aed5ce71d4dff26c4b257c3a309d5dd2a16950b9ea01da7d2d85a64fd26bdcc1

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 17:45 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CAP.doc
Size

14KB
MD5

f6fa447c9b9e34afe8cd17fe1e6cd23c
SHA1

be9b900d0b4d18837903915e00587da4e798b0d8
SHA256

d0de5ea3b65a67e727215d3c92cd26d304ce325cbebe6877e35b0377c07502bb
SHA512

007c22468477141cf7a32a5c92dc7b29a23090d559bd03221a94d8beea0273896794bd37d90ceef015e65ffd8806303e4b2a4b2f4a9feb3b9678207c765e1ef4
SSDEEP

96:CiIpA9NFNHxD4kMirjBCW3XuDcEYrP9tKviXTNFNFYH465gIpAY/grooFKpeRQnp:CiIpsp40rjEWnl9E6XfhVIpV5vpNp

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
212	WINWORD.EXE
212	WINWORD.EXE

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
212	WINWORD.EXE
212	WINWORD.EXE
212	WINWORD.EXE
212	WINWORD.EXE
212	WINWORD.EXE
212	WINWORD.EXE
212	WINWORD.EXE
212	WINWORD.EXE
212	WINWORD.EXE
212	WINWORD.EXE
212	WINWORD.EXE
212	WINWORD.EXE
212	WINWORD.EXE
212	WINWORD.EXE
212	WINWORD.EXE
212	WINWORD.EXE
212	WINWORD.EXE
212	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\CAP.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:212

Network

DNS

74.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.32.126.40.in-addr.arpa

IN PTR

Response
DNS

79.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.190.18.2.in-addr.arpa

IN PTR

Response

79.190.18.2.in-addr.arpa

IN PTR

a2-18-190-79deploystaticakamaitechnologiescom
DNS

88.16.208.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.16.208.104.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

31.121.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.121.18.2.in-addr.arpa

IN PTR

Response

31.121.18.2.in-addr.arpa

IN PTR

a2-18-121-31deploystaticakamaitechnologiescom
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

metadata.templates.cdn.office.net

WINWORD.EXE

Remote address:

8.8.8.8:53

Request

metadata.templates.cdn.office.net

IN A

Response

metadata.templates.cdn.office.net

IN CNAME

templatesmetadata.office.net

templatesmetadata.office.net

IN CNAME

templatesmetadata.office.net.edgekey.net

templatesmetadata.office.net.edgekey.net

IN CNAME

e26769.dscb.akamaiedge.net

e26769.dscb.akamaiedge.net

IN A

2.17.196.82

e26769.dscb.akamaiedge.net

IN A

2.17.196.160
GET

https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

WINWORD.EXE

Remote address:

2.17.196.82:443

Request

GET /client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: metadata.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Type: text/xml
Server: Kestrel
Content-Encoding: gzip
Content-Length: 1265
Cache-Control: max-age=223698
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Vary: Accept-Encoding
DNS

binaries.templates.cdn.office.net

WINWORD.EXE

Remote address:

8.8.8.8:53

Request

binaries.templates.cdn.office.net

IN A

Response

binaries.templates.cdn.office.net

IN CNAME

binaries.templates.cdn.office.net.edgesuite.net

binaries.templates.cdn.office.net.edgesuite.net

IN CNAME

a1847.dscg2.akamai.net

a1847.dscg2.akamai.net

IN A

2.18.121.5

a1847.dscg2.akamai.net

IN A

2.18.121.16
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp01840907.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 43653
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 2jOARYFw5gy+pyYC/dDZVQ==
Last-Modified: Fri, 22 Apr 2016 16:08:15 GMT
ETag: 0x8D36AC84F8E1FB0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9b6288ad-601e-003e-1f97-a01d55000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp02851219.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31605
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: ae2zv4HJn+ipS7oDQIxa4Q==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC499B0654A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 262f0f62-801e-013a-1897-a03d9f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp02851220.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31482
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 8Q35ApgPHVvuqWssZoQIpw==
Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
ETag: 0x8D36AC8827914A7
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 83c35697-501e-012a-6197-a0ab37000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp0403392901.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1766185
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: go+WAx9Av468teUqrut+TA==
Last-Modified: Wed, 29 Aug 2018 18:21:39 GMT
ETag: 0x8D60DDC4354B7FB
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d0d6cad7-401e-0109-1e97-a031f4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp02851222.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 28911
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: bXh7HiI9trkbaSOAYsyocg==
Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
ETag: 0x8D36AC49A221679
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 8e1b4e0c-201e-0137-7097-a0d293000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp02851221.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31562
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: HW+Oc6BmKkjTMgkKTIyJjw==
Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
ETag: 0x8D36AC882C4ED43
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 59969ada-701e-00f9-4897-a08908000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp02835233.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 46413
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: xFXEvEvsng2mfE0eU+RtWg==
Last-Modified: Fri, 22 Apr 2016 15:41:34 GMT
ETag: 0x8D36AC4959B7E4C
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 738df3c1-201e-0011-7197-a00f72000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp02851218.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31835
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: kqgZ1DSoquosZfDMLzO7Og==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC4998BC504
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 10c52304-b01e-0014-3b97-a0fb0d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp02851216.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 34816
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: YoYxJM3NoTXswOcieCy4iA==
Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
ETag: 0x8D36AC8813CE0D3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 01a9fe93-e01e-0020-0397-a0f18d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp0403391901.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1097591
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: v5XpZ+fRzsjv5Ca8ASfT3g==
Last-Modified: Wed, 29 Aug 2018 18:16:09 GMT
ETag: 0x8D60DDB7EAA50F0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 1a005d49-f01e-0085-6f97-a0a7f7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp02851223.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 32833
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: IFr1FgTvlu8ejmAhJUH3Qg==
Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
ETag: 0x8D36AC49A4270D3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: cc75bd11-e01e-002e-7897-a0b8ae000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp0403393701.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 3256855
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: iGe99fx1Tanab1ujQTNFlQ==
Last-Modified: Wed, 29 Aug 2018 18:19:43 GMT
ETag: 0x8D60DDBFE4BB50C
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 6efd8084-101e-00b2-7c97-a0755b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp02851224.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 30957
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 08kDbk4RWegysbTS6dQr8A==
Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
ETag: 0x8D36AC49A7FC9DF
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b61ec0df-801e-0035-3b97-a0963c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp02851225.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31008
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 4DPMvHunh6L4JM4JUuV9RA==
Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
ETag: 0x8D36AC883F49D7D
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b3f59ba9-f01e-00aa-4597-a0aa3c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp0403392501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1310275
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: nJ9JpHIiwYAlzCVXUzepZQ==
Last-Modified: Wed, 29 Aug 2018 18:17:15 GMT
ETag: 0x8D60DDBA6587FB6
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d0d6d553-401e-0109-4197-a031f4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp02851227.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31471
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: karb7EFxz6gpK2GEkvXvNA==
Last-Modified: Fri, 22 Apr 2016 15:41:43 GMT
ETag: 0x8D36AC49B376014
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 30578817-d01e-00ae-4c97-a01b04000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp02851217.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 33610
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: UYBOJVxXMXYDn01bVcEqsg==
Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
ETag: 0x8D36AC499632D1A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 0b6ab214-701e-0124-7897-a0e772000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp0309043001.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 307348
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: DrxFqg5nzENdB0VDg3H5SA==
Last-Modified: Wed, 29 Aug 2018 18:20:24 GMT
ETag: 0x8D60DDC169CBCB0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: eccaddc3-901e-0003-7897-a03b6e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp02851226.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 35519
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: U+6dpJ0LhDVwOOzzdoONLg==
Last-Modified: Fri, 22 Apr 2016 15:41:43 GMT
ETag: 0x8D36AC49ACD2925
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c6460140-001e-00a7-5a97-a0018a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp0403392701.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 2527736
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 8laspQm0xsAUTSeMcDawqA==
Last-Modified: Wed, 29 Aug 2018 18:18:44 GMT
ETag: 0x8D60DDBDB33F067
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c64602ac-001e-00a7-3697-a0018a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp0309043402.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 723359
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: dIpTxr3Vzpe9VKdsejNChg==
Last-Modified: Wed, 29 Aug 2018 18:14:28 GMT
ETag: 0x8D60DDB424DEB76
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 738df4f4-201e-0011-0897-a00f72000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp03328884.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22008
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: q78QzulIDkHYEnfpU4+Yyw==
Last-Modified: Fri, 22 Apr 2016 15:41:56 GMT
ETag: 0x8D36AC4A2F6A8CC
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9173c5a2-401e-0023-1497-a057a2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp03328893.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 20235
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 48ZBc7L0qnq3LhOWqVFL2A==
Last-Modified: Fri, 22 Apr 2016 15:41:57 GMT
ETag: 0x8D36AC4A3175138
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b61ec186-801e-0035-5597-a0963c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp03328908.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31083
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: iamBjmZY1zpztkJSL/hwHw==
Last-Modified: Fri, 22 Apr 2016 16:09:46 GMT
ETag: 0x8D36AC8865F4922
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 338537da-c01e-007a-6e97-a0976a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp0345749101.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 261258
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: ZYKNx76Loc5hrXFCJSrMVA==
Last-Modified: Wed, 29 Aug 2018 18:23:58 GMT
ETag: 0x8D60DDC968C4F0E
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: efa60b57-b01e-011d-0697-a0799b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp03328905.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 20457
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: TvpI7DB+ry+bNGoHPGf8+w==
Last-Modified: Fri, 22 Apr 2016 15:41:39 GMT
ETag: 0x8D36AC498BB27EF
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9173c92d-401e-0023-5997-a057a2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp0345747501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 271273
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: IUN4l8m4isLLK7L++SLRkQ==
Last-Modified: Wed, 29 Aug 2018 18:16:49 GMT
ETag: 0x8D60DDB967B9FA5
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: dacba5b7-401e-0105-2397-a08a43000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp03328916.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 26944
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: +RPdhJFXUwQthWzsTl2rpQ==
Last-Modified: Fri, 22 Apr 2016 16:09:47 GMT
ETag: 0x8D36AC886C4C4EE
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b5364943-d01e-0082-2f97-a0cb94000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp0345748501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 2591108
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: vrEqBGTQlsozuupDUs6ADw==
Last-Modified: Wed, 29 Aug 2018 18:18:43 GMT
ETag: 0x8D60DDBDA502B66
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 288124e2-901e-00de-5d97-a09ecc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp03328919.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22149
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: ZsUZnPT7GL1Pnz8sywdABw==
Last-Modified: Fri, 22 Apr 2016 16:09:48 GMT
ETag: 0x8D36AC8871139C3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d704032d-301e-015e-4e97-a09fc7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp03328925.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 25314
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: xH40MK+BPfiwLhy0gp3ZSw==
Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
ETag: 0x8D36AC49952B1C0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 32975b55-c01e-007d-6097-a0a4a1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp03328932.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 20554
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: SGy8siO4cxMv+vS4rQrQRA==
Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
ETag: 0x8D36AC4997221A3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 1d87077a-d01e-0129-4397-a0087e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp03998158.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 42788
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: IaS3txYxwszaX7umN1Hw0g==
Last-Modified: Fri, 22 Apr 2016 15:41:55 GMT
ETag: 0x8D36AC4A24B210A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7b39fde5-701e-00c5-3d97-a04652000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp03328935.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 23597
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: fGRexQWYL+Up0OUDWzeP/A==
Last-Modified: Fri, 22 Apr 2016 16:09:49 GMT
ETag: 0x8D36AC887EFBA2F
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 56e459b1-f01e-010c-2097-a0e32f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:39 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp0345750301.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 640684
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: +TNk7sbE/6V2jeVFosNPBw==
Last-Modified: Wed, 29 Aug 2018 18:15:13 GMT
ETag: 0x8D60DDB5D624CF0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4f79bb1e-701e-004d-0e97-a0fe8b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp03328951.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 19893
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 75y4vfvAjwO+9RmtZrpkLw==
Last-Modified: Fri, 22 Apr 2016 16:09:50 GMT
ETag: 0x8D36AC8888436CF
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 1547287f-a01e-006c-5e97-a061bd000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp03328972.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21111
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 0wrSbbtt7KT90pT0jtrVXQ==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC49A0B8087
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f4fa5e22-701e-00a8-5197-a0ec7c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp03328940.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21791
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: e/iLPKIOtx7UU6M2GQjgEA==
Last-Modified: Fri, 22 Apr 2016 16:09:50 GMT
ETag: 0x8D36AC8883A8134
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a209c057-f01e-003c-3797-a0a3ed000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp1000111403.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 953453
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 1OrACenntkuLABroK4EC+g==
Last-Modified: Thu, 12 Jul 2018 00:20:09 GMT
ETag: 0x8D5E78D3A5A7B12
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5e1cc4d5-701e-010d-6297-a09130000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp03328983.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21875
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 5TIDh2JQP/oTcd8D+i4iLQ==
Last-Modified: Fri, 22 Apr 2016 16:09:52 GMT
ETag: 0x8D36AC88963C8B3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7452dce1-901e-0093-0d97-a05120000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp1000111502.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 230916
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: k/qfd5Ugqy0irE6oZLe7NA==
Last-Modified: Thu, 12 Jul 2018 00:23:53 GMT
ETag: 0x8D5E78DBFB34F04
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 35b879b8-b01e-0140-8097-a0731f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp03328975.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22594
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 7gEpx8waySu8PWyw9lP8rg==
Last-Modified: Fri, 22 Apr 2016 16:09:51 GMT
ETag: 0x8D36AC889183E51
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a209c062-f01e-003c-4097-a0a3ed000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp03328986.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22340
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: iyn6tQb9ZcIcnNb+a7vBRg==
Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
ETag: 0x8D36AC49A9463F7
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a1f8b3eb-201e-001a-5997-a01706000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp03328990.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 19288
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: uab/cVcZ7p3hZCGrmDynRQ==
Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
ETag: 0x8D36AC88A1DF716
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 6d182899-901e-0083-4897-a09448000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp03328998.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21357
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: l/W3t+nhKBmZRopcQssS5w==
Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
ETag: 0x8D36AC88A7F05EE
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 84001e7d-a01e-012e-3e97-a02630000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp0345744402.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 295527
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: mgcDXvgCv4n27SVNDbAqsA==
Last-Modified: Wed, 29 Aug 2018 21:59:16 GMT
ETag: 0x8D60DFAA9CC48C3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 10c523d0-b01e-0014-3797-a0fb0d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp0345746401.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 276650
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: hNjzhI50JMvjgB+VcOBQGA==
Last-Modified: Wed, 29 Aug 2018 18:16:15 GMT
ETag: 0x8D60DDB82865741
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ab9dfb93-301e-007e-3197-a01a6d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp0345749601.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 550906
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: HBIxXIYqdFpkfa1UbrQmfg==
Last-Modified: Wed, 29 Aug 2018 18:20:59 GMT
ETag: 0x8D60DDC2BA71326
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e3823abf-901e-010c-3097-a090cd000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp0345751001.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1065873
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 4RAcym4/7bKLV69MQbUNNw==
Last-Modified: Wed, 29 Aug 2018 18:15:36 GMT
ETag: 0x8D60DDB6B23796A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: bfb3d04f-801e-0017-1797-a0f80a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp0345751501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 222992
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: Jr6rnM6v5Pvwt8A2JoGp0g==
Last-Modified: Wed, 29 Aug 2018 18:20:50 GMT
ETag: 0x8D60DDC26100537
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 0a3abd66-301e-000c-2897-a01d22000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp03998159.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 3417042
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: dJw2FeVMjmh1UYz9hOWhsg==
Last-Modified: Fri, 22 Apr 2016 15:41:56 GMT
ETag: 0x8D36AC4A270AB9B
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7434b495-501e-0073-7097-a048aa000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp0403391701.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 698244
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 4pziZjpWoUROqjcy/7gpQA==
Last-Modified: Wed, 29 Aug 2018 18:15:39 GMT
ETag: 0x8D60DDB6CAEA91D
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d7040358-301e-015e-7797-a09fc7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

WINWORD.EXE

Remote address:

2.18.121.5:443

Request

GET /support/templates/en-us/tp0403392101.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: D07F2E42-B7D1-486C-80E8-AAB195187A5D
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1881952
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: U8X0WyLhM7KNS9O1o1D9vQ==
Last-Modified: Wed, 29 Aug 2018 18:19:46 GMT
ETag: 0x8D60DDC004A49D0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 551600a6-301e-00f8-7197-a0d6d4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 09 May 2024 17:47:40 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
DNS

82.196.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

82.196.17.2.in-addr.arpa

IN PTR

Response

82.196.17.2.in-addr.arpa

IN PTR

a2-17-196-82deploystaticakamaitechnologiescom
DNS

5.121.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.121.18.2.in-addr.arpa

IN PTR

Response

5.121.18.2.in-addr.arpa

IN PTR

a2-18-121-5deploystaticakamaitechnologiescom
DNS

170.117.168.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

170.117.168.52.in-addr.arpa

IN PTR

Response

2.17.196.82:443

https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

tls, http

WINWORD.EXE

1.2kB
5.9kB
7
8

HTTP Request

GET https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

tls, http

WINWORD.EXE

2.4kB
50.1kB
32
41

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

tls, http

WINWORD.EXE

1.8kB
37.6kB
21
32

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

tls, http

WINWORD.EXE

56.1kB
1.9MB
976
1339

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

tls, http

WINWORD.EXE

1.7kB
36.2kB
19
31

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

tls, http

WINWORD.EXE

1.7kB
37.6kB
20
32

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

tls, http

WINWORD.EXE

2.5kB
52.9kB
35
43

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

tls, http

WINWORD.EXE

1.7kB
37.8kB
20
32

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

tls, http

WINWORD.EXE

40.8kB
1.2MB
688
850

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

tls, http

WINWORD.EXE

78.2kB
3.4MB
1519
2445

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

tls, http

WINWORD.EXE

2.5kB
41.1kB
30
34

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

tls, http

WINWORD.EXE

55.8kB
1.4MB
903
1005

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

tls, http

WINWORD.EXE

2.8kB
42.6kB
34
36

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

tls, http

WINWORD.EXE

2.9kB
44.3kB
35
38

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

tls, http

WINWORD.EXE

12.0kB
322.2kB
188
236

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

tls, http

WINWORD.EXE

61.6kB
2.7MB
1181
1908

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

tls, http

WINWORD.EXE

30.5kB
752.5kB
475
544

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

tls, http

WINWORD.EXE

1.8kB
27.7kB
20
24

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

tls, http

WINWORD.EXE

1.9kB
25.9kB
22
24

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

tls, http

WINWORD.EXE

8.8kB
307.4kB
147
227

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

tls, http

WINWORD.EXE

7.0kB
306.7kB
124
226

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

tls, http

WINWORD.EXE

109.2kB
2.7MB
1717
1962

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

tls, http

WINWORD.EXE

1.8kB
29.2kB
20
24

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

tls, http

WINWORD.EXE

2.0kB
32.5kB
23
27

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

tls, http

WINWORD.EXE

2.7kB
71.1kB
32
58

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

tls, http

WINWORD.EXE

26.2kB
694.1kB
395
505

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

tls, http

WINWORD.EXE

1.5kB
25.6kB
16
24

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

tls, http

WINWORD.EXE

1.8kB
26.9kB
19
25

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

tls, http

WINWORD.EXE

39.5kB
1.0MB
642
731

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

tls, http

WINWORD.EXE

10.1kB
269.4kB
145
200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

tls, http

WINWORD.EXE

1.5kB
28.3kB
15
26

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

tls, http

WINWORD.EXE

1.8kB
28.1kB
18
26

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

tls, http

WINWORD.EXE

1.4kB
24.9kB
14
23

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

tls, http

WINWORD.EXE

2.0kB
27.4kB
17
26

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

tls, http

WINWORD.EXE

10.2kB
310.3kB
175
228

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

tls, http

WINWORD.EXE

12.4kB
297.8kB
181
219

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

tls, http

WINWORD.EXE

20.2kB
575.2kB
357
418

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

tls, http

WINWORD.EXE

39.8kB
1.1MB
669
800

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

tls, http

WINWORD.EXE

9.5kB
236.8kB
138
176

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

tls, http

WINWORD.EXE

77.4kB
3.5MB
1502
2543

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

tls, http

WINWORD.EXE

30.0kB
725.7kB
486
528

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

HTTP Response

200
2.18.121.5:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

tls, http

WINWORD.EXE

50.7kB
2.0MB
907
1410

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

HTTP Response

200

8.8.8.8:53

74.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

74.32.126.40.in-addr.arpa
8.8.8.8:53

79.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

79.190.18.2.in-addr.arpa
8.8.8.8:53

88.16.208.104.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

88.16.208.104.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

31.121.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

31.121.18.2.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

metadata.templates.cdn.office.net

dns

WINWORD.EXE

79 B
231 B
1
1

DNS Request

metadata.templates.cdn.office.net

DNS Response

2.17.196.82

2.17.196.160
8.8.8.8:53

binaries.templates.cdn.office.net

dns

WINWORD.EXE

79 B
202 B
1
1

DNS Request

binaries.templates.cdn.office.net

DNS Response

2.18.121.5

2.18.121.16
8.8.8.8:53

82.196.17.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

82.196.17.2.in-addr.arpa
8.8.8.8:53

5.121.18.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

5.121.18.2.in-addr.arpa
8.8.8.8:53

170.117.168.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

170.117.168.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCD5037.tmp\gb.xsl

Filesize
262KB

MD5
51d32ee5bc7ab811041f799652d26e04

SHA1
412193006aa3ef19e0a57e16acf86b830993024a

SHA256
6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

SHA512
5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

Download Submit
memory/212-16-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-33-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-2-0x00007FF95EF90000-0x00007FF95EFA0000-memory.dmp

Filesize
64KB

Download
memory/212-1-0x00007FF95EF90000-0x00007FF95EFA0000-memory.dmp

Filesize
64KB

Download
memory/212-5-0x00007FF99EFAD000-0x00007FF99EFAE000-memory.dmp

Filesize
4KB

Download
memory/212-6-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-7-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-9-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-8-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-11-0x00007FF95C9A0000-0x00007FF95C9B0000-memory.dmp

Filesize
64KB

Download
memory/212-10-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-12-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-13-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-15-0x00007FF95C9A0000-0x00007FF95C9B0000-memory.dmp

Filesize
64KB

Download
memory/212-14-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-0-0x00007FF95EF90000-0x00007FF95EFA0000-memory.dmp

Filesize
64KB

Download
memory/212-3-0x00007FF95EF90000-0x00007FF95EFA0000-memory.dmp

Filesize
64KB

Download
memory/212-34-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-17-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-35-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-36-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-39-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-40-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-47-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-46-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-45-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-49-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-50-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-51-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-53-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-54-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download
memory/212-4-0x00007FF95EF90000-0x00007FF95EFA0000-memory.dmp

Filesize
64KB

Download
memory/212-532-0x00007FF99EF10000-0x00007FF99F105000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request