Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-05-2024 11:00

General

  • Target

    Predstavlenie № 6-51-2024 .docx.exe

  • Size

    11.3MB

  • MD5

    45ae0c08a1fb98fe77e4cd127b79ef7d

  • SHA1

    12c7847fc2567ee9e6c0010f5c311753c017fa48

  • SHA256

    bb8165b8f60818061d12cac775d8d41436b16c9b40e01071fca7fb96f6ef435e

  • SHA512

    21cc13630fc1fe3bea4d45e356e63d4e94db7357040793b4d091ef75b2cf05191037380c493b944d1ecf748b9bd9935f1f91ba0c8654c57dbbe4530ab4fff4cd

  • SSDEEP

    196608:fxtCbFLyXyLm+2WzU4qrVTcHHRBTue9iSoCVMbgb/x3/18afx:fWxL4S2kCVsHRsekTCVxhjx

Malware Config

Signatures

  • DarkTrack

    DarkTrack is a remote administration tool written in delphi.

  • DarkTrack payload 4 IoCs
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Themida packer 4 IoCs

    Detects Themida, an advanced Windows software protection system.

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Predstavlenie № 6-51-2024 .docx.exe
    "C:\Users\Admin\AppData\Local\Temp\Predstavlenie № 6-51-2024 .docx.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1920
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\zapros.docx" /o ""
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:4376
    • C:\Users\Admin\AppData\Local\Temp\rupedoras.exe
      C:\Users\Admin\AppData\Local\Temp\rupedoras.exe
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Checks whether UAC is enabled
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2728
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
        3⤵
          PID:2004
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
          3⤵
          • Suspicious behavior: GetForegroundWindowSpam
          PID:6124

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.dc-msedge.net
      dual-a-0034.dc-msedge.net
      IN A
      131.253.33.237
      dual-a-0034.dc-msedge.net
      IN A
      13.107.22.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rc4yhjJ0Y72vUSWqI3I7czVUCUxuno1P687ChIqo7FtQTwqIyYS-w6aNs5vH8fxaAWXvhvANSY7M6PKKuZcHxcDsFkwx8l8Zp_fsk-0VlI6JgZSOW_dmUUv2N83Ft3J0dQTufG9H9dIgXWVxIFkRWmjrkbE1FK9R2wihq44N8LKnOSqz%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da107f53a1709101738ba9311a426654b&TIME=20240426T140014Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55
      Remote address:
      131.253.33.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rc4yhjJ0Y72vUSWqI3I7czVUCUxuno1P687ChIqo7FtQTwqIyYS-w6aNs5vH8fxaAWXvhvANSY7M6PKKuZcHxcDsFkwx8l8Zp_fsk-0VlI6JgZSOW_dmUUv2N83Ft3J0dQTufG9H9dIgXWVxIFkRWmjrkbE1FK9R2wihq44N8LKnOSqz%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da107f53a1709101738ba9311a426654b&TIME=20240426T140014Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=13A4D38F90F46B0927A5C70F918D6A5C; domain=.bing.com; expires=Mon, 09-Jun-2025 11:00:55 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: E72121EC68CC4777B7B3F2EBE1178AB4 Ref B: LON212050706053 Ref C: 2024-05-15T11:00:55Z
      date: Wed, 15 May 2024 11:00:55 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rc4yhjJ0Y72vUSWqI3I7czVUCUxuno1P687ChIqo7FtQTwqIyYS-w6aNs5vH8fxaAWXvhvANSY7M6PKKuZcHxcDsFkwx8l8Zp_fsk-0VlI6JgZSOW_dmUUv2N83Ft3J0dQTufG9H9dIgXWVxIFkRWmjrkbE1FK9R2wihq44N8LKnOSqz%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da107f53a1709101738ba9311a426654b&TIME=20240426T140014Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55
      Remote address:
      131.253.33.237:443
      Request
      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rc4yhjJ0Y72vUSWqI3I7czVUCUxuno1P687ChIqo7FtQTwqIyYS-w6aNs5vH8fxaAWXvhvANSY7M6PKKuZcHxcDsFkwx8l8Zp_fsk-0VlI6JgZSOW_dmUUv2N83Ft3J0dQTufG9H9dIgXWVxIFkRWmjrkbE1FK9R2wihq44N8LKnOSqz%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da107f53a1709101738ba9311a426654b&TIME=20240426T140014Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55 HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=13A4D38F90F46B0927A5C70F918D6A5C; _EDGE_S=SID=32C99C83FC316DCB3E848803FD796C7D
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=UCWHKptAosvma5fDmK9yeg2E94WDK288t-0Zht9KVG0; domain=.bing.com; expires=Mon, 09-Jun-2025 11:00:56 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: B8500286400E45B19D2CB31417587491 Ref B: LON212050706053 Ref C: 2024-05-15T11:00:56Z
      date: Wed, 15 May 2024 11:00:56 GMT
    • flag-be
      GET
      https://www.bing.com/aes/c.gif?RG=16e138315336418fa4246b00d199e7d7&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140014Z&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189
      Remote address:
      2.17.107.130:443
      Request
      GET /aes/c.gif?RG=16e138315336418fa4246b00d199e7d7&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140014Z&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189 HTTP/2.0
      host: www.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=13A4D38F90F46B0927A5C70F918D6A5C
      Response
      HTTP/2.0 200
      cache-control: private,no-store
      pragma: no-cache
      vary: Origin
      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: CB1F09F1CBF1464B8BBEA49E450DD859 Ref B: BRU30EDGE0821 Ref C: 2024-05-15T11:00:56Z
      content-length: 0
      date: Wed, 15 May 2024 11:00:56 GMT
      set-cookie: _EDGE_S=SID=32C99C83FC316DCB3E848803FD796C7D; path=/; httponly; domain=bing.com
      set-cookie: MUIDB=13A4D38F90F46B0927A5C70F918D6A5C; path=/; httponly; expires=Mon, 09-Jun-2025 11:00:56 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.7e6b1102.1715770856.24ccb57
    • flag-us
      DNS
      217.106.137.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.106.137.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      79.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      79.190.18.2.in-addr.arpa
      IN PTR
      Response
      79.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-79deploystaticakamaitechnologiescom
    • flag-us
      DNS
      237.33.253.131.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.33.253.131.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      130.107.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      130.107.17.2.in-addr.arpa
      IN PTR
      Response
      130.107.17.2.in-addr.arpa
      IN PTR
      a2-17-107-130deploystaticakamaitechnologiescom
    • flag-us
      DNS
      72.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      72.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      roaming.officeapps.live.com
      WINWORD.EXE
      Remote address:
      8.8.8.8:53
      Request
      roaming.officeapps.live.com
      IN A
      Response
      roaming.officeapps.live.com
      IN CNAME
      prod.roaming1.live.com.akadns.net
      prod.roaming1.live.com.akadns.net
      IN CNAME
      eur.roaming1.live.com.akadns.net
      eur.roaming1.live.com.akadns.net
      IN CNAME
      neu-azsc-000.roaming.officeapps.live.com
      neu-azsc-000.roaming.officeapps.live.com
      IN CNAME
      osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com
      osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com
      IN A
      52.109.76.243
    • flag-ie
      POST
      https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
      WINWORD.EXE
      Remote address:
      52.109.76.243:443
      Request
      POST /rs/RoamingSoapService.svc HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Content-Type: text/xml; charset=utf-8
      User-Agent: MS-WebServices/1.0
      SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
      Content-Length: 511
      Host: roaming.officeapps.live.com
      Response
      HTTP/1.1 200 OK
      Cache-Control: private
      Content-Type: text/xml; charset=utf-8
      Server: Microsoft-IIS/10.0
      X-OfficeFE: RoamingFE_IN_426
      X-OfficeVersion: 16.0.17705.30576
      X-OfficeCluster: neu-000.roaming.officeapps.live.com
      X-CorrelationId: 42c315a8-6088-4fb7-b6f5-bba41311d8d9
      X-Powered-By: ASP.NET
      Date: Wed, 15 May 2024 11:00:57 GMT
      Content-Length: 654
    • flag-us
      DNS
      97.32.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.32.109.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      243.76.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      243.76.109.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      16.43.107.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      16.43.107.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      205.47.74.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      205.47.74.20.in-addr.arpa
      IN PTR
      Response
    • flag-be
      GET
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      Remote address:
      2.17.107.130:443
      Request
      GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
      host: www.bing.com
      accept: */*
      cookie: MUID=13A4D38F90F46B0927A5C70F918D6A5C; _EDGE_S=SID=32C99C83FC316DCB3E848803FD796C7D; MSPTC=UCWHKptAosvma5fDmK9yeg2E94WDK288t-0Zht9KVG0; MUIDB=13A4D38F90F46B0927A5C70F918D6A5C
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-type: image/png
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QWthbWFp
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      content-length: 1107
      date: Wed, 15 May 2024 11:01:03 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.7e6b1102.1715770863.24cf60c
    • flag-us
      DNS
      209.205.72.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.205.72.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      24.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      24.173.189.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      metadata.templates.cdn.office.net
      WINWORD.EXE
      Remote address:
      8.8.8.8:53
      Request
      metadata.templates.cdn.office.net
      IN A
      Response
      metadata.templates.cdn.office.net
      IN CNAME
      templatesmetadata.office.net
      templatesmetadata.office.net
      IN CNAME
      templatesmetadata.office.net.edgekey.net
      templatesmetadata.office.net.edgekey.net
      IN CNAME
      e26769.dscb.akamaiedge.net
      e26769.dscb.akamaiedge.net
      IN A
      2.17.196.129
      e26769.dscb.akamaiedge.net
      IN A
      2.17.196.82
      e26769.dscb.akamaiedge.net
      IN A
      2.17.196.160
    • flag-be
      GET
      https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
      WINWORD.EXE
      Remote address:
      2.17.196.129:443
      Request
      GET /client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: metadata.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Type: text/xml
      Server: Kestrel
      Content-Encoding: gzip
      Content-Length: 1265
      Cache-Control: max-age=196396
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Vary: Accept-Encoding
    • flag-us
      DNS
      binaries.templates.cdn.office.net
      WINWORD.EXE
      Remote address:
      8.8.8.8:53
      Request
      binaries.templates.cdn.office.net
      IN A
      Response
      binaries.templates.cdn.office.net
      IN CNAME
      binaries.templates.cdn.office.net.edgesuite.net
      binaries.templates.cdn.office.net.edgesuite.net
      IN CNAME
      a1847.dscg2.akamai.net
      a1847.dscg2.akamai.net
      IN A
      104.110.191.165
      a1847.dscg2.akamai.net
      IN A
      104.110.191.169
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp01840907.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 43653
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 2jOARYFw5gy+pyYC/dDZVQ==
      Last-Modified: Fri, 22 Apr 2016 15:41:23 GMT
      ETag: 0x8D36AC48EC98375
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 28348583-901e-0065-0997-a08934000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp1000111403.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp0309043001.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 307348
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: DrxFqg5nzENdB0VDg3H5SA==
      Last-Modified: Wed, 29 Aug 2018 18:20:24 GMT
      ETag: 0x8D60DDC16D93762
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 51141c51-201e-00cb-4597-a0897f000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp0309043402.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 723359
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: dIpTxr3Vzpe9VKdsejNChg==
      Last-Modified: Wed, 29 Aug 2018 18:14:28 GMT
      ETag: 0x8D60DDB424DEB76
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 738df4f4-201e-0011-0897-a00f72000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp02851217.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 33610
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: UYBOJVxXMXYDn01bVcEqsg==
      Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
      ETag: 0x8D36AC499632D1A
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 0b6ab214-701e-0124-7897-a0e772000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp02851218.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31835
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: kqgZ1DSoquosZfDMLzO7Og==
      Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
      ETag: 0x8D36AC4998BC504
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 10c52304-b01e-0014-3b97-a0fb0d000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp02851219.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31605
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: ae2zv4HJn+ipS7oDQIxa4Q==
      Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
      ETag: 0x8D36AC8822FFB6E
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 8b7f1f25-601e-00da-0197-a013cb000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp02851216.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 34816
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: YoYxJM3NoTXswOcieCy4iA==
      Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
      ETag: 0x8D36AC4993E3EB5
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 0b03ef21-101e-0074-4a97-a0be2f000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp02851220.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31482
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 8Q35ApgPHVvuqWssZoQIpw==
      Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
      ETag: 0x8D36AC8827914A7
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 83c35697-501e-012a-6197-a0ab37000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp02851222.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 28911
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: bXh7HiI9trkbaSOAYsyocg==
      Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
      ETag: 0x8D36AC49A221679
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 8e1b4e0c-201e-0137-7097-a0d293000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp02851221.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31562
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: HW+Oc6BmKkjTMgkKTIyJjw==
      Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
      ETag: 0x8D36AC499FED5FF
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 53de44bf-f01e-00f6-1197-a01f7f000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp02851223.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 32833
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: IFr1FgTvlu8ejmAhJUH3Qg==
      Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
      ETag: 0x8D36AC88357BC32
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 29d802a9-701e-006f-6997-a080d9000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp02851224.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 30957
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 08kDbk4RWegysbTS6dQr8A==
      Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
      ETag: 0x8D36AC883A171B7
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 19a4e9d8-101e-0104-2c97-a0f920000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp1000111502.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp02851225.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31008
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 4DPMvHunh6L4JM4JUuV9RA==
      Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
      ETag: 0x8D36AC883F49D7D
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: b3f59ba9-f01e-00aa-4597-a0aa3c000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp02851226.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 35519
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: U+6dpJ0LhDVwOOzzdoONLg==
      Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
      ETag: 0x8D36AC88440C433
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 19a4e9a0-101e-0104-7797-a0f920000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp02851227.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31471
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: karb7EFxz6gpK2GEkvXvNA==
      Last-Modified: Fri, 22 Apr 2016 15:41:43 GMT
      ETag: 0x8D36AC49B376014
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 30578817-d01e-00ae-4c97-a01b04000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp03328905.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 20457
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: TvpI7DB+ry+bNGoHPGf8+w==
      Last-Modified: Fri, 22 Apr 2016 15:41:39 GMT
      ETag: 0x8D36AC498BB27EF
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 9173c92d-401e-0023-5997-a057a2000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp02835233.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 46413
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: xFXEvEvsng2mfE0eU+RtWg==
      Last-Modified: Fri, 22 Apr 2016 15:41:34 GMT
      ETag: 0x8D36AC4959B7E4C
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 738df3c1-201e-0011-7197-a00f72000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp03328884.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 22008
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: q78QzulIDkHYEnfpU4+Yyw==
      Last-Modified: Fri, 22 Apr 2016 16:10:17 GMT
      ETag: 0x8D36AC8987823BE
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: f2e243a2-801e-015b-3797-a04d1c000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp03328893.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp03328916.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 26944
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: +RPdhJFXUwQthWzsTl2rpQ==
      Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
      ETag: 0x8D36AC49908AE11
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 283487b3-901e-0065-0797-a08934000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp03328908.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31083
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: iamBjmZY1zpztkJSL/hwHw==
      Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
      ETag: 0x8D36AC498DE687B
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: ff55b740-c01e-0039-4897-a078cd000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp0403393701.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 3256855
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: iGe99fx1Tanab1ujQTNFlQ==
      Last-Modified: Wed, 29 Aug 2018 18:19:43 GMT
      ETag: 0x8D60DDBFE4BB50C
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 6efd8084-101e-00b2-7c97-a0755b000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:14 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp03328919.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 22149
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: ZsUZnPT7GL1Pnz8sywdABw==
      Last-Modified: Fri, 22 Apr 2016 16:09:48 GMT
      ETag: 0x8D36AC8871139C3
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: d704032d-301e-015e-4e97-a09fc7000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp0403391701.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 698244
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 4pziZjpWoUROqjcy/7gpQA==
      Last-Modified: Wed, 29 Aug 2018 18:15:39 GMT
      ETag: 0x8D60DDB6CAEA91D
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: d7040358-301e-015e-7797-a09fc7000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:14 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp03328925.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 25314
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: xH40MK+BPfiwLhy0gp3ZSw==
      Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
      ETag: 0x8D36AC49952B1C0
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 32975b55-c01e-007d-6097-a0a4a1000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp0403391901.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 1097591
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: v5XpZ+fRzsjv5Ca8ASfT3g==
      Last-Modified: Wed, 29 Aug 2018 18:16:06 GMT
      ETag: 0x8D60DDB7D10C490
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 5bf5ad25-f01e-013e-1a97-a0c81d000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:14 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp03328932.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 20554
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: SGy8siO4cxMv+vS4rQrQRA==
      Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
      ETag: 0x8D36AC4997221A3
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 1d87077a-d01e-0129-4397-a0087e000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp0403392901.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 1766185
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: go+WAx9Av468teUqrut+TA==
      Last-Modified: Wed, 29 Aug 2018 18:21:39 GMT
      ETag: 0x8D60DDC4354B7FB
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: d0d6cad7-401e-0109-1e97-a031f4000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:14 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp03328935.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 23597
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: fGRexQWYL+Up0OUDWzeP/A==
      Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
      ETag: 0x8D36AC49996C1E0
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 5ae4f2a5-201e-00d6-7a97-a073b3000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:13 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp0403392701.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 2527736
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 8laspQm0xsAUTSeMcDawqA==
      Last-Modified: Wed, 29 Aug 2018 18:18:44 GMT
      ETag: 0x8D60DDBDB33F067
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: c64602ac-001e-00a7-3697-a0018a000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:14 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp03328951.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 19893
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 75y4vfvAjwO+9RmtZrpkLw==
      Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
      ETag: 0x8D36AC499DEA2B6
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 9681e92c-c01e-00ba-1097-a0d860000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:14 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp03328972.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 21111
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 0wrSbbtt7KT90pT0jtrVXQ==
      Last-Modified: Fri, 22 Apr 2016 16:09:51 GMT
      ETag: 0x8D36AC888CEAFBE
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: e75ca22d-901e-00f1-6197-a09307000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:14 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp03328940.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 21791
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: e/iLPKIOtx7UU6M2GQjgEA==
      Last-Modified: Fri, 22 Apr 2016 16:09:50 GMT
      ETag: 0x8D36AC8883A8134
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: a209c057-f01e-003c-3797-a0a3ed000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:14 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp03328975.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 22594
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 7gEpx8waySu8PWyw9lP8rg==
      Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
      ETag: 0x8D36AC49A2D135E
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 3cffac34-101e-0056-0397-a0d019000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:14 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp03328983.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 21875
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 5TIDh2JQP/oTcd8D+i4iLQ==
      Last-Modified: Fri, 22 Apr 2016 16:09:52 GMT
      ETag: 0x8D36AC88963C8B3
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 7452dce1-901e-0093-0d97-a05120000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 15 May 2024 11:01:14 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp03328986.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp03328990.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp03328998.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp0345744402.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp0345746401.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp0345747501.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
    • flag-nl
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab
      WINWORD.EXE
      Remote address:
      104.110.191.165:443
      Request
      GET /support/templates/en-us/tp0345748501.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 4474EACE-C1D0-4226-A7FC-C388B4A0740F
      Host: binaries.templates.cdn.office.net
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      28.143.109.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      28.143.109.104.in-addr.arpa
      IN PTR
      Response
      28.143.109.104.in-addr.arpa
      IN PTR
      a104-109-143-28deploystaticakamaitechnologiescom
    • flag-us
      DNS
      11.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      22.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      22.236.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 792794
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 03C296287D6F4E76B37078B45A1BEF61 Ref B: LON04EDGE0914 Ref C: 2024-05-15T11:02:42Z
      date: Wed, 15 May 2024 11:02:42 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 621794
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 74F6EAFEA5DD4C5D986A63F1EA792706 Ref B: LON04EDGE0914 Ref C: 2024-05-15T11:02:42Z
      date: Wed, 15 May 2024 11:02:42 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 659775
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 7C0D2A1D044A42C9B0D4950498C60260 Ref B: LON04EDGE0914 Ref C: 2024-05-15T11:02:42Z
      date: Wed, 15 May 2024 11:02:42 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 627437
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 38BEE1E1D8C249309F9FE6B792E9CF78 Ref B: LON04EDGE0914 Ref C: 2024-05-15T11:02:42Z
      date: Wed, 15 May 2024 11:02:42 GMT
    • flag-us
      DNS
      26.35.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      26.35.223.20.in-addr.arpa
      IN PTR
      Response
    • 131.253.33.237:443
      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rc4yhjJ0Y72vUSWqI3I7czVUCUxuno1P687ChIqo7FtQTwqIyYS-w6aNs5vH8fxaAWXvhvANSY7M6PKKuZcHxcDsFkwx8l8Zp_fsk-0VlI6JgZSOW_dmUUv2N83Ft3J0dQTufG9H9dIgXWVxIFkRWmjrkbE1FK9R2wihq44N8LKnOSqz%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da107f53a1709101738ba9311a426654b&TIME=20240426T140014Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55
      tls, http2
      2.5kB
      9.0kB
      20
      17

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rc4yhjJ0Y72vUSWqI3I7czVUCUxuno1P687ChIqo7FtQTwqIyYS-w6aNs5vH8fxaAWXvhvANSY7M6PKKuZcHxcDsFkwx8l8Zp_fsk-0VlI6JgZSOW_dmUUv2N83Ft3J0dQTufG9H9dIgXWVxIFkRWmjrkbE1FK9R2wihq44N8LKnOSqz%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da107f53a1709101738ba9311a426654b&TIME=20240426T140014Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8rc4yhjJ0Y72vUSWqI3I7czVUCUxuno1P687ChIqo7FtQTwqIyYS-w6aNs5vH8fxaAWXvhvANSY7M6PKKuZcHxcDsFkwx8l8Zp_fsk-0VlI6JgZSOW_dmUUv2N83Ft3J0dQTufG9H9dIgXWVxIFkRWmjrkbE1FK9R2wihq44N8LKnOSqz%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Da107f53a1709101738ba9311a426654b&TIME=20240426T140014Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55

      HTTP Response

      204
    • 2.17.107.130:443
      https://www.bing.com/aes/c.gif?RG=16e138315336418fa4246b00d199e7d7&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140014Z&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189
      tls, http2
      1.4kB
      5.3kB
      16
      11

      HTTP Request

      GET https://www.bing.com/aes/c.gif?RG=16e138315336418fa4246b00d199e7d7&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T140014Z&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189

      HTTP Response

      200
    • 52.109.76.243:443
      https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
      tls, http
      WINWORD.EXE
      1.7kB
      7.7kB
      11
      10

      HTTP Request

      POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

      HTTP Response

      200
    • 2.17.107.130:443
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      tls, http2
      1.6kB
      6.4kB
      17
      12

      HTTP Request

      GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

      HTTP Response

      200
    • 2.17.196.129:443
      https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
      tls, http
      WINWORD.EXE
      1.4kB
      6.0kB
      11
      10

      HTTP Request

      GET https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab
      tls, http
      WINWORD.EXE
      4.1kB
      97.6kB
      57
      78

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab
      tls, http
      WINWORD.EXE
      6.3kB
      197.3kB
      104
      148

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab
      tls, http
      WINWORD.EXE
      7.8kB
      261.5kB
      133
      194

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab
      tls, http
      WINWORD.EXE
      2.5kB
      39.8kB
      34
      35

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab
      tls, http
      WINWORD.EXE
      1.9kB
      37.9kB
      23
      34

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab
      tls, http
      WINWORD.EXE
      2.4kB
      37.7kB
      30
      34

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab
      tls, http
      WINWORD.EXE
      2.6kB
      41.0kB
      36
      36

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab
      tls, http
      WINWORD.EXE
      1.7kB
      33.4kB
      21
      31

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab
      tls, http
      WINWORD.EXE
      1.9kB
      34.9kB
      24
      32

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab
      tls, http
      WINWORD.EXE
      2.3kB
      37.7kB
      30
      34

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab
      tls, http
      WINWORD.EXE
      2.1kB
      39.0kB
      27
      35

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab
      tls, http
      WINWORD.EXE
      2.8kB
      37.1kB
      32
      34

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab
      tls, http
      WINWORD.EXE
      2.1kB
      37.1kB
      27
      34

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab
      tls, http
      WINWORD.EXE
      2.2kB
      41.8kB
      29
      37

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab
      tls, http
      WINWORD.EXE
      1.8kB
      37.6kB
      23
      34

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab
      tls, http
      WINWORD.EXE
      2.0kB
      26.2kB
      25
      25

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab
      tls, http
      WINWORD.EXE
      2.8kB
      53.0kB
      40
      45

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab
      tls, http
      WINWORD.EXE
      1.7kB
      26.8kB
      20
      26

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab
      tls, http
      WINWORD.EXE
      1.5kB
      21.8kB
      16
      23

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab
      tls, http
      WINWORD.EXE
      1.8kB
      32.9kB
      22
      31

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab
      tls, http
      WINWORD.EXE
      17.7kB
      898.4kB
      353
      651

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab
      tls, http
      WINWORD.EXE
      3.9kB
      156.5kB
      59
      120

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
      tls, http
      WINWORD.EXE
      4.7kB
      186.4kB
      75
      142

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab
      tls, http
      WINWORD.EXE
      5.4kB
      175.9kB
      83
      134

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab
      tls, http
      WINWORD.EXE
      8.7kB
      274.0kB
      131
      204

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab
      tls, http
      WINWORD.EXE
      1.6kB
      25.7kB
      17
      26

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab
      tls, http
      WINWORD.EXE
      1.6kB
      26.9kB
      18
      27

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab
      tls, http
      WINWORD.EXE
      1.6kB
      27.6kB
      18
      27

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab
      tls, http
      WINWORD.EXE
      1.6kB
      28.5kB
      18
      28

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab
      tls, http
      WINWORD.EXE
      1.6kB
      27.7kB
      17
      27

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

      HTTP Response

      200
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab
      tls, http
      WINWORD.EXE
      1.4kB
      12.8kB
      13
      16

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab
      tls, http
      WINWORD.EXE
      1.4kB
      15.6kB
      14
      18

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab
      tls, http
      WINWORD.EXE
      1.2kB
      4.4kB
      9
      9

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
      tls, http
      WINWORD.EXE
      2.0kB
      51.9kB
      27
      43

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab
      tls, http
      WINWORD.EXE
      1.3kB
      13.9kB
      11
      17

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
      tls, http
      WINWORD.EXE
      1.2kB
      4.4kB
      10
      9

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
    • 104.110.191.165:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab
      tls, http
      WINWORD.EXE
      3.1kB
      56.2kB
      38
      47

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab
    • 104.110.191.165:443
      binaries.templates.cdn.office.net
      tls
      WINWORD.EXE
      826 B
      11.1kB
      11
      12
    • 104.110.191.165:443
      binaries.templates.cdn.office.net
      tls
      WINWORD.EXE
      734 B
      4.1kB
      9
      7
    • 104.110.191.165:443
      binaries.templates.cdn.office.net
      tls
      WINWORD.EXE
      3.7kB
      181.6kB
      74
      137
    • 104.110.191.165:443
      binaries.templates.cdn.office.net
      tls
      WINWORD.EXE
      734 B
      4.4kB
      9
      9
    • 104.110.191.165:443
      binaries.templates.cdn.office.net
      tls
      WINWORD.EXE
      1.1kB
      26.8kB
      17
      25
    • 104.110.191.165:443
      binaries.templates.cdn.office.net
      tls
      WINWORD.EXE
      522 B
      203 B
      7
      4
    • 104.110.191.165:443
      binaries.templates.cdn.office.net
      tls
      WINWORD.EXE
      1.6kB
      42.1kB
      27
      34
    • 104.110.191.165:443
      binaries.templates.cdn.office.net
      tls
      WINWORD.EXE
      1.1kB
      33.7kB
      19
      27
    • 104.110.191.165:443
      binaries.templates.cdn.office.net
      tls
      WINWORD.EXE
      4.0kB
      106.5kB
      65
      80
    • 94.156.79.57:1443
      AddInProcess32.exe
      260 B
      200 B
      5
      5
    • 94.156.79.57:1443
      AddInProcess32.exe
      260 B
      200 B
      5
      5
    • 94.156.79.57:1443
      AddInProcess32.exe
      260 B
      200 B
      5
      5
    • 94.156.79.57:1443
      AddInProcess32.exe
      260 B
      200 B
      5
      5
    • 94.156.79.57:1443
      AddInProcess32.exe
      260 B
      160 B
      5
      4
    • 94.156.79.57:1443
      AddInProcess32.exe
      260 B
      200 B
      5
      5
    • 94.156.79.57:1443
      AddInProcess32.exe
      260 B
      200 B
      5
      5
    • 94.156.79.57:1443
      AddInProcess32.exe
      260 B
      200 B
      5
      5
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      8.1kB
      16
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      8.0kB
      16
      12
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      tls, http2
      104.3kB
      2.8MB
      2026
      2019

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      8.1kB
      16
      14
    • 94.156.79.57:1443
      AddInProcess32.exe
      260 B
      200 B
      5
      5
    • 94.156.79.57:1443
      AddInProcess32.exe
      260 B
      200 B
      5
      5
    • 94.156.79.57:1443
      AddInProcess32.exe
      260 B
      200 B
      5
      5
    • 94.156.79.57:1443
      AddInProcess32.exe
      260 B
      200 B
      5
      5
    • 94.156.79.57:1443
      AddInProcess32.exe
      260 B
      200 B
      5
      5
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
      173 B
      1
      1

      DNS Request

      g.bing.com

      DNS Response

      131.253.33.237
      13.107.22.237

    • 8.8.8.8:53
      217.106.137.52.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      217.106.137.52.in-addr.arpa

    • 8.8.8.8:53
      79.190.18.2.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      79.190.18.2.in-addr.arpa

    • 8.8.8.8:53
      237.33.253.131.in-addr.arpa
      dns
      73 B
      143 B
      1
      1

      DNS Request

      237.33.253.131.in-addr.arpa

    • 8.8.8.8:53
      130.107.17.2.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      130.107.17.2.in-addr.arpa

    • 8.8.8.8:53
      72.32.126.40.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      72.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      roaming.officeapps.live.com
      dns
      WINWORD.EXE
      73 B
      248 B
      1
      1

      DNS Request

      roaming.officeapps.live.com

      DNS Response

      52.109.76.243

    • 8.8.8.8:53
      97.32.109.52.in-addr.arpa
      dns
      71 B
      145 B
      1
      1

      DNS Request

      97.32.109.52.in-addr.arpa

    • 8.8.8.8:53
      243.76.109.52.in-addr.arpa
      dns
      72 B
      146 B
      1
      1

      DNS Request

      243.76.109.52.in-addr.arpa

    • 8.8.8.8:53
      16.43.107.13.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      16.43.107.13.in-addr.arpa

    • 8.8.8.8:53
      205.47.74.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      205.47.74.20.in-addr.arpa

    • 8.8.8.8:53
      209.205.72.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      209.205.72.20.in-addr.arpa

    • 8.8.8.8:53
      24.173.189.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      24.173.189.20.in-addr.arpa

    • 8.8.8.8:53
      metadata.templates.cdn.office.net
      dns
      WINWORD.EXE
      79 B
      247 B
      1
      1

      DNS Request

      metadata.templates.cdn.office.net

      DNS Response

      2.17.196.129
      2.17.196.82
      2.17.196.160

    • 8.8.8.8:53
      binaries.templates.cdn.office.net
      dns
      WINWORD.EXE
      79 B
      202 B
      1
      1

      DNS Request

      binaries.templates.cdn.office.net

      DNS Response

      104.110.191.165
      104.110.191.169

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      70 B
      144 B
      1
      1

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      28.143.109.104.in-addr.arpa
      dns
      73 B
      139 B
      1
      1

      DNS Request

      28.143.109.104.in-addr.arpa

    • 8.8.8.8:53
    • 8.8.8.8:53
    • 8.8.8.8:53
      11.227.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      11.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      22.236.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      22.236.111.52.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
      173 B
      1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      26.35.223.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      26.35.223.20.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\TCD7F87.tmp\gb.xsl

      Filesize

      262KB

      MD5

      51d32ee5bc7ab811041f799652d26e04

      SHA1

      412193006aa3ef19e0a57e16acf86b830993024a

      SHA256

      6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

      SHA512

      5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

    • C:\Users\Admin\AppData\Local\Temp\rupedoras.exe

      Filesize

      11.2MB

      MD5

      d483c1a9718cf5d880b3cce5d6ff7423

      SHA1

      72be5e949dd6923a43e7eaab1811baea4bc4b644

      SHA256

      8df595a1528a09fdcfe237a7dd1009d1380a886875747d1b145925968463f7bd

      SHA512

      370e220b3bdb617a12479db075ee26741075306ce7a72237115b2d79c452baadf931ccf3b422e9d0ef1eb0138316c3233f3ecd27074f3e797dc20ee974eb6fe4

    • C:\Users\Admin\AppData\Local\Temp\zapros.docx

      Filesize

      11KB

      MD5

      9871272af8b06b484f0529c10350a910

      SHA1

      707979b027f371989fb71e36795b652a2d466592

      SHA256

      c2a256547433bec8d7afbed923f453eb2df978f18ed498e82bb2b244b126a9f3

      SHA512

      5bd60de706ed3ef717177b08fa69ebc8117fe52bf53e896b91d102430b4b976b136f2df75fe4d1cb9cf16f5e73052e030e364bdf212148b1471e9c2b99f76a4c

    • memory/2728-30-0x0000000000400000-0x0000000001F60000-memory.dmp

      Filesize

      27.4MB

    • memory/2728-43-0x00000000065B0000-0x0000000006642000-memory.dmp

      Filesize

      584KB

    • memory/2728-547-0x0000000000400000-0x0000000001F60000-memory.dmp

      Filesize

      27.4MB

    • memory/2728-40-0x0000000000400000-0x0000000001F60000-memory.dmp

      Filesize

      27.4MB

    • memory/2728-41-0x0000000000400000-0x0000000001F60000-memory.dmp

      Filesize

      27.4MB

    • memory/2728-534-0x0000000000400000-0x0000000001F60000-memory.dmp

      Filesize

      27.4MB

    • memory/2728-54-0x000000000AB70000-0x000000000AB76000-memory.dmp

      Filesize

      24KB

    • memory/2728-53-0x00000000085C0000-0x00000000085DA000-memory.dmp

      Filesize

      104KB

    • memory/2728-46-0x00000000070B0000-0x00000000070BA000-memory.dmp

      Filesize

      40KB

    • memory/2728-45-0x0000000006FE0000-0x0000000007024000-memory.dmp

      Filesize

      272KB

    • memory/2728-44-0x0000000006670000-0x000000000670C000-memory.dmp

      Filesize

      624KB

    • memory/2728-42-0x0000000006770000-0x0000000006D14000-memory.dmp

      Filesize

      5.6MB

    • memory/4376-533-0x00007FFFBDAF0000-0x00007FFFBDCE5000-memory.dmp

      Filesize

      2.0MB

    • memory/4376-19-0x00007FFFBDAF0000-0x00007FFFBDCE5000-memory.dmp

      Filesize

      2.0MB

    • memory/4376-22-0x00007FFF7B840000-0x00007FFF7B850000-memory.dmp

      Filesize

      64KB

    • memory/4376-8-0x00007FFF7DB70000-0x00007FFF7DB80000-memory.dmp

      Filesize

      64KB

    • memory/4376-7-0x00007FFF7DB70000-0x00007FFF7DB80000-memory.dmp

      Filesize

      64KB

    • memory/4376-5-0x00007FFF7DB70000-0x00007FFF7DB80000-memory.dmp

      Filesize

      64KB

    • memory/4376-13-0x00007FFFBDAF0000-0x00007FFFBDCE5000-memory.dmp

      Filesize

      2.0MB

    • memory/4376-21-0x00007FFFBDAF0000-0x00007FFFBDCE5000-memory.dmp

      Filesize

      2.0MB

    • memory/4376-20-0x00007FFFBDAF0000-0x00007FFFBDCE5000-memory.dmp

      Filesize

      2.0MB

    • memory/4376-12-0x00007FFFBDAF0000-0x00007FFFBDCE5000-memory.dmp

      Filesize

      2.0MB

    • memory/4376-14-0x00007FFFBDAF0000-0x00007FFFBDCE5000-memory.dmp

      Filesize

      2.0MB

    • memory/4376-18-0x00007FFF7B840000-0x00007FFF7B850000-memory.dmp

      Filesize

      64KB

    • memory/4376-16-0x00007FFFBDAF0000-0x00007FFFBDCE5000-memory.dmp

      Filesize

      2.0MB

    • memory/4376-17-0x00007FFFBDAF0000-0x00007FFFBDCE5000-memory.dmp

      Filesize

      2.0MB

    • memory/4376-15-0x00007FFFBDAF0000-0x00007FFFBDCE5000-memory.dmp

      Filesize

      2.0MB

    • memory/4376-6-0x00007FFF7DB70000-0x00007FFF7DB80000-memory.dmp

      Filesize

      64KB

    • memory/4376-9-0x00007FFFBDB8D000-0x00007FFFBDB8E000-memory.dmp

      Filesize

      4KB

    • memory/4376-11-0x00007FFF7DB70000-0x00007FFF7DB80000-memory.dmp

      Filesize

      64KB

    • memory/4376-10-0x00007FFFBDAF0000-0x00007FFFBDCE5000-memory.dmp

      Filesize

      2.0MB

    • memory/6124-544-0x0000000000400000-0x00000000004A8000-memory.dmp

      Filesize

      672KB

    • memory/6124-540-0x0000000000400000-0x00000000004A8000-memory.dmp

      Filesize

      672KB

    • memory/6124-542-0x0000000000400000-0x00000000004A8000-memory.dmp

      Filesize

      672KB

    • memory/6124-543-0x0000000000400000-0x00000000004A8000-memory.dmp

      Filesize

      672KB

    • memory/6124-541-0x0000000000400000-0x00000000004A8000-memory.dmp

      Filesize

      672KB

    • memory/6124-538-0x0000000000400000-0x00000000004A8000-memory.dmp

      Filesize

      672KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.