dll.BeginPaint",
- "user32.dll.EndPaint",
- "mso.dll.#3624",
- "msptls.dll.?LsPointXYFromPointUV@Ptls6@@YGJPBUtagLSPOINT@1@KPBUtagLSPOINTUV@1@PAU21@@Z",
- "msptls.dll.?LsDisplayLine@Ptls6@@YGJPAVCLsLine@1@PBUtagLSPOINT@1@IPBUtagLSRECT@1@@Z",
- "mso.dll.#6247",
- "gdi32.dll.TranslateCharsetInfo",
- "mso.dll.#3300",
- "mso.dll.#7465",
- "gdi32.dll.SetWindowOrgEx",
- "mso.dll.#732",
- "mso.dll.#5804",
- "mso.dll.#9465",
- "mso.dll.#4746",
- "user32.dll.IsWindow",
- "ole32.dll.CoCreateInstance",
- "user32.dll.ScreenToClient",
- "mso.dll.#434",
- "user32.dll.GetMessageExtraInfo",
- "user32.dll.GetCursorInfo",
- "user32.dll.GetCapture",
- "user32.dll.TrackMouseEvent",
- "user32.dll.GetInputState",
- "mso.dll.#8461",
- "user32.dll.SendNotifyMessageW",
- "user32.dll.GetClipboardOwner",
- "mso.dll.#1422",
- "user32.dll.MsgWaitForMultipleObjectsEx",
- "advapi32.dll.NotifyServiceStatusChangeW",
- "advapi32.dll.ConvertSidToStringSidW",
- "msi.dll.DllGetVersion",
- "msi.dll.#111",
- "mso.dll.#8202",
- "mso.dll.#5360",
- "mso.dll.#8574",
- "msi.dll.#39",
- "mso.dll.#8318",
- "mso.dll.#1283",
- "mso.dll.#8705",
- "mso.dll.#9685",
- "mso.dll.#3579",
- "mso.dll.#8747",
- "mso.dll.#2880",
- "mso.dll.#7615",
- "mso.dll.#4219",
- "mso.dll.#3244",
- "mso.dll.#408",
- "mso.dll.#2714",
- "mso.dll.#8622",
- "mso.dll.#3380",
- "mso.dll.#2566",
- "mso.dll.#1429",
- "mso.dll.#6502",
- "mso.dll.#2968",
- "mso.dll.#709",
- "mso.dll.#5913",
- "mso.dll.#8051",
- "mso.dll.#6505",
- "mso.dll.#7009",
- "mso.dll.#3901",
- "mso.dll.#6429",
- "mso.dll.#5667",
- "mso.dll.#86",
- "mso.dll.#2052",
- "mso.dll.#7778",
- "mso.dll.#5127",
- "mso.dll.#7590",
- "mso.dll.#2687",
- "mso.dll.#8060",
- "mso.dll.#5925",
- "advapi32.dll.CryptAcquireContextA",
- "advapi32.dll.CryptGenKey",
- "cryptsp.dll.CryptGenKey",
- "advapi32.dll.CryptImportKey",
- "cryptsp.dll.CryptImportKey",
- "advapi32.dll.CryptExportKey",
- "cryptsp.dll.CryptExportKey",
- "advapi32.dll.CryptDestroyKey",
- "mso.dll.#3638",
- "mso.dll.#3258",
- "mso.dll.#7974",
- "mso.dll.#2609",
- "mso.dll.#3500",
- "mso.dll.#3347",
- "mso.dll.#1905",
- "mso.dll.#2812",
- "mso.dll.#4416",
- "mso.dll.#4008",
- "mso.dll.#7366",
- "mso.dll.#7546",
- "mso.dll.#1406",
- "mso.dll.#4926",
- "user32.dll.GetScrollPos",
- "mso.dll.#629",
- "mso.dll.#676",
- "mso.dll.#8644",
- "mso.dll.#3141",
- "mso.dll.#8472",
- "mso.dll.#2281",
- "mso.dll.#2628",
- "mso.dll.#3425",
- "mso.dll.#5291",
- "mso.dll.#1718",
- "mso.dll.#4777",
- "advapi32.dll.CryptCreateHash",
- "advapi32.dll.CryptSetHashParam",
- "advapi32.dll.CryptHashData",
- "advapi32.dll.CryptGetHashParam",
- "cryptsp.dll.CryptGetHashParam",
- "advapi32.dll.CryptDestroyHash",
- "msi.dll.#90",
- "kernel32.dll.FlsAlloc",
- "kernel32.dll.FlsGetValue",
- "kernel32.dll.FlsSetValue",
- "kernel32.dll.FlsFree",
- "ieawsdc.dll.HrExtractTemplateToPath",
- "mso.dll.#8837",
- "crypt32.dll.CryptQueryObject",
- "wintrust.dll.CryptSIPPutSignedDataMsg",
- "wintrust.dll.CryptSIPGetSignedDataMsg",
- "cryptsp.dll.CryptGetDefaultProviderW",
- "cryptsp.dll.CryptAcquireContextW",
- "crypt32.dll.CertEnumCertificatesInStore",
- "crypt32.dll.CryptVerifyCertificateSignatureEx",
- "cryptsp.dll.CryptReleaseContext",
- "wintrust.dll.WinVerifyTrust",
- "wintrust.dll.WintrustCertificateTrust",
- "wintrust.dll.SoftpubAuthenticode",
- "wintrust.dll.SoftpubInitialize",
- "wintrust.dll.SoftpubLoadMessage",
- "wintrust.dll.SoftpubLoadSignature",
- "wintrust.dll.SoftpubCheckCert",
- "wintrust.dll.SoftpubCleanup",
- "wintrust.dll.CryptSIPVerifyIndirectData",
- "advapi32.dll.RegDeleteValueW",
- "mso.dll.#1455",
- "user32.dll.GetAncestor",
- "user32.dll.GetDesktopWindow",
- "user32.dll.LoadImageW",
- "user32.dll.CreateWindowExW",
- "comctl32.dll.HIMAGELIST_QueryInterface",
- "comctl32.dll.DrawShadowText",
- "comctl32.dll.DrawSizeBox",
- "comctl32.dll.DrawScrollBar",
- "comctl32.dll.SizeBoxHwnd",
- "comctl32.dll.ScrollBar_MouseMove",
- "comctl32.dll.ScrollBar_Menu",
- "comctl32.dll.HandleScrollCmd",
- "comctl32.dll.DetachScrollBars",
- "comctl32.dll.AttachScrollBars",
- "comctl32.dll.CCSetScrollInfo",
- "comctl32.dll.CCGetScrollInfo",
- "comctl32.dll.CCEnableScrollBar",
- "comctl32.dll.QuerySystemGestureStatus",
- "uxtheme.dll.#49",
- "uxtheme.dll.CloseThemeData",
- "user32.dll.EnableScrollBar",
- "user32.dll.ShowScrollBar",
- "user32.dll.ShowWindow",
- "user32.dll.SetParent",
- "user32.dll.KillTimer",
- "user32.dll.ClientToScreen",
- "user32.dll.MoveWindow",
- "user32.dll.DestroyWindow",
- "gdi32.dll.GetViewportExtEx",
- "gdi32.dll.GetWindowExtEx",
- "gdi32.dll.GetTextCharset",
- "gdi32.dll.GetMapMode",
- "gdi32.dll.GetLayout",
- "oleaut32.dll.SysAllocString",
- "oleaut32.dll.SysStringLen",
- "oleaut32.dll.SysAllocStringLen",
- "oleaut32.dll.SysFreeString",
- "uxtheme.dll.GetThemePartSize",
- "user32.dll.SetFocus",
- "user32.dll.GetMessageW",
- "user32.dll.WindowFromPoint",
- "user32.dll.FindWindowExW",
- "gdi32.dll.SelectClipRgn",
- "gdi32.dll.IntersectClipRect",
- "gdi32.dll.SetTextColor",
- "gdi32.dll.SetBkMode",
- "gdi32.dll.SetTextAlign",
- "gdi32.dll.GetClipRgn",
- "gdi32.dll.ExtSelectClipRgn",
- "gdi32.dll.GetTextColor",
- "uxtheme.dll.DrawThemeBackground",
- "gdi32.dll.ExcludeClipRect",
- "user32.dll.WaitMessage",
- "wininet.dll.InternetGetConnectedState",
- "rasapi32.dll.RasConnectionNotificationW",
- "sechost.dll.NotifyServiceStatusChangeA",
- "gdi32.dll.GdiFlush",
- "osppcext.dll.SLActivateProduct",
- "osppcext.dll.SLGetTokenActivationGrants",
- "osppcext.dll.SLGetTokenActivationCertificates",
- "osppcext.dll.SLGenerateTokenActivationChallenge",
- "osppcext.dll.SLSignTokenActivationChallenge",
- "osppcext.dll.SLDepositTokenActivationResponse",
- "osppcext.dll.SLFreeTokenActivationGrants",
- "osppcext.dll.SLFreeTokenActivationCertificates",
- "user32.dll.GetWindowDC",
- "gdi32.dll.SetLayout",
- "gdi32.dll.RectVisible",
- "user32.dll.IsClipboardFormatAvailable",
- "uiautomationcore.dll.UiaClientsAreListening",
- "mso.dll.#8662",
- "user32.dll.GetActiveWindow",
- "mso.dll.#3544",
- "mso.dll.#900",
- "user32.dll.GetClassNameW",
- "mso.dll.#5070",
- "mso.dll.#6899",
- "mso.dll.#424",
- "mso.dll.#1885",
- "mso.dll.#832",
- "mso.dll.#3702",
- "mso.dll.#3484",
- "mso.dll.#1966",
- "mso.dll.#6960",
- "mso.dll.#7892",
- "advapi32.dll.SaferiSearchMatchingHashRules",
- "wintrust.dll.WTHelperProvDataFromStateData",
- "wintrust.dll.WTHelperGetProvSignerFromChain",
- "crypt32.dll.CertCloseStore",
- "mso.dll.#7531",
- "advapi32.dll.CryptReleaseContext",
- "mso.dll.#7931",
- "mso.dll.#3837",
- "mso.dll.#8398",
- "cabinet.dll.#23",
- "user32.dll.SetCursor",
- "user32.dll.GetMessagePos",
- "mso.dll.#2477",
- "msproof7.dll.DllGetClassObject",
- "msproof7.dll.DllCanUnloadNow",
- "mso.dll.#4172",
- "mso.dll.#1439",
- "mso.dll.#9566",
- "mso.dll.#111",
- "mso.dll.#4191",
- "mso.dll.#3802",
- "mso.dll.#6982",
- "mso.dll.#8800",
- "mso.dll.#3572",
- "mso.dll.#167",
- "mso.dll.#5737",
- "mso.dll.#590",
- "mso.dll.#3758",
- "msgr3en.dll.CheckVersion",
- "msgr3en.dll.#29",
- "msgr3en.dll.#30",
- "msgr3en.dll.#31",
- "msgr3en.dll.#32",
- "msgr3en.dll.#33",
- "msgr3en.dll.#34",
- "msgr3en.dll.#35",
- "msgr3en.dll.#45",
- "msgr3en.dll.#46",
- "msgr3en.dll.#47",
- "msgr3en.dll.#48",
- "msgr3en.dll.#51",
- "msgr3en.dll.#50",
- "msgr3en.dll.#49",
- "msgr3en.dll.#43",
- "msgr3en.dll.#41",
- "msgr3en.dll.#42",
- "msgr3en.dll.#44",
- "msgr3en.dll.#39",
- "msgr3en.dll.#40",
- "msgr3en.dll.#36",
- "msgr3en.dll.#38",
- "msgr3en.dll.#37",
- "msgr3en.dll.#56",
- "msgr3en.dll.#52",
- "msgr3en.dll.#53",
- "msgr3en.dll.#57",
- "msgr3en.dll.#58",
- "msgr3en.dll.#59",
- "user32.dll.LoadStringA",
- "mso.dll.#2561",
- "mso.dll.#1266",
- "gdi32.dll.GetStockObject",
- "mso.dll.#6501",
- "riched20.dll.REMSOHInst",
- "mso.dll.#511",
- "mso.dll.#8118",
- "gdi32.dll.GetGlyphIndicesW",
- "mso.dll.#844",
- "mso.dll.#1414",
- "mso.dll.#7651",
- "mso.dll.#5071",
- "mso.dll.#2802",
- "advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
- "mso.dll.#4111",
- "mso.dll.#2386",
- "advapi32.dll.RegisterEventSourceW",
- "advapi32.dll.ReportEventW",
- "advapi32.dll.DeregisterEventSource",
- "mso.dll.#816",
- "mso.dll.#2620",
- "shell32.dll.SHGetKnownFolderPath",
- "mso.dll.#9748",
- "mso.dll.#3496",
- "mso.dll.#2901",
- "mso.dll.#7830",
- "mso.dll.#5396",
- "mso.dll.#6895",
- "mso.dll.#8986",
- "mso.dll.#7945",
- "mso.dll.#988",
- "mso.dll.#5177",
- "mso.dll.#3334",
- "mso.dll.#7320",
- "mso.dll.#9639",
- "mso.dll.#9436",
- "mso.dll.#5541",
- "advapi32.dll.GetFileSecurityW",
- "advapi32.dll.SetFileSecurityW",
- "advapi32.dll.GetSecurityInfo",
- "advapi32.dll.SetSecurityInfo",
- "advapi32.dll.GetSecurityDescriptorControl",
- "mso.dll.#2955",
- "mso.dll.#1914",
- "mso.dll.#1401",
- "mso.dll.#5919",
- "mso.dll.#4597",
- "mso.dll.#7189",
- "mso.dll.#2738",
- "mso.dll.#8691",
- "mso.dll.#6079",
- "mso.dll.#7167",
- "mso.dll.#333",
- "mso.dll.#1785",
- "mso.dll.#8693",
- "user32.dll.RemovePropW",
- "mso.dll.#5973",
- "mso.dll.#2014",
- "mso.dll.#9668",
- "mso.dll.#2294",
- "advapi32.dll.RegDeleteKeyW",
- "mso.dll.#235",
- "mso.dll.#9398",
- "mso.dll.#1442",
- "mso.dll.#4388",
- "mso.dll.#8022",
- "mso.dll.#6889",
- "gdi32.dll.GetTextExtentPointA",
- "user32.dll.MessageBeep",
- "user32.dll.DialogBoxIndirectParamW",
- "comctl32.dll.RegisterClassNameW",
- "uxtheme.dll.EnableThemeDialogTexture",
- "uxtheme.dll.GetThemeBool",
- "user32.dll.GetDlgItem",
- "mso.dll.#6900",
- "user32.dll.CallNextHookEx",
- "uxtheme.dll.BufferedPaintInit",
- "uxtheme.dll.BufferedPaintRenderAnimation",
- "uxtheme.dll.GetThemeTransitionDuration",
- "uxtheme.dll.BeginBufferedAnimation",
- "uxtheme.dll.IsThemeBackgroundPartiallyTransparent",
- "uxtheme.dll.DrawThemeParentBackground",
- "uxtheme.dll.GetThemeBackgroundContentRect",
- "uxtheme.dll.DrawThemeText",
- "uxtheme.dll.EndBufferedAnimation",
- "user32.dll.GetDlgCtrlID",
- "advapi32.dll.RegDeleteTreeW",
- "xmllite.dll.CreateXmlReader",
- "user32.dll.IsDlgButtonChecked",
- "user32.dll.EndDialog",
- "uxtheme.dll.BufferedPaintStopAllAnimations",
- "uxtheme.dll.BufferedPaintUnInit",
- "user32.dll.UnhookWindowsHookEx",
- "user32.dll.SetActiveWindow",
- "mso.dll.#3144",
- "mso.dll.#1213",
- "mso.dll.#4220",
- "mso.dll.#3214",
- "mso.dll.#6521",
- "mso.dll.#6489",
- "mso.dll.#613",
- "mso.dll.#1541",
- "mso.dll.#4702",
- "mso.dll.#6344",
- "mso.dll.#9099",
- "mso.dll.#8320",
- "mso.dll.#7770",
- "mso.dll.#6216",
- "gdi32.dll.CombineRgn",
- "user32.dll.CopyRect",
- "gdi32.dll.SetStretchBltMode",
- "user32.dll.UpdateLayeredWindow",
- "mso.dll.#1003",
- "mso.dll.#978",
- "mso.dll.#8172",
- "mso.dll.#9663",
- "mso.dll.#7165",
- "mso.dll.#9693",
- "user32.dll.EnumThreadWindows",
- "user32.dll.EnumWindows",
- "user32.dll.GetLastInputInfo",
- "ws2_32.dll.#116"
- ]
- [*] Static Analysis: {}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement