maktub | 0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94

Resubmissions

18/04/2024, 11:18 UTC

240418-ned1xsbd66 10

18/04/2024, 11:18 UTC

240418-nea92abd64 10

18/04/2024, 11:18 UTC

240418-neay9scf7z 10

18/04/2024, 11:18 UTC

240418-neacqscf7y 7

18/04/2024, 11:18 UTC

240418-nd92zacf7x 7

18/04/2024, 09:59 UTC

240418-lz5chaba8t 7

Analysis

max time kernel
1797s
max time network
1598s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
18/04/2024, 11:18 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe
Size

371KB
MD5

eafe645b56c3f5cb746fb5f8504f6035
SHA1

f539987de9fe59bff20483ac7a124afafc27036b
SHA256

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94
SHA512

61af2cfa960a72b66d54d0ee121acb5c54d455b05eb85fb2d7df2958d3134d348c87a5aef2aa46319532407f7ebf01eaedfb8dd889bb0f67ce5edc067445e806
SSDEEP

6144:hnzQnu/cmM1oSigOQT2F8U92Iu7DMVQZhWLv3RXdYX9ji+uhi2PsrhY:dzQnkM1oSiBGI8bxn5W6i+uo20tY

Score

10^/10

maktub ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{b2b93620-3dc4-41a5-b7a7-74475e011916}\_DECRYPT_INFO_iibibi.html

Ransom Note

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>  <html xmlns='http://www.w3.org/1999/xhtml'> <head> <meta http-equiv='Content-Type' content='text/html; charset=UTF-8' /> <title>iibibi decrypt</title> <style type='text/css'>  </style> <script type='text/javascript'> function init() { var xtime; document.getElementById('fe_text').innerHTML = '00:00:00'; var language = window.navigator.userLanguage || window.navigator.language; if (language.indexOf('-') !== -1) language = language.split('-')[0]; if (language.indexOf('_') !== -1) language = language.split('_')[0]; change_lang(language); var ua = window.navigator.userAgent; var msie = ua.indexOf('MSIE '); xtime = Math.floor( (1713440863+(12*60*60)) - (Date.now()/1000)); if (msie == 0) window.setTimeout('update_timestamp('+xtime+')',1000); else update_timestamp(xtime); } function component(x, y, z) { var res if (z == 1) res = Math.floor(x / y); else res = Math.floor(x / y) % z; if (res < 10) res = '0'+res; return res; } function update_timestamp(tstamp) { if (tstamp < 1) { document.getElementById('fe_text').innerHTML = '00:00:00'; } else { var hours = component(tstamp, 60*60, 1), minutes = component(tstamp, 60, 60), seconds = component(tstamp, 1, 60); document.getElementById('fe_text').innerHTML = hours+':'+minutes+':'+seconds; tstamp-=1; window.setTimeout('update_timestamp('+tstamp+')',1000); } } function change_lang(lang) { if (lang == "de") show_de(); else if (lang == "es") show_es(); else if (lang == "fr") show_fr(); else if (lang == "it") show_it(); else if (lang == "nl") show_nl(); else show_en(); } function show_en() { document.getElementById('text_01').innerHTML = 'WARNING!'; document.getElementById('text_02').innerHTML = 'Your personal files are encrypted.'; document.getElementById('text_03').innerHTML = 'Your documents, photos, databases and other important files have been encrypted with strongest encryption and unique key, generated for this computer. Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key. The server will eliminate the key after a time period specified in this window.'; document.getElementById('text_09').innerHTML = 'Download TOR Browser from'; document.getElementById('text_10').innerHTML = 'In the Tor Browser open the'; document.getElementById('text_11').innerHTML = '(Note that this server is available via Tor Browser only. Retry in 1 hour if site is not reachable).'; document.getElementById('text_12').innerHTML = 'Write in the following public key in the input from on server:'; } function show_de() { document.getElementById('text_01').innerHTML = 'WARNUNG!'; document.getElementById('text_02').innerHTML = 'Ihre persönlichen Dateien sind verschlüsselt!'; document.getElementById('text_03').innerHTML = 'Ihre Dokumente, Fotos, Datenbanken und andere wichtige Dateien wurden mit der stärkste Verschlüsselung und einem einzigartigen Schlüssel verschlüsselt, der für diesen Computer generiert wurde. Der Dechiffrierschlüssel ist auf einem geheimen Internet-Server gespeichert und niemand kann Ihre Dateien entschlüsseln, bis Sie bezahlen und den privaten Schlüssel erhalten. Der Server wird den Schlüssel nach einer bestimmten Zeit löschen, die in diesem Fenster angezeigt wird.'; document.getElementById('text_09').innerHTML = 'Laden Sie TOR-Browser von'; document.getElementById('text_10').innerHTML = 'Im Tor-Browser öffnen Sie'; document.getElementById('text_11').innerHTML = '(Beachten Sie, dass dieser Server nur über den Tor-Browser verfügbar ist. Wiederholen Sie den Vorgang nach 1 Stunde, wenn die Website nicht erreichbar ist).'; document.getElementById('text_12').innerHTML = 'Schreiben Sie den folgenden öffentlichen Schlüssel in die Eingabemaske auf dem Server:'; } function show_es() { document.getElementById('text_01').innerHTML = '¡PELIGRO!'; document.getElementById('text_02').innerHTML = '¡Tus archivos personales han sido encriptados!'; document.getElementById('text_03').innerHTML = 'Tus documentos, fotos, bases de datos y otros archivos importantes han sido encriptados con una encriptación extremadamente fuerte y una clave única, generada para este computador. La clave de desencriptación privada está almacenada en un servidor de internet secreto. El servidor eliminará la clave luego del tiempo especificado en esta ventana.'; document.getElementById('text_09').innerHTML = 'Descarga el navegador TOR desde'; document.getElementById('text_10').innerHTML = 'En el navegador TOR abre'; document.getElementById('text_11').innerHTML = '(Nota que este servidor solo es accesible desde el navegador TOR. Intenta nuevamente en 1 hora si no puedes acceder).'; document.getElementById('text_12').innerHTML = 'Escribe la siguiente clave publica en la forma de ingreso del servidor:'; } function show_fr() { document.getElementById('text_01').innerHTML = 'ATTENTION!'; document.getElementById('text_02').innerHTML = 'Vos fichiers personnels ont été cryptés !'; document.getElementById('text_03').innerHTML = 'Vos documents, photos, bases de données, et autres fichiers importants ont été cryptées avec le meilleur processus de cryptage et une clé unique générée pour cet ordinateur. La clé privée de cryptage est accessible sur un serveur Internet secret et personne ne peut décrypter vos fichiers à moins que vous ne payiez et obtenez cette clé. Le serveur éliminera la clé après le compte à rebours affiché sur cette fenêtre.'; document.getElementById('text_09').innerHTML = 'Télécharger le navigateur TOR de'; document.getElementById('text_10').innerHTML = 'Dans le navigateur, ouvrez '; document.getElementById('text_11').innerHTML = '(Veuillez noter que ce serveur est disponible via le navigateur Tor uniquement. Réessayez dans 1 heure si le site n’est pas accessible).'; document.getElementById('text_12').innerHTML = 'Ecrivez les clés publiques suivantes sur le portail d’entrée du serveur :'; } function show_it() { document.getElementById('text_01').innerHTML = 'ATTENZIONE!'; document.getElementById('text_02').innerHTML = 'I tuoi file personali sono criptati!'; document.getElementById('text_03').innerHTML = 'I tuoi documenti, le tue foto, database e altri file importanti sono stati criptati con forte codificazione ed una chiave unica, generata appositamente per questo computer. La chiave segreta di decriptazione è conservata su un server Internet segreto e nessuno può decriptare i tuoi file finché non paghi per ottenere la chiave. Il server eliminerà la chiave dopo il tempo indicato in questa finestra.'; document.getElementById('text_09').innerHTML = 'Scarica il Browser TOR da'; document.getElementById('text_10').innerHTML = 'Nel Browser TOR apri il link'; document.getElementById('text_11').innerHTML = '(Nota che questo server è disponibile solo tramite il Browser TOR. Riprova tra un’ora se il sito non è raggiungibile).'; document.getElementById('text_12').innerHTML = 'Scrivi la seguente chiave pubblica nel modulo di input sul server:'; } function show_nl() { document.getElementById('text_01').innerHTML = 'WAARSCHUWING!'; document.getElementById('text_02').innerHTML = 'Uw persoonlijke bestanden zijn gecodeerd!'; document.getElementById('text_03').innerHTML = 'Uw documenten, foto’s, databases en andere belangrijke bestanden zijn gecodeerd met de sterkste encryptie en een unieke sleutel, gegenereerd voor deze computer. De persoonlijke decoderingssleutel is te vinden op een geheime Internet server en niemand kan uw bestanden decoderen totdat u betaalt en de persoonlijke sleutel heeft. De server zal de sleutel elimineren na de tijdsperiode genoemd in dit venster.'; document.getElementById('text_09').innerHTML = 'Download de TOR Browser van'; document.getElementById('text_10').innerHTML = 'In de Tor Browser, open'; document.getElementById('text_11').innerHTML = '(Let op dat deze server alleen via de Tor Browser te bereiken is. Probeer het na een uur weer als de site niet werkt).'; document.getElementById('text_12').innerHTML = 'Schrijf in de volgende openbare sleutel in het invoerformulier op de server:'; } //var language = window.navigator.userLanguage || window.navigator.language; //alert(language); </script> </head> <body onload='init();'> <div align='center'> <table width='700' height='100%' border='0' cellpadding='0' cellspacing='0' bgcolor='#000000'> <tr> <td width='225' align='left'><img src='file:///C:/Users/Admin/AppData/Local/Temp/iibibi.gif' width='225' height='221' /></td> <td width='415' valign='top'><div align='center' class='style1' id='text_01'>WARNING!</div><br /> <div align='center' id='text_02'>Your personal files are encrypted.<br /> <br /> <br /> </div> <div align='center' class='style3' id='fe_text'></div></p> <div class="styled-select" align='center'> <select id ="ddl" name="ddl" onmousedown="this.value='';" onchange="change_lang(this.value);"> <option selected disabled value="" style="display:none;">Select language</option> <option value='en'>   ENGLISH</option> <option value='de'>   GERMAN</option> <option value='es'>   SPANISH</option> <option value='fr'>   FRENCH</option> <option value='it'>   ITALIAN</option> <option value='nl'>   DUTCH</option> </select> </div> </td> </tr> <tr> <td colspan='2' align='center'><table width='97%' border='0' cellpadding='0' cellspacing='0'> <tr> <td colspan='2' align='left'> <br /> <div id='text_03'>Your documents, photos, databases and other important files have been encrypted with strongest encryption and unique key, generated for this computer. Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key. The server will eliminate the key after a time period specified in this window.</div><br /> <br /> </td> </tr> <tr> <td colspan='2' align='left'> 1) <span id='text_09'>Download TOR Browser from</span> <a href='http://torproject.org' class='style4'>http://torproject.org</a><br /> 2) <span id='text_10'>In the Tor Browser open the</span> <span class='style6'>http://maktubmvgn22y2ns.onion</span><br /><br /> <span id='text_11'>(Note that this server is available via Tor Browser only. Retry in 1 hour if site is not reachable).</span><br /> <br /> <span class='style5' id='text_12'>Write in the following public key in the input from on server:</span><br /><br /> <div align='center'><textarea class='style7'> 4MUZQ-RCTUF-5FDK4-8Z1TJ-WF7B5-K706U-2U70Z-2S63J-8D4JD-434E1-EX1Z2-XUT6P-VGNUC-MTFC7 JP0EZ-YG2DD-A0CWC-MPCZ4-7HEF3-DE2D1-VPFYB-GAN81-C38WW-GEKSX-0VFKH-RNURK-ZENKG-W1QCV ZGNVW-MJHZK-1KVTA-GR1V4-X434Z-Z66BY-EGX8U-217K8-A4Q7X-JT7EW-Q0SZT-VUY85-EV3YR-ENM7Y AG547-JV2NB-M7A4T-H744G-0V5A3-SB377-6KT4B-JU7F0-YV8QK-W2XZ7-8QFMH-3N534-66PDX-2C2MD NGP1P-R1GV5-EX3HW-Z78KW-52TXY-RYBY7-8WKMF-5JA5G-2J7ZJ-W3JTC-ZXATQ-B0F5Q-UG546-H8C37 YUTXU-C0QPX-AETN5-MVKES-ZNF0N-B83ET-JWR8G-EA4RV-33QFX-P7QH7-MR6HJ-PC2BA </textarea> <br /> </div> <br /> <br /> <br /> </div> </td> </tr> </table></td> </tr> </table> </div> </body> </html>

URLs

http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>

http-equiv='Content-Type

Extracted

Path

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\_DECRYPT_INFO_iibibi.html

Ransom Note

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>  <html xmlns='http://www.w3.org/1999/xhtml'> <head> <meta http-equiv='Content-Type' content='text/html; charset=UTF-8' /> <title>iibibi decrypt</title> <style type='text/css'>  </style> <script type='text/javascript'> function init() { var xtime; document.getElementById('fe_text').innerHTML = '00:00:00'; var language = window.navigator.userLanguage || window.navigator.language; if (language.indexOf('-') !== -1) language = language.split('-')[0]; if (language.indexOf('_') !== -1) language = language.split('_')[0]; change_lang(language); var ua = window.navigator.userAgent; var msie = ua.indexOf('MSIE '); xtime = Math.floor( (1713440868+(12*60*60)) - (Date.now()/1000)); if (msie == 0) window.setTimeout('update_timestamp('+xtime+')',1000); else update_timestamp(xtime); } function component(x, y, z) { var res if (z == 1) res = Math.floor(x / y); else res = Math.floor(x / y) % z; if (res < 10) res = '0'+res; return res; } function update_timestamp(tstamp) { if (tstamp < 1) { document.getElementById('fe_text').innerHTML = '00:00:00'; } else { var hours = component(tstamp, 60*60, 1), minutes = component(tstamp, 60, 60), seconds = component(tstamp, 1, 60); document.getElementById('fe_text').innerHTML = hours+':'+minutes+':'+seconds; tstamp-=1; window.setTimeout('update_timestamp('+tstamp+')',1000); } } function change_lang(lang) { if (lang == "de") show_de(); else if (lang == "es") show_es(); else if (lang == "fr") show_fr(); else if (lang == "it") show_it(); else if (lang == "nl") show_nl(); else show_en(); } function show_en() { document.getElementById('text_01').innerHTML = 'WARNING!'; document.getElementById('text_02').innerHTML = 'Your personal files are encrypted.'; document.getElementById('text_03').innerHTML = 'Your documents, photos, databases and other important files have been encrypted with strongest encryption and unique key, generated for this computer. Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key. The server will eliminate the key after a time period specified in this window.'; document.getElementById('text_09').innerHTML = 'Download TOR Browser from'; document.getElementById('text_10').innerHTML = 'In the Tor Browser open the'; document.getElementById('text_11').innerHTML = '(Note that this server is available via Tor Browser only. Retry in 1 hour if site is not reachable).'; document.getElementById('text_12').innerHTML = 'Write in the following public key in the input from on server:'; } function show_de() { document.getElementById('text_01').innerHTML = 'WARNUNG!'; document.getElementById('text_02').innerHTML = 'Ihre persönlichen Dateien sind verschlüsselt!'; document.getElementById('text_03').innerHTML = 'Ihre Dokumente, Fotos, Datenbanken und andere wichtige Dateien wurden mit der stärkste Verschlüsselung und einem einzigartigen Schlüssel verschlüsselt, der für diesen Computer generiert wurde. Der Dechiffrierschlüssel ist auf einem geheimen Internet-Server gespeichert und niemand kann Ihre Dateien entschlüsseln, bis Sie bezahlen und den privaten Schlüssel erhalten. Der Server wird den Schlüssel nach einer bestimmten Zeit löschen, die in diesem Fenster angezeigt wird.'; document.getElementById('text_09').innerHTML = 'Laden Sie TOR-Browser von'; document.getElementById('text_10').innerHTML = 'Im Tor-Browser öffnen Sie'; document.getElementById('text_11').innerHTML = '(Beachten Sie, dass dieser Server nur über den Tor-Browser verfügbar ist. Wiederholen Sie den Vorgang nach 1 Stunde, wenn die Website nicht erreichbar ist).'; document.getElementById('text_12').innerHTML = 'Schreiben Sie den folgenden öffentlichen Schlüssel in die Eingabemaske auf dem Server:'; } function show_es() { document.getElementById('text_01').innerHTML = '¡PELIGRO!'; document.getElementById('text_02').innerHTML = '¡Tus archivos personales han sido encriptados!'; document.getElementById('text_03').innerHTML = 'Tus documentos, fotos, bases de datos y otros archivos importantes han sido encriptados con una encriptación extremadamente fuerte y una clave única, generada para este computador. La clave de desencriptación privada está almacenada en un servidor de internet secreto. El servidor eliminará la clave luego del tiempo especificado en esta ventana.'; document.getElementById('text_09').innerHTML = 'Descarga el navegador TOR desde'; document.getElementById('text_10').innerHTML = 'En el navegador TOR abre'; document.getElementById('text_11').innerHTML = '(Nota que este servidor solo es accesible desde el navegador TOR. Intenta nuevamente en 1 hora si no puedes acceder).'; document.getElementById('text_12').innerHTML = 'Escribe la siguiente clave publica en la forma de ingreso del servidor:'; } function show_fr() { document.getElementById('text_01').innerHTML = 'ATTENTION!'; document.getElementById('text_02').innerHTML = 'Vos fichiers personnels ont été cryptés !'; document.getElementById('text_03').innerHTML = 'Vos documents, photos, bases de données, et autres fichiers importants ont été cryptées avec le meilleur processus de cryptage et une clé unique générée pour cet ordinateur. La clé privée de cryptage est accessible sur un serveur Internet secret et personne ne peut décrypter vos fichiers à moins que vous ne payiez et obtenez cette clé. Le serveur éliminera la clé après le compte à rebours affiché sur cette fenêtre.'; document.getElementById('text_09').innerHTML = 'Télécharger le navigateur TOR de'; document.getElementById('text_10').innerHTML = 'Dans le navigateur, ouvrez '; document.getElementById('text_11').innerHTML = '(Veuillez noter que ce serveur est disponible via le navigateur Tor uniquement. Réessayez dans 1 heure si le site n’est pas accessible).'; document.getElementById('text_12').innerHTML = 'Ecrivez les clés publiques suivantes sur le portail d’entrée du serveur :'; } function show_it() { document.getElementById('text_01').innerHTML = 'ATTENZIONE!'; document.getElementById('text_02').innerHTML = 'I tuoi file personali sono criptati!'; document.getElementById('text_03').innerHTML = 'I tuoi documenti, le tue foto, database e altri file importanti sono stati criptati con forte codificazione ed una chiave unica, generata appositamente per questo computer. La chiave segreta di decriptazione è conservata su un server Internet segreto e nessuno può decriptare i tuoi file finché non paghi per ottenere la chiave. Il server eliminerà la chiave dopo il tempo indicato in questa finestra.'; document.getElementById('text_09').innerHTML = 'Scarica il Browser TOR da'; document.getElementById('text_10').innerHTML = 'Nel Browser TOR apri il link'; document.getElementById('text_11').innerHTML = '(Nota che questo server è disponibile solo tramite il Browser TOR. Riprova tra un’ora se il sito non è raggiungibile).'; document.getElementById('text_12').innerHTML = 'Scrivi la seguente chiave pubblica nel modulo di input sul server:'; } function show_nl() { document.getElementById('text_01').innerHTML = 'WAARSCHUWING!'; document.getElementById('text_02').innerHTML = 'Uw persoonlijke bestanden zijn gecodeerd!'; document.getElementById('text_03').innerHTML = 'Uw documenten, foto’s, databases en andere belangrijke bestanden zijn gecodeerd met de sterkste encryptie en een unieke sleutel, gegenereerd voor deze computer. De persoonlijke decoderingssleutel is te vinden op een geheime Internet server en niemand kan uw bestanden decoderen totdat u betaalt en de persoonlijke sleutel heeft. De server zal de sleutel elimineren na de tijdsperiode genoemd in dit venster.'; document.getElementById('text_09').innerHTML = 'Download de TOR Browser van'; document.getElementById('text_10').innerHTML = 'In de Tor Browser, open'; document.getElementById('text_11').innerHTML = '(Let op dat deze server alleen via de Tor Browser te bereiken is. Probeer het na een uur weer als de site niet werkt).'; document.getElementById('text_12').innerHTML = 'Schrijf in de volgende openbare sleutel in het invoerformulier op de server:'; } //var language = window.navigator.userLanguage || window.navigator.language; //alert(language); </script> </head> <body onload='init();'> <div align='center'> <table width='700' height='100%' border='0' cellpadding='0' cellspacing='0' bgcolor='#000000'> <tr> <td width='225' align='left'><img src='file:///C:/Users/Admin/AppData/Local/Temp/iibibi.gif' width='225' height='221' /></td> <td width='415' valign='top'><div align='center' class='style1' id='text_01'>WARNING!</div><br /> <div align='center' id='text_02'>Your personal files are encrypted.<br /> <br /> <br /> </div> <div align='center' class='style3' id='fe_text'></div></p> <div class="styled-select" align='center'> <select id ="ddl" name="ddl" onmousedown="this.value='';" onchange="change_lang(this.value);"> <option selected disabled value="" style="display:none;">Select language</option> <option value='en'>   ENGLISH</option> <option value='de'>   GERMAN</option> <option value='es'>   SPANISH</option> <option value='fr'>   FRENCH</option> <option value='it'>   ITALIAN</option> <option value='nl'>   DUTCH</option> </select> </div> </td> </tr> <tr> <td colspan='2' align='center'><table width='97%' border='0' cellpadding='0' cellspacing='0'> <tr> <td colspan='2' align='left'> <br /> <div id='text_03'>Your documents, photos, databases and other important files have been encrypted with strongest encryption and unique key, generated for this computer. Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key. The server will eliminate the key after a time period specified in this window.</div><br /> <br /> </td> </tr> <tr> <td colspan='2' align='left'> 1) <span id='text_09'>Download TOR Browser from</span> <a href='http://torproject.org' class='style4'>http://torproject.org</a><br /> 2) <span id='text_10'>In the Tor Browser open the</span> <span class='style6'>http://maktubmvgn22y2ns.onion</span><br /><br /> <span id='text_11'>(Note that this server is available via Tor Browser only. Retry in 1 hour if site is not reachable).</span><br /> <br /> <span class='style5' id='text_12'>Write in the following public key in the input from on server:</span><br /><br /> <div align='center'><textarea class='style7'> 4MUZQ-RCTUF-5FDK4-8Z1TJ-WF7B5-K706U-2U70Z-2S63J-8D4JD-434E1-EX1Z2-XUT6P-VGNUC-MTFC7 JP0EZ-YG2DD-A0CWC-MPCZ4-7HEF3-DE2D1-VPFYB-GAN81-C38WW-GEKSX-0VFKH-RNURK-ZENKG-W1QCV ZGNVW-MJHZK-1KVTA-GR1V4-X434Z-Z66BY-EGX8U-217K8-A4Q7X-JT7EW-Q0SZT-VUY85-EV3YR-ENM7Y AG547-JV2NB-M7A4T-H744G-0V5A3-SB377-6KT4B-JU7F0-YV8QK-W2XZ7-8QFMH-3N534-66PDX-2C2MD NGP1P-R1GV5-EX3HW-Z78KW-52TXY-RYBY7-8WKMF-5JA5G-2J7ZJ-W3JTC-ZXATQ-B0F5Q-UG546-H8C37 YUTXU-C0QPX-AETN5-MVKES-ZNF0N-B83ET-JWR8G-EA4RV-33QFX-P7QH7-MR6HJ-PC2BA </textarea> <br /> </div> <br /> <br /> <br /> </div> </td> </tr> </table></td> </tr> </table> </div> </body> </html>

URLs

http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>

http-equiv='Content-Type

Extracted

Path

C:\Users\Admin\Desktop\backup_iibibi\_DECRYPT_INFO_iibibi.html

Ransom Note

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>  <html xmlns='http://www.w3.org/1999/xhtml'> <head> <meta http-equiv='Content-Type' content='text/html; charset=UTF-8' /> <title>iibibi decrypt</title> <style type='text/css'>  </style> <script type='text/javascript'> function init() { var xtime; document.getElementById('fe_text').innerHTML = '00:00:00'; var language = window.navigator.userLanguage || window.navigator.language; if (language.indexOf('-') !== -1) language = language.split('-')[0]; if (language.indexOf('_') !== -1) language = language.split('_')[0]; change_lang(language); var ua = window.navigator.userAgent; var msie = ua.indexOf('MSIE '); xtime = Math.floor( (1713440859+(12*60*60)) - (Date.now()/1000)); if (msie == 0) window.setTimeout('update_timestamp('+xtime+')',1000); else update_timestamp(xtime); } function component(x, y, z) { var res if (z == 1) res = Math.floor(x / y); else res = Math.floor(x / y) % z; if (res < 10) res = '0'+res; return res; } function update_timestamp(tstamp) { if (tstamp < 1) { document.getElementById('fe_text').innerHTML = '00:00:00'; } else { var hours = component(tstamp, 60*60, 1), minutes = component(tstamp, 60, 60), seconds = component(tstamp, 1, 60); document.getElementById('fe_text').innerHTML = hours+':'+minutes+':'+seconds; tstamp-=1; window.setTimeout('update_timestamp('+tstamp+')',1000); } } function change_lang(lang) { if (lang == "de") show_de(); else if (lang == "es") show_es(); else if (lang == "fr") show_fr(); else if (lang == "it") show_it(); else if (lang == "nl") show_nl(); else show_en(); } function show_en() { document.getElementById('text_01').innerHTML = 'WARNING!'; document.getElementById('text_02').innerHTML = 'Your personal files are encrypted.'; document.getElementById('text_03').innerHTML = 'Your documents, photos, databases and other important files have been encrypted with strongest encryption and unique key, generated for this computer. Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key. The server will eliminate the key after a time period specified in this window.'; document.getElementById('text_09').innerHTML = 'Download TOR Browser from'; document.getElementById('text_10').innerHTML = 'In the Tor Browser open the'; document.getElementById('text_11').innerHTML = '(Note that this server is available via Tor Browser only. Retry in 1 hour if site is not reachable).'; document.getElementById('text_12').innerHTML = 'Write in the following public key in the input from on server:'; } function show_de() { document.getElementById('text_01').innerHTML = 'WARNUNG!'; document.getElementById('text_02').innerHTML = 'Ihre persönlichen Dateien sind verschlüsselt!'; document.getElementById('text_03').innerHTML = 'Ihre Dokumente, Fotos, Datenbanken und andere wichtige Dateien wurden mit der stärkste Verschlüsselung und einem einzigartigen Schlüssel verschlüsselt, der für diesen Computer generiert wurde. Der Dechiffrierschlüssel ist auf einem geheimen Internet-Server gespeichert und niemand kann Ihre Dateien entschlüsseln, bis Sie bezahlen und den privaten Schlüssel erhalten. Der Server wird den Schlüssel nach einer bestimmten Zeit löschen, die in diesem Fenster angezeigt wird.'; document.getElementById('text_09').innerHTML = 'Laden Sie TOR-Browser von'; document.getElementById('text_10').innerHTML = 'Im Tor-Browser öffnen Sie'; document.getElementById('text_11').innerHTML = '(Beachten Sie, dass dieser Server nur über den Tor-Browser verfügbar ist. Wiederholen Sie den Vorgang nach 1 Stunde, wenn die Website nicht erreichbar ist).'; document.getElementById('text_12').innerHTML = 'Schreiben Sie den folgenden öffentlichen Schlüssel in die Eingabemaske auf dem Server:'; } function show_es() { document.getElementById('text_01').innerHTML = '¡PELIGRO!'; document.getElementById('text_02').innerHTML = '¡Tus archivos personales han sido encriptados!'; document.getElementById('text_03').innerHTML = 'Tus documentos, fotos, bases de datos y otros archivos importantes han sido encriptados con una encriptación extremadamente fuerte y una clave única, generada para este computador. La clave de desencriptación privada está almacenada en un servidor de internet secreto. El servidor eliminará la clave luego del tiempo especificado en esta ventana.'; document.getElementById('text_09').innerHTML = 'Descarga el navegador TOR desde'; document.getElementById('text_10').innerHTML = 'En el navegador TOR abre'; document.getElementById('text_11').innerHTML = '(Nota que este servidor solo es accesible desde el navegador TOR. Intenta nuevamente en 1 hora si no puedes acceder).'; document.getElementById('text_12').innerHTML = 'Escribe la siguiente clave publica en la forma de ingreso del servidor:'; } function show_fr() { document.getElementById('text_01').innerHTML = 'ATTENTION!'; document.getElementById('text_02').innerHTML = 'Vos fichiers personnels ont été cryptés !'; document.getElementById('text_03').innerHTML = 'Vos documents, photos, bases de données, et autres fichiers importants ont été cryptées avec le meilleur processus de cryptage et une clé unique générée pour cet ordinateur. La clé privée de cryptage est accessible sur un serveur Internet secret et personne ne peut décrypter vos fichiers à moins que vous ne payiez et obtenez cette clé. Le serveur éliminera la clé après le compte à rebours affiché sur cette fenêtre.'; document.getElementById('text_09').innerHTML = 'Télécharger le navigateur TOR de'; document.getElementById('text_10').innerHTML = 'Dans le navigateur, ouvrez '; document.getElementById('text_11').innerHTML = '(Veuillez noter que ce serveur est disponible via le navigateur Tor uniquement. Réessayez dans 1 heure si le site n’est pas accessible).'; document.getElementById('text_12').innerHTML = 'Ecrivez les clés publiques suivantes sur le portail d’entrée du serveur :'; } function show_it() { document.getElementById('text_01').innerHTML = 'ATTENZIONE!'; document.getElementById('text_02').innerHTML = 'I tuoi file personali sono criptati!'; document.getElementById('text_03').innerHTML = 'I tuoi documenti, le tue foto, database e altri file importanti sono stati criptati con forte codificazione ed una chiave unica, generata appositamente per questo computer. La chiave segreta di decriptazione è conservata su un server Internet segreto e nessuno può decriptare i tuoi file finché non paghi per ottenere la chiave. Il server eliminerà la chiave dopo il tempo indicato in questa finestra.'; document.getElementById('text_09').innerHTML = 'Scarica il Browser TOR da'; document.getElementById('text_10').innerHTML = 'Nel Browser TOR apri il link'; document.getElementById('text_11').innerHTML = '(Nota che questo server è disponibile solo tramite il Browser TOR. Riprova tra un’ora se il sito non è raggiungibile).'; document.getElementById('text_12').innerHTML = 'Scrivi la seguente chiave pubblica nel modulo di input sul server:'; } function show_nl() { document.getElementById('text_01').innerHTML = 'WAARSCHUWING!'; document.getElementById('text_02').innerHTML = 'Uw persoonlijke bestanden zijn gecodeerd!'; document.getElementById('text_03').innerHTML = 'Uw documenten, foto’s, databases en andere belangrijke bestanden zijn gecodeerd met de sterkste encryptie en een unieke sleutel, gegenereerd voor deze computer. De persoonlijke decoderingssleutel is te vinden op een geheime Internet server en niemand kan uw bestanden decoderen totdat u betaalt en de persoonlijke sleutel heeft. De server zal de sleutel elimineren na de tijdsperiode genoemd in dit venster.'; document.getElementById('text_09').innerHTML = 'Download de TOR Browser van'; document.getElementById('text_10').innerHTML = 'In de Tor Browser, open'; document.getElementById('text_11').innerHTML = '(Let op dat deze server alleen via de Tor Browser te bereiken is. Probeer het na een uur weer als de site niet werkt).'; document.getElementById('text_12').innerHTML = 'Schrijf in de volgende openbare sleutel in het invoerformulier op de server:'; } //var language = window.navigator.userLanguage || window.navigator.language; //alert(language); </script> </head> <body onload='init();'> <div align='center'> <table width='700' height='100%' border='0' cellpadding='0' cellspacing='0' bgcolor='#000000'> <tr> <td width='225' align='left'><img src='file:///C:/Users/Admin/AppData/Local/Temp/iibibi.gif' width='225' height='221' /></td> <td width='415' valign='top'><div align='center' class='style1' id='text_01'>WARNING!</div><br /> <div align='center' id='text_02'>Your personal files are encrypted.<br /> <br /> <br /> </div> <div align='center' class='style3' id='fe_text'></div></p> <div class="styled-select" align='center'> <select id ="ddl" name="ddl" onmousedown="this.value='';" onchange="change_lang(this.value);"> <option selected disabled value="" style="display:none;">Select language</option> <option value='en'>   ENGLISH</option> <option value='de'>   GERMAN</option> <option value='es'>   SPANISH</option> <option value='fr'>   FRENCH</option> <option value='it'>   ITALIAN</option> <option value='nl'>   DUTCH</option> </select> </div> </td> </tr> <tr> <td colspan='2' align='center'><table width='97%' border='0' cellpadding='0' cellspacing='0'> <tr> <td colspan='2' align='left'> <br /> <div id='text_03'>Your documents, photos, databases and other important files have been encrypted with strongest encryption and unique key, generated for this computer. Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key. The server will eliminate the key after a time period specified in this window.</div><br /> <br /> </td> </tr> <tr> <td colspan='2' align='left'> 1) <span id='text_09'>Download TOR Browser from</span> <a href='http://torproject.org' class='style4'>http://torproject.org</a><br /> 2) <span id='text_10'>In the Tor Browser open the</span> <span class='style6'>http://maktubmvgn22y2ns.onion</span><br /><br /> <span id='text_11'>(Note that this server is available via Tor Browser only. Retry in 1 hour if site is not reachable).</span><br /> <br /> <span class='style5' id='text_12'>Write in the following public key in the input from on server:</span><br /><br /> <div align='center'><textarea class='style7'> 4MUZQ-RCTUF-5FDK4-8Z1TJ-WF7B5-K706U-2U70Z-2S63J-8D4JD-434E1-EX1Z2-XUT6P-VGNUC-MTFC7 JP0EZ-YG2DD-A0CWC-MPCZ4-7HEF3-DE2D1-VPFYB-GAN81-C38WW-GEKSX-0VFKH-RNURK-ZENKG-W1QCV ZGNVW-MJHZK-1KVTA-GR1V4-X434Z-Z66BY-EGX8U-217K8-A4Q7X-JT7EW-Q0SZT-VUY85-EV3YR-ENM7Y AG547-JV2NB-M7A4T-H744G-0V5A3-SB377-6KT4B-JU7F0-YV8QK-W2XZ7-8QFMH-3N534-66PDX-2C2MD NGP1P-R1GV5-EX3HW-Z78KW-52TXY-RYBY7-8WKMF-5JA5G-2J7ZJ-W3JTC-ZXATQ-B0F5Q-UG546-H8C37 YUTXU-C0QPX-AETN5-MVKES-ZNF0N-B83ET-JWR8G-EA4RV-33QFX-P7QH7-MR6HJ-PC2BA </textarea> <br /> </div> <br /> <br /> <br /> </div> </td> </tr> </table></td> </tr> </table> </div> </body> </html>

URLs

http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>

http-equiv='Content-Type

Signatures

Maktub Locker
Advanced ransomware family capable of offline decryption, generally distributed via .scr email attachments.
ransomware maktub
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490
Renames multiple (244) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/memory/1592-224-0x0000000003990000-0x0000000003998000-memory.dmp	acprotect
behavioral1/memory/1592-228-0x0000000003990000-0x0000000003998000-memory.dmp	acprotect
behavioral1/memory/1592-227-0x0000000003990000-0x0000000003998000-memory.dmp	acprotect

Uses Tor communications 1 TTPs
Malware can proxy its traffic through Tor for more anonymity.

Proxy
T1090
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Interacts with shadow copies 2 TTPs 1 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

pid	Process
2148	vssadmin.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-81807878-2351072935-4259904108-1000_Classes\Local Settings	0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
240	WINWORD.EXE
240	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1592	0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe
1592	0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeBackupPrivilege	4344	vssvc.exe
Token: SeRestorePrivilege	4344	vssvc.exe
Token: SeAuditPrivilege	4344	vssvc.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
240	WINWORD.EXE
240	WINWORD.EXE
240	WINWORD.EXE
240	WINWORD.EXE
240	WINWORD.EXE
240	WINWORD.EXE
240	WINWORD.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 240	1592	0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe	71
PID 1592 wrote to memory of 240	1592	0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe	71
PID 1592 wrote to memory of 2148	1592	0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe	74
PID 1592 wrote to memory of 2148	1592	0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe	74

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe
"C:\Users\Admin\AppData\Local\Temp\0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1592
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.rtf" /o ""
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:240
- C:\Windows\SYSTEM32\vssadmin.exe
  vssadmin.exe delete shadows /all /quiet
  2⤵
  - Interacts with shadow copies
  PID:2148

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4344

Network

DNS

roaming.officeapps.live.com

WINWORD.EXE

Remote address:

8.8.8.8:53

Request

roaming.officeapps.live.com

IN A

Response

roaming.officeapps.live.com

IN CNAME

prod.roaming1.live.com.akadns.net

prod.roaming1.live.com.akadns.net

IN CNAME

eur.roaming1.live.com.akadns.net

eur.roaming1.live.com.akadns.net

IN CNAME

neu-azsc-000.roaming.officeapps.live.com

neu-azsc-000.roaming.officeapps.live.com

IN CNAME

osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com

osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com

IN A

52.109.76.243
POST

https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

WINWORD.EXE

Remote address:

52.109.76.243:443

Request

POST /rs/RoamingSoapService.svc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/xml; charset=utf-8
User-Agent: MS-WebServices/1.0
SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
Content-Length: 511
Host: roaming.officeapps.live.com

Response

HTTP/1.1 200 OK

Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/10.0
X-OfficeFE: RoamingFE_IN_140
X-OfficeVersion: 16.0.17608.30575
X-OfficeCluster: neu-000.roaming.officeapps.live.com
X-CorrelationId: ea679da8-6ad6-4bd6-ad8a-9a808813ba66
X-Powered-By: ASP.NET
Date: Thu, 18 Apr 2024 11:39:31 GMT
Content-Length: 654
DNS

97.32.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.32.109.52.in-addr.arpa

IN PTR

Response
DNS

243.76.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

243.76.109.52.in-addr.arpa

IN PTR

Response
DNS

82.90.14.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

82.90.14.23.in-addr.arpa

IN PTR

Response

82.90.14.23.in-addr.arpa

IN PTR

a23-14-90-82deploystaticakamaitechnologiescom
DNS

64.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.159.190.20.in-addr.arpa

IN PTR

Response
DNS

64.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.159.190.20.in-addr.arpa

IN PTR
DNS

6.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.173.189.20.in-addr.arpa

IN PTR

Response
GET

http://128.31.0.39:9131/tor/status-vote/current/consensus

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

128.31.0.39:9131

Request

GET /tor/status-vote/current/consensus HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 128.31.0.39:9131

Response

HTTP/1.0 200 OK

Date: Thu, 18 Apr 2024 11:39:42 GMT
Content-Type: text/plain
X-Your-Address-Is: 191.101.209.39
Content-Encoding: identity
Expires: Thu, 18 Apr 2024 12:00:00 GMT
Vary: X-Or-Diff-From-Consensus
DNS

39.0.31.128.in-addr.arpa

Remote address:

8.8.8.8:53

Request

39.0.31.128.in-addr.arpa

IN PTR

Response

39.0.31.128.in-addr.arpa

IN PTR

belegostcsailmitedu
DNS

metadata.templates.cdn.office.net

WINWORD.EXE

Remote address:

8.8.8.8:53

Request

metadata.templates.cdn.office.net

IN A

Response

metadata.templates.cdn.office.net

IN CNAME

templatesmetadata.office.net

templatesmetadata.office.net

IN CNAME

templatesmetadata.office.net.edgekey.net

templatesmetadata.office.net.edgekey.net

IN CNAME

e26769.dscb.akamaiedge.net

e26769.dscb.akamaiedge.net

IN A

23.62.61.162

e26769.dscb.akamaiedge.net

IN A

23.62.61.184
GET

https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

WINWORD.EXE

Remote address:

23.62.61.162:443

Request

GET /client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: metadata.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Type: text/xml
Server: Kestrel
Content-Encoding: gzip
Content-Length: 1265
Cache-Control: max-age=33598
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Vary: Accept-Encoding
DNS

binaries.templates.cdn.office.net

WINWORD.EXE

Remote address:

8.8.8.8:53

Request

binaries.templates.cdn.office.net

IN A

Response

binaries.templates.cdn.office.net

IN CNAME

binaries.templates.cdn.office.net.edgesuite.net

binaries.templates.cdn.office.net.edgesuite.net

IN CNAME

a1847.dscg2.akamai.net

a1847.dscg2.akamai.net

IN A

95.100.202.48

a1847.dscg2.akamai.net

IN A

95.100.202.8
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp01840907.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 43653
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 2jOARYFw5gy+pyYC/dDZVQ==
Last-Modified: Fri, 22 Apr 2016 16:08:15 GMT
ETag: 0x8D36AC84F8E1FB0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 8eae550b-501e-00a3-25e0-90efef000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp1000111403.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 953453
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 1OrACenntkuLABroK4EC+g==
Last-Modified: Thu, 12 Jul 2018 00:20:09 GMT
ETag: 0x8D5E78D3A5A7B12
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2708e9c9-c01e-0054-07e0-90d2e3000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp03328893.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 20235
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 48ZBc7L0qnq3LhOWqVFL2A==
Last-Modified: Fri, 22 Apr 2016 16:10:17 GMT
ETag: 0x8D36AC898C9059A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 667c92e1-101e-00a2-75e0-90b033000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp0403391901.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1097591
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: v5XpZ+fRzsjv5Ca8ASfT3g==
Last-Modified: Wed, 29 Aug 2018 18:16:09 GMT
ETag: 0x8D60DDB7EAA50F0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 214eecaf-201e-0142-1ce0-90cda7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp02835233.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 46413
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: xFXEvEvsng2mfE0eU+RtWg==
Last-Modified: Fri, 22 Apr 2016 16:09:25 GMT
ETag: 0x8D36AC879BBB45C
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 0840d45c-401e-00af-07e0-9078e7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp1000111502.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 230916
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: k/qfd5Ugqy0irE6oZLe7NA==
Last-Modified: Thu, 12 Jul 2018 00:23:55 GMT
ETag: 0x8D5E78DC0BDFFD8
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 274c3272-201e-0038-5ee0-907930000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp03328916.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 26944
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: +RPdhJFXUwQthWzsTl2rpQ==
Last-Modified: Fri, 22 Apr 2016 16:09:47 GMT
ETag: 0x8D36AC886C4C4EE
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2e9fcba0-a01e-0021-0be0-90ae51000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp03998159.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 3417042
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: dJw2FeVMjmh1UYz9hOWhsg==
Last-Modified: Fri, 22 Apr 2016 15:41:56 GMT
ETag: 0x8D36AC4A270AB9B
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a343fbf1-b01e-0132-31e0-9026ec000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp02851216.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 34816
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: YoYxJM3NoTXswOcieCy4iA==
Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
ETag: 0x8D36AC8813CE0D3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9e9e68ec-601e-0131-6fe0-909534000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp0345749601.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 550906
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: HBIxXIYqdFpkfa1UbrQmfg==
Last-Modified: Wed, 29 Aug 2018 18:21:00 GMT
ETag: 0x8D60DDC2BE7DF3C
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 85a56e03-c01e-00ec-55e0-909ebb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp02851217.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 33610
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: UYBOJVxXMXYDn01bVcEqsg==
Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
ETag: 0x8D36AC881987151
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7191d33d-601e-0143-4fe0-90927b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp0403392901.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1766185
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: go+WAx9Av468teUqrut+TA==
Last-Modified: Wed, 29 Aug 2018 18:21:38 GMT
ETag: 0x8D60DDC42FF6DAF
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: cee345e3-001e-0120-11e0-9012f0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp02851218.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31835
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: kqgZ1DSoquosZfDMLzO7Og==
Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
ETag: 0x8D36AC881E66CE5
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c04d6ba2-b01e-00bb-04e0-903088000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp02851219.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31605
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: ae2zv4HJn+ipS7oDQIxa4Q==
Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
ETag: 0x8D36AC8822FFB6E
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b9a5ca7c-701e-0022-18e0-904f35000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp0345751001.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1065873
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 4RAcym4/7bKLV69MQbUNNw==
Last-Modified: Wed, 29 Aug 2018 18:15:36 GMT
ETag: 0x8D60DDB6B23796A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 775b8925-301e-0005-20e0-90cc16000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp02851220.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31482
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 8Q35ApgPHVvuqWssZoQIpw==
Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
ETag: 0x8D36AC8827914A7
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 91cc8881-901e-010a-3ae0-90d090000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp02851221.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31562
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: HW+Oc6BmKkjTMgkKTIyJjw==
Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
ETag: 0x8D36AC882C4ED43
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 69347acc-f01e-0151-26e0-90e9ab000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp0345751501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 222992
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: Jr6rnM6v5Pvwt8A2JoGp0g==
Last-Modified: Wed, 29 Aug 2018 18:20:49 GMT
ETag: 0x8D60DDC25D3B258
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 044e30be-401e-00e4-2ce0-902b63000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp02851222.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 28911
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: bXh7HiI9trkbaSOAYsyocg==
Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
ETag: 0x8D36AC49A221679
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 952c4392-601e-00b7-55e0-90376c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp02851224.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 30957
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 08kDbk4RWegysbTS6dQr8A==
Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
ETag: 0x8D36AC883A171B7
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 214ee531-201e-0142-09e0-90cda7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp0403392701.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 2527736
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 8laspQm0xsAUTSeMcDawqA==
Last-Modified: Wed, 29 Aug 2018 18:18:47 GMT
ETag: 0x8D60DDBDD02F94A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 47cb7cd9-901e-0077-21e0-905fbe000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp02851223.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 32833
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: IFr1FgTvlu8ejmAhJUH3Qg==
Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
ETag: 0x8D36AC88357BC32
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: be60fcc5-101e-0159-30e0-90f3a4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp02851225.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31008
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 4DPMvHunh6L4JM4JUuV9RA==
Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
ETag: 0x8D36AC883F49D7D
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9bdb3ee7-101e-0024-0fe0-907c8a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp0403393701.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 3256855
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: iGe99fx1Tanab1ujQTNFlQ==
Last-Modified: Wed, 29 Aug 2018 18:19:43 GMT
ETag: 0x8D60DDBFE4BB50C
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 448333ef-001e-00f3-0fe0-902dbf000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp02851226.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 35519
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: U+6dpJ0LhDVwOOzzdoONLg==
Last-Modified: Fri, 22 Apr 2016 15:41:43 GMT
ETag: 0x8D36AC49ACD2925
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7029a38f-901e-0107-37e0-9088b9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp0309043001.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 307348
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: DrxFqg5nzENdB0VDg3H5SA==
Last-Modified: Wed, 29 Aug 2018 18:20:24 GMT
ETag: 0x8D60DDC169CBCB0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a3cbaf2e-701e-008a-54e0-90824a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp02851227.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31471
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: karb7EFxz6gpK2GEkvXvNA==
Last-Modified: Fri, 22 Apr 2016 15:41:43 GMT
ETag: 0x8D36AC49B376014
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: fd424c43-e01e-00e2-62e0-90dc1b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp03998158.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 42788
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: IaS3txYxwszaX7umN1Hw0g==
Last-Modified: Fri, 22 Apr 2016 15:41:55 GMT
ETag: 0x8D36AC4A24B210A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 322a22d8-d01e-00ea-4de0-90c768000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp0309043402.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 723359
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: dIpTxr3Vzpe9VKdsejNChg==
Last-Modified: Wed, 29 Aug 2018 18:14:30 GMT
ETag: 0x8D60DDB43B59EC5
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 6b83e3b8-e01e-013f-64e0-90bc84000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp03328884.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22008
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: q78QzulIDkHYEnfpU4+Yyw==
Last-Modified: Fri, 22 Apr 2016 16:10:17 GMT
ETag: 0x8D36AC8987823BE
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 0840d3d7-401e-00af-12e0-9078e7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp0403391701.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 698244
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 4pziZjpWoUROqjcy/7gpQA==
Last-Modified: Wed, 29 Aug 2018 18:15:39 GMT
ETag: 0x8D60DDB6CAEA91D
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f0facb95-e01e-00a6-11e0-903d34000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp03328905.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 20457
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: TvpI7DB+ry+bNGoHPGf8+w==
Last-Modified: Fri, 22 Apr 2016 15:41:39 GMT
ETag: 0x8D36AC498BB27EF
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4fdc6833-201e-0055-28e0-90d31e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp0403392501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1310275
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: nJ9JpHIiwYAlzCVXUzepZQ==
Last-Modified: Wed, 29 Aug 2018 18:17:15 GMT
ETag: 0x8D60DDBA5EDDA1A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ca6efc10-401e-004e-01e0-90fd8c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp03328908.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31083
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: iamBjmZY1zpztkJSL/hwHw==
Last-Modified: Fri, 22 Apr 2016 16:09:46 GMT
ETag: 0x8D36AC8865F4922
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3ced73e5-001e-00ae-17e0-90273b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp0345749101.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 261258
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: ZYKNx76Loc5hrXFCJSrMVA==
Last-Modified: Wed, 29 Aug 2018 18:23:58 GMT
ETag: 0x8D60DDC968C4F0E
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 6dacbb2d-101e-0114-06e0-903c48000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp03328925.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 25314
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: xH40MK+BPfiwLhy0gp3ZSw==
Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
ETag: 0x8D36AC49952B1C0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 317ce797-d01e-00c8-7ee0-90a95e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp0403392101.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1881952
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: U8X0WyLhM7KNS9O1o1D9vQ==
Last-Modified: Wed, 29 Aug 2018 18:19:46 GMT
ETag: 0x8D60DDC0007D57D
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 16771a2c-401e-0028-40e0-904fd6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp03328919.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22149
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: ZsUZnPT7GL1Pnz8sywdABw==
Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
ETag: 0x8D36AC4992C63CE
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 08e0efd8-c01e-00b1-05e0-90c014000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp0345750301.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 640684
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: +TNk7sbE/6V2jeVFosNPBw==
Last-Modified: Wed, 29 Aug 2018 18:15:11 GMT
ETag: 0x8D60DDB5C4DB3A1
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c04d6b69-b01e-00bb-52e0-903088000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp03328932.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 20554
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: SGy8siO4cxMv+vS4rQrQRA==
Last-Modified: Fri, 22 Apr 2016 16:09:49 GMT
ETag: 0x8D36AC887A4CC19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3b2d84a9-a01e-0043-2fe0-906c76000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp03328935.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 23597
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: fGRexQWYL+Up0OUDWzeP/A==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC49996C1E0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 274c321a-201e-0038-0ce0-907930000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp03328940.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21791
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: e/iLPKIOtx7UU6M2GQjgEA==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC499BA77A5
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e6d0ad29-301e-0123-60e0-9011f7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp03328972.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21111
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 0wrSbbtt7KT90pT0jtrVXQ==
Last-Modified: Fri, 22 Apr 2016 16:09:51 GMT
ETag: 0x8D36AC888CEAFBE
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c16ddbaa-b01e-003d-56e0-90fc31000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp03328951.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 19893
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 75y4vfvAjwO+9RmtZrpkLw==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC499DEA2B6
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 16771a05-401e-0028-1fe0-904fd6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp03328975.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22594
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 7gEpx8waySu8PWyw9lP8rg==
Last-Modified: Fri, 22 Apr 2016 16:09:51 GMT
ETag: 0x8D36AC889183E51
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a1fc0b28-701e-0032-80e0-908a5d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp03328983.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21875
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 5TIDh2JQP/oTcd8D+i4iLQ==
Last-Modified: Fri, 22 Apr 2016 16:09:52 GMT
ETag: 0x8D36AC88963C8B3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: be610276-101e-0159-2fe0-90f3a4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp03328990.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 19288
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: uab/cVcZ7p3hZCGrmDynRQ==
Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
ETag: 0x8D36AC88A1DF716
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e905325f-201e-004d-32e0-9045c6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp03328986.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22340
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: iyn6tQb9ZcIcnNb+a7vBRg==
Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
ETag: 0x8D36AC49A9463F7
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 20b88228-001e-002f-46e0-90b953000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp0345744402.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 295527
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: mgcDXvgCv4n27SVNDbAqsA==
Last-Modified: Wed, 29 Aug 2018 21:59:16 GMT
ETag: 0x8D60DFAA9CC48C3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 84001c69-001e-00a7-11e0-90018a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp03328998.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21357
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: l/W3t+nhKBmZRopcQssS5w==
Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
ETag: 0x8D36AC88A7F05EE
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4bb5f91f-101e-012b-32e0-90f4eb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp0345746401.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 276650
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: hNjzhI50JMvjgB+VcOBQGA==
Last-Modified: Wed, 29 Aug 2018 18:16:15 GMT
ETag: 0x8D60DDB824A3C69
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 794c4e36-f01e-0135-79e0-90d069000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp0345747501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 271273
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: IUN4l8m4isLLK7L++SLRkQ==
Last-Modified: Wed, 29 Aug 2018 18:16:49 GMT
ETag: 0x8D60DDB967B9FA5
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 75091ed6-a01e-012d-07e0-90fdfc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

WINWORD.EXE

Remote address:

95.100.202.48:443

Request

GET /support/templates/en-us/tp0345748501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 4D9E2320-F587-485C-99E0-607EB206E281
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 2591108
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: vrEqBGTQlsozuupDUs6ADw==
Last-Modified: Wed, 29 Aug 2018 18:18:42 GMT
ETag: 0x8D60DDBD9E38C6B
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 48fbab6c-b01e-00d3-2fe0-9087cc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 18 Apr 2024 11:39:47 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
DNS

151.223.88.45.in-addr.arpa

Remote address:

8.8.8.8:53

Request

151.223.88.45.in-addr.arpa

IN PTR

Response

151.223.88.45.in-addr.arpa

IN PTR

tor-exit-router-a13quidoorg
DNS

162.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

162.61.62.23.in-addr.arpa

IN PTR

Response

162.61.62.23.in-addr.arpa

IN PTR

a23-62-61-162deploystaticakamaitechnologiescom
DNS

48.202.100.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.202.100.95.in-addr.arpa

IN PTR

Response

48.202.100.95.in-addr.arpa

IN PTR

a95-100-202-48deploystaticakamaitechnologiescom
GET

http://185.177.229.20/tor/server/fp/61a8aa477e06ba07445265f06be68cd51aceda7d

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

185.177.229.20:80

Request

GET /tor/server/fp/61a8aa477e06ba07445265f06be68cd51aceda7d HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 185.177.229.20
DNS

20.229.177.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.229.177.185.in-addr.arpa

IN PTR

Response

20.229.177.185.in-addr.arpa

IN PTR

20-229-177-185clientsgthostcom
DNS

184.159.221.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

184.159.221.77.in-addr.arpa

IN PTR

Response

184.159.221.77.in-addr.arpa

IN PTR

bent-sea_n1aezanetwork
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

Response

0.204.248.87.in-addr.arpa

IN PTR

https-87-248-204-0lhrllnwnet
DNS

248.165.8.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

248.165.8.185.in-addr.arpa

IN PTR

Response

248.165.8.185.in-addr.arpa

IN PTR

vpscz-procz
GET

http://2.58.95.38/tor/server/fp/b882ecd090c8128746e9012756424ced20759f76

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

2.58.95.38:80

Request

GET /tor/server/fp/b882ecd090c8128746e9012756424ced20759f76 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 2.58.95.38

Response

HTTP/1.0 200 OK

Date: Thu, 18 Apr 2024 11:40:59 GMT
Content-Type: text/plain
X-Your-Address-Is: 191.101.209.39
Content-Encoding: identity
Expires: Sat, 20 Apr 2024 11:40:59 GMT
DNS

100.236.219.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.236.219.104.in-addr.arpa

IN PTR

Response

100.236.219.104.in-addr.arpa

IN PTR

ip-104-219-236-100host datawagonnet
DNS

38.95.58.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

38.95.58.2.in-addr.arpa

IN PTR

Response

38.95.58.2.in-addr.arpa

IN PTR

hosted-bypfcloudio
DNS

62.88.143.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

62.88.143.91.in-addr.arpa

IN PTR

Response

62.88.143.91.in-addr.arpa

IN PTR

91-143-88-62que3de
DNS

96.160.194.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

96.160.194.91.in-addr.arpa

IN PTR

Response

96.160.194.91.in-addr.arpa

IN PTR

vm2225160stark-industries solutions
GET

http://163.172.211.128/tor/server/fp/2ca3206e63f347dc136710b4a2ecefd9b8f7ffc1

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

163.172.211.128:80

Request

GET /tor/server/fp/2ca3206e63f347dc136710b4a2ecefd9b8f7ffc1 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 163.172.211.128

Response

HTTP/1.0 200 OK

Date: Thu, 18 Apr 2024 11:41:03 GMT
Content-Type: text/plain
X-Your-Address-Is: 191.101.209.39
Content-Encoding: identity
Expires: Sat, 20 Apr 2024 11:41:03 GMT
DNS

128.211.172.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

128.211.172.163.in-addr.arpa

IN PTR

Response

128.211.172.163.in-addr.arpa

IN PTR

nsecasperlefantomnet
DNS

202.100.189.193.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.100.189.193.in-addr.arpa

IN PTR

Response

202.100.189.193.in-addr.arpa

IN PTR

tor-exit-9
DNS

90.65.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.65.42.20.in-addr.arpa

IN PTR

Response
GET

http://151.45.5.118/tor/server/fp/036efd2e61dea3d2fee59861ba4245e4de864112

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

151.45.5.118:80

Request

GET /tor/server/fp/036efd2e61dea3d2fee59861ba4245e4de864112 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 151.45.5.118

Response

HTTP/1.1 301 Moved Permanently

Location: https://151.45.5.118/tor/server/fp/036efd2e61dea3d2fee59861ba4245e4de864112
Date: Thu, 18 Apr 2024 11:41:46 GMT
Content-Length: 17
Content-Type: text/plain; charset=utf-8
GET

http://206.75.30.189/tor/server/fp/f54b42aedd880627fa4746bdbbc1c2500a85227f

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

206.75.30.189:80

Request

GET /tor/server/fp/f54b42aedd880627fa4746bdbbc1c2500a85227f HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 206.75.30.189

Response

HTTP/1.0 200 OK

Date: Thu, 18 Apr 2024 11:41:48 GMT
Content-Type: text/plain
X-Your-Address-Is: 191.101.209.39
Content-Encoding: identity
Expires: Sat, 20 Apr 2024 11:41:48 GMT
DNS

118.5.45.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

118.5.45.151.in-addr.arpa

IN PTR

Response

118.5.45.151.in-addr.arpa

IN PTR

adsl-ull-118-545-151windit
GET

http://188.63.254.7/tor/server/fp/e21336a5d5b02839c63e1f68dc1ce03b067bacc8

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

188.63.254.7:80

Request

GET /tor/server/fp/e21336a5d5b02839c63e1f68dc1ce03b067bacc8 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 188.63.254.7
DNS

41.199.135.135.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.199.135.135.in-addr.arpa

IN PTR

Response

41.199.135.135.in-addr.arpa

IN PTR

h135-135-199-41abdlwi broadbanddynamictdsnet
DNS

189.30.75.206.in-addr.arpa

Remote address:

8.8.8.8:53

Request

189.30.75.206.in-addr.arpa

IN PTR

Response

189.30.75.206.in-addr.arpa

IN PTR

d206-75-30-189abhsiatelusnet
DNS

56.206.208.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.206.208.91.in-addr.arpa

IN PTR

Response

56.206.208.91.in-addr.arpa

IN PTR

MetalRelay1
DNS

7.254.63.188.in-addr.arpa

Remote address:

8.8.8.8:53

Request

7.254.63.188.in-addr.arpa

IN PTR

Response

7.254.63.188.in-addr.arpa

IN PTR

725463188dynamicwlinerescustswisscomch
GET

http://204.8.96.182/tor/server/fp/104944b9596f8d0340790442ec75ebf368375a1f

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

204.8.96.182:80

Request

GET /tor/server/fp/104944b9596f8d0340790442ec75ebf368375a1f HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 204.8.96.182

Response

HTTP/1.0 200 OK

Date: Thu, 18 Apr 2024 11:42:25 GMT
Content-Type: text/plain
X-Your-Address-Is: 191.101.209.39
Content-Encoding: identity
Expires: Sat, 20 Apr 2024 11:42:25 GMT
DNS

28.142.122.193.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.142.122.193.in-addr.arpa

IN PTR

Response
DNS

182.96.8.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

182.96.8.204.in-addr.arpa

IN PTR

Response
DNS

213.137.143.94.in-addr.arpa

Remote address:

8.8.8.8:53

Request

213.137.143.94.in-addr.arpa

IN PTR

Response
GET

http://178.203.122.107/tor/server/fp/ce4c88b2ca700655ac0cc98f093973ea86caee4d

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

178.203.122.107:80

Request

GET /tor/server/fp/ce4c88b2ca700655ac0cc98f093973ea86caee4d HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 178.203.122.107

Response

HTTP/1.1 308 Permanent Redirect

Connection: close
Location: https://178.203.122.107/tor/server/fp/ce4c88b2ca700655ac0cc98f093973ea86caee4d
Server: Caddy
Date: Thu, 18 Apr 2024 11:42:46 GMT
Content-Length: 0
GET

http://94.16.121.91/tor/server/fp/ce4c88b2ca700655ac0cc98f093973ea86caee4d

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

94.16.121.91:80

Request

GET /tor/server/fp/ce4c88b2ca700655ac0cc98f093973ea86caee4d HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 94.16.121.91

Response

HTTP/1.1 404 Not Found

Content-Type: text/html
Content-Length: 341
Date: Thu, 18 Apr 2024 11:42:46 GMT
Server: lighttpd/1.4.63
DNS

107.122.203.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

107.122.203.178.in-addr.arpa

IN PTR

Response

107.122.203.178.in-addr.arpa

IN PTR

ip-178-203-122-107um48poolsvodafone-ipde
DNS

91.121.16.94.in-addr.arpa

Remote address:

8.8.8.8:53

Request

91.121.16.94.in-addr.arpa

IN PTR

Response

91.121.16.94.in-addr.arpa

IN PTR

this-is-a-tor-node---9 artikel5evde
DNS

154.35.107.109.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.35.107.109.in-addr.arpa

IN PTR

Response

154.35.107.109.in-addr.arpa

IN PTR

cip-109-107-35-154gb1 brightboxcom
GET

http://23.92.19.230/tor/server/fp/21b55072c00f4522857655fbb0f3e25d75a5357b

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

23.92.19.230:80

Request

GET /tor/server/fp/21b55072c00f4522857655fbb0f3e25d75a5357b HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 23.92.19.230

Response

HTTP/1.1 404 Not Found

Date: Thu, 18 Apr 2024 11:43:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 274
Content-Type: text/html; charset=iso-8859-1
DNS

230.19.92.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

230.19.92.23.in-addr.arpa

IN PTR

Response

230.19.92.23.in-addr.arpa

IN PTR

plovercom
DNS

21.85.33.89.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.85.33.89.in-addr.arpa

IN PTR

Response

21.85.33.89.in-addr.arpa

IN PTR

89338521oxidenetwork
DNS

234.72.92.164.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.72.92.164.in-addr.arpa

IN PTR

Response
GET

http://5.9.156.17/tor/server/fp/b4e7c2aec78452939a3eebd9328a54c273dc4619

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

5.9.156.17:80

Request

GET /tor/server/fp/b4e7c2aec78452939a3eebd9328a54c273dc4619 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 5.9.156.17

Response

HTTP/1.0 200 OK

Date: Thu, 18 Apr 2024 11:44:34 GMT
Content-Type: text/plain
X-Your-Address-Is: 191.101.209.39
Content-Encoding: identity
Expires: Sat, 20 Apr 2024 11:44:34 GMT
GET

http://185.220.101.67/tor/server/fp/fc83153ea2ff3807029506a4b30a27d953dd98d4

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

185.220.101.67:80

Request

GET /tor/server/fp/fc83153ea2ff3807029506a4b30a27d953dd98d4 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 185.220.101.67

Response

HTTP/1.0 200 OK

Date: Thu, 18 Apr 2024 11:44:35 GMT
Content-Type: text/plain
X-Your-Address-Is: 191.101.209.39
Content-Encoding: identity
Expires: Sat, 20 Apr 2024 11:44:35 GMT
DNS

17.156.9.5.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.156.9.5.in-addr.arpa

IN PTR

Response

17.156.9.5.in-addr.arpa

IN PTR

static1715695clientsyour-serverde
DNS

113.126.86.86.in-addr.arpa

Remote address:

8.8.8.8:53

Request

113.126.86.86.in-addr.arpa

IN PTR

Response

113.126.86.86.in-addr.arpa

IN PTR

86-86-126-113fixedkpnnet
DNS

67.101.220.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.101.220.185.in-addr.arpa

IN PTR

Response

67.101.220.185.in-addr.arpa

IN PTR

tor-exit-67cccsde
DNS

203.195.236.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

203.195.236.87.in-addr.arpa

IN PTR

Response

203.195.236.87.in-addr.arpa

IN PTR

unassigned-87236195203coolhousingnet
DNS

203.195.236.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

203.195.236.87.in-addr.arpa

IN PTR

Response

203.195.236.87.in-addr.arpa

IN PTR

unassigned-87236195203coolhousingnet
DNS

14.224.90.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.224.90.88.in-addr.arpa

IN PTR

Response

14.224.90.88.in-addr.arpa

IN PTR

ti0019a400-3067bbonlineno
DNS

14.224.90.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.224.90.88.in-addr.arpa

IN PTR

Response

14.224.90.88.in-addr.arpa

IN PTR

ti0019a400-3067bbonlineno
GET

http://193.135.10.219/tor/server/fp/fc4d03403ecd90463198b9f2f81e0b37ed7afe1d

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

193.135.10.219:80

Request

GET /tor/server/fp/fc4d03403ecd90463198b9f2f81e0b37ed7afe1d HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 193.135.10.219

Response

HTTP/1.1 302 Found

Date: Thu, 18 Apr 2024 11:45:21 GMT
Server: Apache
Location: https://electroncash.detor/server/fp/fc4d03403ecd90463198b9f2f81e0b37ed7afe1d
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1
DNS

electroncash.detor

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

8.8.8.8:53

Request

electroncash.detor

IN A

Response
DNS

219.10.135.193.in-addr.arpa

Remote address:

8.8.8.8:53

Request

219.10.135.193.in-addr.arpa

IN PTR

Response

219.10.135.193.in-addr.arpa

IN PTR

electroncashde
DNS

10.177.154.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.177.154.23.in-addr.arpa

IN PTR

Response
GET

http://160.251.204.200/tor/server/fp/9eac61cb4ef446a00c5a0f8d2c1805d27add85f1

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

160.251.204.200:80

Request

GET /tor/server/fp/9eac61cb4ef446a00c5a0f8d2c1805d27add85f1 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 160.251.204.200

Response

HTTP/1.1 302 Moved Temporarily

Server: nginx
Date: Thu, 18 Apr 2024 11:45:44 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: https://160.251.204.200/yunohost/admin
DNS

200.204.251.160.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.204.251.160.in-addr.arpa

IN PTR

Response

200.204.251.160.in-addr.arpa

IN PTR

vladnablol
GET

http://78.54.113.79/tor/server/fp/85a7e12388e12ccc881cc2cdd78a9370fcb01a0d

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

78.54.113.79:80

Request

GET /tor/server/fp/85a7e12388e12ccc881cc2cdd78a9370fcb01a0d HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 78.54.113.79

Response

HTTP/1.1 301 Moved Permanently

Location: https://78.54.113.79/tor/server/fp/85a7e12388e12ccc881cc2cdd78a9370fcb01a0d
Date: Thu, 18 Apr 2024 11:45:46 GMT
Content-Length: 17
Content-Type: text/plain; charset=utf-8
GET

http://185.243.218.89/tor/server/fp/85a7e12388e12ccc881cc2cdd78a9370fcb01a0d

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

185.243.218.89:80

Request

GET /tor/server/fp/85a7e12388e12ccc881cc2cdd78a9370fcb01a0d HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 185.243.218.89

Response

HTTP/1.1 404 Not Found

Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 18 Apr 2024 11:45:46 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
DNS

216.80.220.158.in-addr.arpa

Remote address:

8.8.8.8:53

Request

216.80.220.158.in-addr.arpa

IN PTR

Response

216.80.220.158.in-addr.arpa

IN PTR

readme-tor-exit-routerquidoorg
DNS

79.113.54.78.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.113.54.78.in-addr.arpa

IN PTR

Response

79.113.54.78.in-addr.arpa

IN PTR

dynamic-078-054-113-0797854pool telefonicade
DNS

79.113.54.78.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.113.54.78.in-addr.arpa

IN PTR

Response

79.113.54.78.in-addr.arpa

IN PTR

dynamic-078-054-113-0797854pool telefonicade
DNS

89.218.243.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

89.218.243.185.in-addr.arpa

IN PTR

Response

89.218.243.185.in-addr.arpa

IN PTR

tor-exit1-terrahost07tuxliorg
DNS

155.134.105.193.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.134.105.193.in-addr.arpa

IN PTR

Response
DNS

155.134.105.193.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.134.105.193.in-addr.arpa

IN PTR

Response
GET

http://64.4.175.33/tor/server/fp/8bcc134ca1ea40bd8236b8493cf8d9c20e03cf2d

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

64.4.175.33:80

Request

GET /tor/server/fp/8bcc134ca1ea40bd8236b8493cf8d9c20e03cf2d HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 64.4.175.33

Response

HTTP/1.1 404 Not Found

Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 18 Apr 2024 11:45:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
GET

http://98.128.175.41/tor/server/fp/ecd07a8b5ff36c1a6a736822f42b38d772a98190

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

98.128.175.41:80

Request

GET /tor/server/fp/ecd07a8b5ff36c1a6a736822f42b38d772a98190 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 98.128.175.41

Response

HTTP/1.1 301 Moved Permanently

Location: https://98.128.175.41/tor/server/fp/ecd07a8b5ff36c1a6a736822f42b38d772a98190
Date: Thu, 18 Apr 2024 11:45:48 GMT
Content-Length: 17
Content-Type: text/plain; charset=utf-8
DNS

33.175.4.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.175.4.64.in-addr.arpa

IN PTR

Response

33.175.4.64.in-addr.arpa

IN PTR

torkpfanet
DNS

112.42.27.37.in-addr.arpa

Remote address:

8.8.8.8:53

Request

112.42.27.37.in-addr.arpa

IN PTR

Response

112.42.27.37.in-addr.arpa

IN PTR

static112422737clientsyour-serverde
DNS

112.42.27.37.in-addr.arpa

Remote address:

8.8.8.8:53

Request

112.42.27.37.in-addr.arpa

IN PTR

Response

112.42.27.37.in-addr.arpa

IN PTR

static112422737clientsyour-serverde
DNS

41.175.128.98.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.175.128.98.in-addr.arpa

IN PTR

Response

41.175.128.98.in-addr.arpa

IN PTR

h-98-128-175-41A785privbahnhofse
DNS

41.175.128.98.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.175.128.98.in-addr.arpa

IN PTR

Response

41.175.128.98.in-addr.arpa

IN PTR

h-98-128-175-41A785privbahnhofse
DNS

34.218.0.81.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.218.0.81.in-addr.arpa

IN PTR

Response

34.218.0.81.in-addr.arpa

IN PTR

tor-exit-router-proxy-read-mequidoorg
DNS

34.218.0.81.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.218.0.81.in-addr.arpa

IN PTR

Response

34.218.0.81.in-addr.arpa

IN PTR

tor-exit-router-proxy-read-mequidoorg
GET

http://185.130.47.58/tor/server/fp/69042d0dc33bd810bd08adadbc7e95a3cabaef64

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

Remote address:

185.130.47.58:80

Request

GET /tor/server/fp/69042d0dc33bd810bd08adadbc7e95a3cabaef64 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Host: 185.130.47.58

Response

HTTP/1.1 200 OK

Content-Type: text/plain
Date: Thu, 18 Apr 2024 11:46:55 GMT
Expires: Sat, 20 Apr 2024 11:46:55 GMT
Server: Caddy
Transfer-Encoding: chunked
DNS

239.233.210.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

239.233.210.192.in-addr.arpa

IN PTR

Response

239.233.210.192.in-addr.arpa

IN PTR

tor02mtaknl
DNS

58.47.130.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.47.130.185.in-addr.arpa

IN PTR

Response

58.47.130.185.in-addr.arpa

IN PTR

tor-exit-nl1privexcc
DNS

58.47.130.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.47.130.185.in-addr.arpa

IN PTR

Response

58.47.130.185.in-addr.arpa

IN PTR

tor-exit-nl1privexcc
DNS

206.107.32.194.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.107.32.194.in-addr.arpa

IN PTR

Response

206.107.32.194.in-addr.arpa

IN PTR

torexitjstark1809n0n0n0org

52.109.76.243:443

https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

tls, http

WINWORD.EXE

1.7kB
7.7kB
11
10

HTTP Request

POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

HTTP Response

200
128.31.0.39:9131

http://128.31.0.39:9131/tor/status-vote/current/consensus

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

116.8kB
3.3MB
2367
2365

HTTP Request

GET http://128.31.0.39:9131/tor/status-vote/current/consensus

HTTP Response

200
45.88.223.151:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.2kB
11
12
23.62.61.162:443

https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

tls, http

WINWORD.EXE

1.2kB
5.9kB
8
8

HTTP Request

GET https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

tls, http

WINWORD.EXE

41.3kB
1.0MB
630
755

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

tls, http

WINWORD.EXE

34.4kB
1.2MB
604
844

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

tls, http

WINWORD.EXE

9.8kB
293.4kB
158
220

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

tls, http

WINWORD.EXE

97.6kB
3.6MB
1756
2568

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

tls, http

WINWORD.EXE

17.1kB
610.3kB
304
450

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

tls, http

WINWORD.EXE

39.0kB
1.9MB
764
1346

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

tls, http

WINWORD.EXE

1.8kB
37.8kB
22
32

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

tls, http

WINWORD.EXE

24.5kB
1.1MB
468
829

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

tls, http

WINWORD.EXE

1.7kB
37.5kB
21
32

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

tls, http

WINWORD.EXE

6.7kB
268.4kB
117
201

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

tls, http

WINWORD.EXE

1.6kB
34.8kB
19
30

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

tls, http

WINWORD.EXE

115.7kB
2.7MB
1703
1938

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

tls, http

WINWORD.EXE

2.2kB
38.9kB
27
33

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

tls, http

WINWORD.EXE

147.4kB
3.5MB
2153
2508

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

tls, http

WINWORD.EXE

1.9kB
41.7kB
24
35

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

tls, http

WINWORD.EXE

6.5kB
322.2kB
125
239

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

tls, http

WINWORD.EXE

4.0kB
82.3kB
50
66

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

tls, http

WINWORD.EXE

23.6kB
751.6kB
395
550

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

tls, http

WINWORD.EXE

27.6kB
749.1kB
458
549

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

tls, http

WINWORD.EXE

37.4kB
1.4MB
676
997

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

tls, http

WINWORD.EXE

8.8kB
307.5kB
154
230

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

tls, http

WINWORD.EXE

58.5kB
2.0MB
1031
1433

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

tls, http

WINWORD.EXE

25.4kB
691.2kB
430
507

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

tls, http

WINWORD.EXE

1.5kB
26.2kB
16
24

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

tls, http

WINWORD.EXE

1.5kB
29.4kB
16
26

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

tls, http

WINWORD.EXE

1.5kB
27.5kB
16
25

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

tls, http

WINWORD.EXE

1.5kB
26.8kB
16
25

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

tls, http

WINWORD.EXE

1.5kB
25.6kB
15
24

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

tls, http

WINWORD.EXE

1.6kB
24.3kB
15
23

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

tls, http

WINWORD.EXE

1.6kB
23.6kB
15
22

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

tls, http

WINWORD.EXE

1.5kB
20.9kB
14
20

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

tls, http

WINWORD.EXE

1.6kB
24.0kB
15
22

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

tls, http

WINWORD.EXE

8.4kB
305.9kB
140
224

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

tls, http

WINWORD.EXE

1.6kB
23.0kB
15
22

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

tls, http

WINWORD.EXE

9.5kB
286.4kB
157
211

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

tls, http

WINWORD.EXE

9.2kB
281.0kB
152
210

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

HTTP Response

200
95.100.202.48:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

tls, http

WINWORD.EXE

104.9kB
2.7MB
1690
1928

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

HTTP Response

200
67.205.180.87:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3
23.88.44.26:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
120 B
3
3
185.177.229.20:80

http://185.177.229.20/tor/server/fp/61a8aa477e06ba07445265f06be68cd51aceda7d

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

449 B
219 B
6
5

HTTP Request

GET http://185.177.229.20/tor/server/fp/61a8aa477e06ba07445265f06be68cd51aceda7d
77.221.159.184:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.1kB
11
10
45.9.168.191:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
120 B
3
3
198.255.21.2:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3
185.246.188.114:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3
185.8.165.248:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.0kB
10
9
37.187.147.119:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
120 B
3
3
158.220.80.216:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
120 B
3
3
65.49.20.11:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
120 B
3
3
104.219.236.100:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

2.0kB
4.1kB
12
11
2.58.95.38:80

http://2.58.95.38/tor/server/fp/b882ecd090c8128746e9012756424ced20759f76

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

583 B
4.0kB
9
7

HTTP Request

GET http://2.58.95.38/tor/server/fp/b882ecd090c8128746e9012756424ced20759f76

HTTP Response

200
91.143.88.62:443

tls

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

381 B
172 B
5
4
91.194.160.96:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.1kB
11
10
104.36.85.255:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
120 B
3
3
163.172.211.128:80

http://163.172.211.128/tor/server/fp/2ca3206e63f347dc136710b4a2ecefd9b8f7ffc1

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

496 B
2.9kB
7
6

HTTP Request

GET http://163.172.211.128/tor/server/fp/2ca3206e63f347dc136710b4a2ecefd9b8f7ffc1

HTTP Response

200
193.189.100.202:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.0kB
10
9
85.195.244.251:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3
23.111.143.202:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3
151.45.5.118:80

http://151.45.5.118/tor/server/fp/036efd2e61dea3d2fee59861ba4245e4de864112

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

677 B
368 B
11
3

HTTP Request

GET http://151.45.5.118/tor/server/fp/036efd2e61dea3d2fee59861ba4245e4de864112

HTTP Response

301
151.45.5.118:443

tls

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

428 B
1.4kB
6
4
135.135.199.41:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.0kB
10
9
206.75.30.189:80

http://206.75.30.189/tor/server/fp/f54b42aedd880627fa4746bdbbc1c2500a85227f

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

494 B
2.7kB
7
6

HTTP Request

GET http://206.75.30.189/tor/server/fp/f54b42aedd880627fa4746bdbbc1c2500a85227f

HTTP Response

200
91.208.206.56:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.1kB
11
12
188.63.254.7:80

http://188.63.254.7/tor/server/fp/e21336a5d5b02839c63e1f68dc1ce03b067bacc8

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

355 B
92 B
4
2

HTTP Request

GET http://188.63.254.7/tor/server/fp/e21336a5d5b02839c63e1f68dc1ce03b067bacc8
62.169.21.101:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
120 B
3
3
89.58.26.216:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
120 B
3
3
193.122.142.28:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.0kB
10
9
204.8.96.182:80

http://204.8.96.182/tor/server/fp/104944b9596f8d0340790442ec75ebf368375a1f

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

493 B
2.8kB
7
6

HTTP Request

GET http://204.8.96.182/tor/server/fp/104944b9596f8d0340790442ec75ebf368375a1f

HTTP Response

200
94.143.137.213:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.0kB
10
9
177.104.76.97:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3
178.203.122.107:80

http://178.203.122.107/tor/server/fp/ce4c88b2ca700655ac0cc98f093973ea86caee4d

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

450 B
427 B
6
5

HTTP Request

GET http://178.203.122.107/tor/server/fp/ce4c88b2ca700655ac0cc98f093973ea86caee4d

HTTP Response

308
178.203.122.107:443

tls

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

428 B
219 B
6
5
178.203.122.107:443

tls

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

380 B
219 B
6
5
178.203.122.107:443

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

190 B
92 B
4
2
94.16.121.91:80

http://94.16.121.91/tor/server/fp/ce4c88b2ca700655ac0cc98f093973ea86caee4d

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

447 B
687 B
6
5

HTTP Request

GET http://94.16.121.91/tor/server/fp/ce4c88b2ca700655ac0cc98f093973ea86caee4d

HTTP Response

404
109.107.35.154:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.1kB
11
10
212.227.119.130:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3
23.92.19.230:80

http://23.92.19.230/tor/server/fp/21b55072c00f4522857655fbb0f3e25d75a5357b

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

447 B
647 B
6
5

HTTP Request

GET http://23.92.19.230/tor/server/fp/21b55072c00f4522857655fbb0f3e25d75a5357b

HTTP Response

404
89.33.85.21:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.0kB
10
9
104.248.18.193:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
120 B
3
3
185.241.208.115:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3
162.192.36.227:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3
164.92.72.234:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.0kB
10
9
67.213.221.16:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3
195.122.181.242:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3
5.9.156.17:80

http://5.9.156.17/tor/server/fp/b4e7c2aec78452939a3eebd9328a54c273dc4619

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

491 B
2.7kB
7
6

HTTP Request

GET http://5.9.156.17/tor/server/fp/b4e7c2aec78452939a3eebd9328a54c273dc4619

HTTP Response

200
86.86.126.113:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.1kB
11
10
185.220.101.67:80

http://185.220.101.67/tor/server/fp/fc83153ea2ff3807029506a4b30a27d953dd98d4

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

495 B
2.8kB
7
6

HTTP Request

GET http://185.220.101.67/tor/server/fp/fc83153ea2ff3807029506a4b30a27d953dd98d4

HTTP Response

200
87.236.195.203:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.1kB
10
11
185.220.101.202:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
120 B
3
3
79.124.7.11:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3
152.89.244.111:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
120 B
3
3
88.90.224.14:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.1kB
11
10
45.80.158.205:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3
45.145.41.146:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
120 B
3
3
193.135.10.219:80

http://193.135.10.219/tor/server/fp/fc4d03403ecd90463198b9f2f81e0b37ed7afe1d

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

725 B
663 B
12
4

HTTP Request

GET http://193.135.10.219/tor/server/fp/fc4d03403ecd90463198b9f2f81e0b37ed7afe1d

HTTP Response

302
23.154.177.10:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.0kB
10
9
5.34.176.183:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3
67.205.139.175:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
120 B
3
3
160.251.204.200:80

http://160.251.204.200/tor/server/fp/9eac61cb4ef446a00c5a0f8d2c1805d27add85f1

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

450 B
556 B
6
5

HTTP Request

GET http://160.251.204.200/tor/server/fp/9eac61cb4ef446a00c5a0f8d2c1805d27add85f1

HTTP Response

302
160.251.204.200:443

tls

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

428 B
219 B
6
5
160.251.204.200:443

tls

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

380 B
219 B
6
5
160.251.204.200:443

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

190 B
92 B
4
2
158.220.80.216:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.1kB
11
11
78.54.113.79:80

http://78.54.113.79/tor/server/fp/85a7e12388e12ccc881cc2cdd78a9370fcb01a0d

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

447 B
408 B
6
4

HTTP Request

GET http://78.54.113.79/tor/server/fp/85a7e12388e12ccc881cc2cdd78a9370fcb01a0d

HTTP Response

301
78.54.113.79:443

tls

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

428 B
1.4kB
6
4
185.243.218.89:80

http://185.243.218.89/tor/server/fp/85a7e12388e12ccc881cc2cdd78a9370fcb01a0d

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

449 B
538 B
6
5

HTTP Request

GET http://185.243.218.89/tor/server/fp/85a7e12388e12ccc881cc2cdd78a9370fcb01a0d

HTTP Response

404
193.105.134.155:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.1kB
11
10
188.165.26.13:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
120 B
3
3
64.4.175.33:80

http://64.4.175.33/tor/server/fp/8bcc134ca1ea40bd8236b8493cf8d9c20e03cf2d

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

446 B
538 B
6
5

HTTP Request

GET http://64.4.175.33/tor/server/fp/8bcc134ca1ea40bd8236b8493cf8d9c20e03cf2d

HTTP Response

404
37.27.42.112:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.0kB
10
9
98.128.175.41:80

http://98.128.175.41/tor/server/fp/ecd07a8b5ff36c1a6a736822f42b38d772a98190

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

448 B
409 B
6
4

HTTP Request

GET http://98.128.175.41/tor/server/fp/ecd07a8b5ff36c1a6a736822f42b38d772a98190

HTTP Response

301
98.128.175.41:443

tls

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

428 B
1.4kB
6
4
85.119.82.131:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
120 B
3
3
193.187.91.79:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3
81.0.218.34:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.0kB
10
9
185.5.233.141:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
120 B
3
3
62.210.125.130:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3
209.141.39.104:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3
192.210.233.239:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.9kB
4.0kB
10
9
185.130.47.58:80

http://185.130.47.58/tor/server/fp/69042d0dc33bd810bd08adadbc7e95a3cabaef64

http

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

908 B
3.3kB
16
14

HTTP Request

GET http://185.130.47.58/tor/server/fp/69042d0dc33bd810bd08adadbc7e95a3cabaef64

HTTP Response

200
194.32.107.206:443

tls, https

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

1.3kB
3.5kB
9
8
91.219.236.77:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3
188.40.254.246:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3
45.141.215.90:80

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

156 B
3

8.8.8.8:53

roaming.officeapps.live.com

dns

WINWORD.EXE

73 B
248 B
1
1

DNS Request

roaming.officeapps.live.com

DNS Response

52.109.76.243
8.8.8.8:53

97.32.109.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.32.109.52.in-addr.arpa
8.8.8.8:53

243.76.109.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

243.76.109.52.in-addr.arpa
8.8.8.8:53

82.90.14.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

82.90.14.23.in-addr.arpa
8.8.8.8:53

64.159.190.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

64.159.190.20.in-addr.arpa

DNS Request

64.159.190.20.in-addr.arpa
8.8.8.8:53

6.173.189.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

6.173.189.20.in-addr.arpa
8.8.8.8:53

39.0.31.128.in-addr.arpa

dns

70 B
106 B
1
1

DNS Request

39.0.31.128.in-addr.arpa
8.8.8.8:53

metadata.templates.cdn.office.net

dns

WINWORD.EXE

79 B
231 B
1
1

DNS Request

metadata.templates.cdn.office.net

DNS Response

23.62.61.162

23.62.61.184
8.8.8.8:53

binaries.templates.cdn.office.net

dns

WINWORD.EXE

79 B
202 B
1
1

DNS Request

binaries.templates.cdn.office.net

DNS Response

95.100.202.48

95.100.202.8
8.8.8.8:53

151.223.88.45.in-addr.arpa

dns

72 B
115 B
1
1

DNS Request

151.223.88.45.in-addr.arpa
8.8.8.8:53

162.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

162.61.62.23.in-addr.arpa
8.8.8.8:53

48.202.100.95.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

48.202.100.95.in-addr.arpa
8.8.8.8:53

20.229.177.185.in-addr.arpa

dns

73 B
120 B
1
1

DNS Request

20.229.177.185.in-addr.arpa
8.8.8.8:53

184.159.221.77.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

184.159.221.77.in-addr.arpa
8.8.8.8:53

0.204.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.204.248.87.in-addr.arpa
8.8.8.8:53

248.165.8.185.in-addr.arpa

dns

72 B
99 B
1
1

DNS Request

248.165.8.185.in-addr.arpa
8.8.8.8:53

100.236.219.104.in-addr.arpa

dns

74 B
125 B
1
1

DNS Request

100.236.219.104.in-addr.arpa
8.8.8.8:53

38.95.58.2.in-addr.arpa

dns

69 B
103 B
1
1

DNS Request

38.95.58.2.in-addr.arpa
8.8.8.8:53

62.88.143.91.in-addr.arpa

dns

71 B
105 B
1
1

DNS Request

62.88.143.91.in-addr.arpa
8.8.8.8:53

96.160.194.91.in-addr.arpa

dns

72 B
122 B
1
1

DNS Request

96.160.194.91.in-addr.arpa
8.8.8.8:53

128.211.172.163.in-addr.arpa

dns

74 B
110 B
1
1

DNS Request

128.211.172.163.in-addr.arpa
8.8.8.8:53

202.100.189.193.in-addr.arpa

dns

74 B
98 B
1
1

DNS Request

202.100.189.193.in-addr.arpa
8.8.8.8:53

90.65.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

90.65.42.20.in-addr.arpa
8.8.8.8:53

118.5.45.151.in-addr.arpa

dns

71 B
114 B
1
1

DNS Request

118.5.45.151.in-addr.arpa
8.8.8.8:53

41.199.135.135.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

41.199.135.135.in-addr.arpa
8.8.8.8:53

189.30.75.206.in-addr.arpa

dns

72 B
117 B
1
1

DNS Request

189.30.75.206.in-addr.arpa
8.8.8.8:53

56.206.208.91.in-addr.arpa

dns

72 B
97 B
1
1

DNS Request

56.206.208.91.in-addr.arpa
8.8.8.8:53

7.254.63.188.in-addr.arpa

dns

71 B
132 B
1
1

DNS Request

7.254.63.188.in-addr.arpa
8.8.8.8:53

28.142.122.193.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

28.142.122.193.in-addr.arpa
8.8.8.8:53

182.96.8.204.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

182.96.8.204.in-addr.arpa
8.8.8.8:53

213.137.143.94.in-addr.arpa

dns

73 B
138 B
1
1

DNS Request

213.137.143.94.in-addr.arpa
8.8.8.8:53

107.122.203.178.in-addr.arpa

dns

74 B
132 B
1
1

DNS Request

107.122.203.178.in-addr.arpa
8.8.8.8:53

91.121.16.94.in-addr.arpa

dns

71 B
121 B
1
1

DNS Request

91.121.16.94.in-addr.arpa
8.8.8.8:53

154.35.107.109.in-addr.arpa

dns

73 B
123 B
1
1

DNS Request

154.35.107.109.in-addr.arpa
8.8.8.8:53

230.19.92.23.in-addr.arpa

dns

71 B
95 B
1
1

DNS Request

230.19.92.23.in-addr.arpa
8.8.8.8:53

21.85.33.89.in-addr.arpa

dns

70 B
109 B
1
1

DNS Request

21.85.33.89.in-addr.arpa
8.8.8.8:53

234.72.92.164.in-addr.arpa

dns

72 B
139 B
1
1

DNS Request

234.72.92.164.in-addr.arpa
8.8.8.8:53

17.156.9.5.in-addr.arpa

dns

69 B
123 B
1
1

DNS Request

17.156.9.5.in-addr.arpa
8.8.8.8:53

113.126.86.86.in-addr.arpa

dns

72 B
113 B
1
1

DNS Request

113.126.86.86.in-addr.arpa
8.8.8.8:53

67.101.220.185.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

67.101.220.185.in-addr.arpa
8.8.8.8:53

203.195.236.87.in-addr.arpa

dns

146 B
256 B
2
2

DNS Request

203.195.236.87.in-addr.arpa

DNS Request

203.195.236.87.in-addr.arpa
8.8.8.8:53

14.224.90.88.in-addr.arpa

dns

142 B
226 B
2
2

DNS Request

14.224.90.88.in-addr.arpa

DNS Request

14.224.90.88.in-addr.arpa
8.8.8.8:53

electroncash.detor

dns

0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.exe

64 B
139 B
1
1

DNS Request

electroncash.detor
8.8.8.8:53

219.10.135.193.in-addr.arpa

dns

73 B
102 B
1
1

DNS Request

219.10.135.193.in-addr.arpa
8.8.8.8:53

10.177.154.23.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

10.177.154.23.in-addr.arpa
8.8.8.8:53

200.204.251.160.in-addr.arpa

dns

74 B
99 B
1
1

DNS Request

200.204.251.160.in-addr.arpa
8.8.8.8:53

216.80.220.158.in-addr.arpa

dns

73 B
119 B
1
1

DNS Request

216.80.220.158.in-addr.arpa
8.8.8.8:53

79.113.54.78.in-addr.arpa

dns

142 B
266 B
2
2

DNS Request

79.113.54.78.in-addr.arpa

DNS Request

79.113.54.78.in-addr.arpa
8.8.8.8:53

89.218.243.185.in-addr.arpa

dns

73 B
118 B
1
1

DNS Request

89.218.243.185.in-addr.arpa
8.8.8.8:53

155.134.105.193.in-addr.arpa

dns

148 B
272 B
2
2

DNS Request

155.134.105.193.in-addr.arpa

DNS Request

155.134.105.193.in-addr.arpa
8.8.8.8:53

33.175.4.64.in-addr.arpa

dns

70 B
96 B
1
1

DNS Request

33.175.4.64.in-addr.arpa
8.8.8.8:53

112.42.27.37.in-addr.arpa

dns

142 B
254 B
2
2

DNS Request

112.42.27.37.in-addr.arpa

DNS Request

112.42.27.37.in-addr.arpa
8.8.8.8:53

41.175.128.98.in-addr.arpa

dns

144 B
244 B
2
2

DNS Request

41.175.128.98.in-addr.arpa

DNS Request

41.175.128.98.in-addr.arpa
8.8.8.8:53

34.218.0.81.in-addr.arpa

dns

140 B
246 B
2
2

DNS Request

34.218.0.81.in-addr.arpa

DNS Request

34.218.0.81.in-addr.arpa
8.8.8.8:53

239.233.210.192.in-addr.arpa

dns

74 B
101 B
1
1

DNS Request

239.233.210.192.in-addr.arpa
8.8.8.8:53

58.47.130.185.in-addr.arpa

dns

144 B
216 B
2
2

DNS Request

58.47.130.185.in-addr.arpa

DNS Request

58.47.130.185.in-addr.arpa
8.8.8.8:53

206.107.32.194.in-addr.arpa

dns

73 B
116 B
1
1

DNS Request

206.107.32.194.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Proxy

T1090

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\_DECRYPT_INFO_iibibi.html

Filesize
12KB

MD5
205b6063e85735866f598043b42c326e

SHA1
0a24beb75433ea88614adeb446c1cdacf1ee4e26

SHA256
325466cec0636c916308c634b07db075c3e3c955179d3fbe7e83a17a8bef582f

SHA512
c8e3d5b5cf2ac7d2adc7e4aca2568b9553e858c7e7cedede985a416aa468941796f11291f0c80a9740b4e2b0b955a032889500983a5784ee3fe242ee50a43d7b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2530b1b3-a819-42e3-833f-8cc1275b3993}\0.1.filtertrie.intermediate.txt.iibibi

Filesize
48B

MD5
3a59053d9da94fa3b482ab9c90b7645e

SHA1
82362ce17c35abc7809120c6b7dfbc927ebe791d

SHA256
975d83d25d1304431d80ff574ce84f3dfa7d2a7da49c38e04630d38091b18daa

SHA512
3147726a6381b1e0631160106b24ca0843d885a8b8f36ccd9eaa4d8685bca836ce748be9d02ea7ed91b20fda6512e166e2952bd4ce888d399779ffda77eb907d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2530b1b3-a819-42e3-833f-8cc1275b3993}\0.2.filtertrie.intermediate.txt.iibibi

Filesize
48B

MD5
8fbae4826b6b79845b56bb6fd197f6c4

SHA1
978426b7bcbd1359dc5b0c5d7576566135c8ca71

SHA256
24a910295af5043f8913089e4e3274477d2b04fa9aa236d338331d7c1f8a5b7a

SHA512
a0c0f4981b6707899d91e325a77476c009066029bf0b77a3a2da7e3db045cdf9461fb9e58cb5a4da81338902ebfac3265adee639ec86b7e112741cbbfe2505f5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{b2b93620-3dc4-41a5-b7a7-74475e011916}\_DECRYPT_INFO_iibibi.html

Filesize
12KB

MD5
b3c26a21f5796e215611d9c7faba9fd8

SHA1
8004b5c5eba1a8915ab65b4cc56fa603de50f482

SHA256
1e2e204af95ca3039c3b8b422fc5cd814d5ab86058982e5e7b991ea58c08c300

SHA512
99aaa490f372b7aa48b5a6a2b49c0d03ecf3cbd6a0666e27e8107912dba6114dc3f3834c1e73422414851904f458f17cd185f3c20bf75d143fed3f3a16ce8e77

Download Submit
C:\Users\Admin\AppData\Local\Temp\0145f04a8356780d52774ce5f7dd0a02f6d5b321694ed805ce3e27bdf04d3c94.rtf

Filesize
4KB

MD5
2d5020c82de674b48cfd17cc20fcbba2

SHA1
4e317eaeebd839ee5f6eb3925a9fbee819c5349c

SHA256
120becd55248f4a2ccbbc99ba9d3c2932223264a95cd72e9ae7568be61277e9a

SHA512
ffbbdda009237d6825f6cd6f751a41f4f9d716186901ffdbeed56c2d1410245771decd07f591cf56cafdd4bbebd4e4c74f009ff15736d5321635e34ff17d0d8d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851223[[fn=iso690]].xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\Desktop\backup_iibibi\_DECRYPT_INFO_iibibi.html

Filesize
12KB

MD5
98054a7d4b1e6f371f497c7dda2c06a5

SHA1
8f7fe3c01f5fad44a3d01bc2f81a936ff9726b3b

SHA256
b32385a49f14a83f3e841cb7a3e7a4f438a90bc7266528b4f02861431eb0e7fb

SHA512
f2106d0057b0422b072194f4844af9567cf12680fd7649c54b50a0be1bf92f8fb7d1beee8ac0d65a1413dc4e94bd611807285122f625cc5b166a0daa00d224e4

Download Submit
memory/240-31-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-37-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-25-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-816-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-817-0x00007FF977200000-0x00007FF9772AE000-memory.dmp

Filesize
696KB

Download
memory/240-814-0x00007FF937C60000-0x00007FF937C70000-memory.dmp

Filesize
64KB

Download
memory/240-815-0x00007FF977200000-0x00007FF9772AE000-memory.dmp

Filesize
696KB

Download
memory/240-813-0x00007FF937C60000-0x00007FF937C70000-memory.dmp

Filesize
64KB

Download
memory/240-27-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-28-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-29-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-30-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-239-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-34-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-35-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-36-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-38-0x00007FF934960000-0x00007FF934970000-memory.dmp

Filesize
64KB

Download
memory/240-26-0x00007FF937C60000-0x00007FF937C70000-memory.dmp

Filesize
64KB

Download
memory/240-39-0x00007FF977200000-0x00007FF9772AE000-memory.dmp

Filesize
696KB

Download
memory/240-40-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-41-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-43-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-42-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-44-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-45-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-812-0x00007FF937C60000-0x00007FF937C70000-memory.dmp

Filesize
64KB

Download
memory/240-811-0x00007FF937C60000-0x00007FF937C70000-memory.dmp

Filesize
64KB

Download
memory/240-611-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-601-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-24-0x00007FF937C60000-0x00007FF937C70000-memory.dmp

Filesize
64KB

Download
memory/240-241-0x00007FF977BD0000-0x00007FF977DAB000-memory.dmp

Filesize
1.9MB

Download
memory/240-46-0x00007FF977200000-0x00007FF9772AE000-memory.dmp

Filesize
696KB

Download
memory/240-48-0x00007FF934960000-0x00007FF934970000-memory.dmp

Filesize
64KB

Download
memory/240-23-0x00007FF937C60000-0x00007FF937C70000-memory.dmp

Filesize
64KB

Download
memory/240-22-0x00007FF937C60000-0x00007FF937C70000-memory.dmp

Filesize
64KB

Download
memory/1592-207-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/1592-223-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1592-222-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1592-224-0x0000000003990000-0x0000000003998000-memory.dmp

Filesize
32KB

Download
memory/1592-228-0x0000000003990000-0x0000000003998000-memory.dmp

Filesize
32KB

Download
memory/1592-227-0x0000000003990000-0x0000000003998000-memory.dmp

Filesize
32KB

Download
memory/1592-229-0x00000000039A0000-0x00000000039C8000-memory.dmp

Filesize
160KB

Download
memory/1592-231-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/1592-232-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1592-234-0x00000000039A0000-0x00000000039C8000-memory.dmp

Filesize
160KB

Download
memory/1592-235-0x00000000039A0000-0x00000000039C8000-memory.dmp

Filesize
160KB

Download
memory/1592-236-0x00000000039A0000-0x00000000039C8000-memory.dmp

Filesize
160KB

Download
memory/1592-238-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/1592-219-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1592-47-0x0000000002F10000-0x0000000002F11000-memory.dmp

Filesize
4KB

Download
memory/1592-16-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/1592-15-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/1592-14-0x0000000002F10000-0x0000000002F11000-memory.dmp

Filesize
4KB

Download
memory/1592-624-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1592-722-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1592-724-0x00000000039A0000-0x00000000039C8000-memory.dmp

Filesize
160KB

Download
memory/1592-736-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1592-738-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1592-740-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1592-743-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1592-12-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/1592-11-0x0000000002F10000-0x0000000002F11000-memory.dmp

Filesize
4KB

Download
memory/1592-10-0x0000000002F10000-0x0000000002F11000-memory.dmp

Filesize
4KB

Download
memory/1592-9-0x0000000002F10000-0x0000000002F11000-memory.dmp

Filesize
4KB

Download
memory/1592-8-0x0000000002F10000-0x0000000002F11000-memory.dmp

Filesize
4KB

Download
memory/1592-7-0x0000000002F10000-0x0000000002F11000-memory.dmp

Filesize
4KB

Download
memory/1592-6-0x0000000002F10000-0x0000000002F11000-memory.dmp

Filesize
4KB

Download
memory/1592-822-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1592-824-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1592-830-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1592-832-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1592-5-0x0000000002F10000-0x0000000002F11000-memory.dmp

Filesize
4KB

Download
memory/1592-4-0x0000000002F10000-0x0000000002F11000-memory.dmp

Filesize
4KB

Download
memory/1592-3-0x0000000002F10000-0x0000000002F11000-memory.dmp

Filesize
4KB

Download
memory/1592-2-0x0000000002BF0000-0x0000000002C48000-memory.dmp

Filesize
352KB

Download
memory/1592-0-0x0000000002BF0000-0x0000000002C48000-memory.dmp

Filesize
352KB

Download
memory/1592-1-0x0000000002F10000-0x0000000002F11000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request