darktrack | 58fb41c622cfccae8febc06e0c04f25bdb613a5b260ae6f404e9d0eda5ea86ab

Resubmissions

15/05/2024, 11:58 UTC

240515-n495nagc6y 10

15/05/2024, 11:54 UTC

240515-n3d1tsgd33 4

15/05/2024, 09:22 UTC

240515-lb8p1sba32 10

Analysis

max time kernel
235s
max time network
264s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
15/05/2024, 11:58 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4423890.rar
Size

11.2MB
MD5

ff7553a8d62ba75491119628aa7ede6e
SHA1

105b16f65c61570fd9c6ff2077597ba626026cda
SHA256

58fb41c622cfccae8febc06e0c04f25bdb613a5b260ae6f404e9d0eda5ea86ab
SHA512

ee01b5273fa7fb49eb8f55b995174bb869ebe77854427c4691e8980f5c2b49eef66a9e3fc8ecb6dd2388f390423318653b3573d1002af3124c70a42ed5815c22
SSDEEP

196608:f9VizBum/MJuS5PuZBv5z7/AGUnfbhI7epRSv6EjBGu0wcDGIuPJGopuS5R:X4BF/GuS5PuZLQGOfeavSNjgu0tiI1o/

Score

10^/10

darktrack evasion persistence rat stealer themida trojan upx

Malware Config

Signatures

DarkTrack
DarkTrack is a remote administration tool written in delphi.
rat stealer darktrack

DarkTrack payload 4 IoCs

resource	yara_rule
behavioral1/memory/1892-701-0x0000000000400000-0x00000000004A8000-memory.dmp	family_darktrack
behavioral1/memory/1892-704-0x0000000000400000-0x00000000004A8000-memory.dmp	family_darktrack
behavioral1/memory/1892-703-0x0000000000400000-0x00000000004A8000-memory.dmp	family_darktrack
behavioral1/memory/1892-702-0x0000000000400000-0x00000000004A8000-memory.dmp	family_darktrack

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	rupedoras.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	rupedoras.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	rupedoras.exe

Executes dropped EXE 2 IoCs

pid	Process
4024	Predstavlenie № 6-51-2024 .docx.exe
4160	rupedoras.exe

Themida packer 4 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x000900000001ac08-142.dat	themida
behavioral1/memory/4160-191-0x0000000000400000-0x0000000001F60000-memory.dmp	themida
behavioral1/memory/4160-192-0x0000000000400000-0x0000000001F60000-memory.dmp	themida
behavioral1/memory/4160-707-0x0000000000400000-0x0000000001F60000-memory.dmp	themida

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1892-698-0x0000000000400000-0x00000000004A8000-memory.dmp	upx
behavioral1/memory/1892-701-0x0000000000400000-0x00000000004A8000-memory.dmp	upx
behavioral1/memory/1892-704-0x0000000000400000-0x00000000004A8000-memory.dmp	upx
behavioral1/memory/1892-703-0x0000000000400000-0x00000000004A8000-memory.dmp	upx
behavioral1/memory/1892-702-0x0000000000400000-0x00000000004A8000-memory.dmp	upx
behavioral1/memory/1892-700-0x0000000000400000-0x00000000004A8000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Windows\CurrentVersion\Run\KWn3 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rupedoras.exe"	Predstavlenie № 6-51-2024 .docx.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rupedoras.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4160	rupedoras.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4160 set thread context of 1892	4160	rupedoras.exe	89

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	Predstavlenie № 6-51-2024 .docx.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3328	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4984	WINWORD.EXE
4984	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4160	rupedoras.exe
4160	rupedoras.exe
4160	rupedoras.exe
4160	rupedoras.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1892	AddInProcess32.exe
4432	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	2352	7zFM.exe
Token: 35	2352	7zFM.exe
Token: SeSecurityPrivilege	2352	7zFM.exe
Token: SeDebugPrivilege	4160	rupedoras.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2352	7zFM.exe
2352	7zFM.exe

Suspicious use of SetWindowsHookEx 29 IoCs

pid	Process
5112	OpenWith.exe
4984	WINWORD.EXE
4984	WINWORD.EXE
4984	WINWORD.EXE
4984	WINWORD.EXE
4984	WINWORD.EXE
4984	WINWORD.EXE
4984	WINWORD.EXE
4432	OpenWith.exe
4432	OpenWith.exe
4432	OpenWith.exe
4432	OpenWith.exe
4432	OpenWith.exe
4432	OpenWith.exe
4432	OpenWith.exe
4432	OpenWith.exe
4432	OpenWith.exe
4432	OpenWith.exe
4432	OpenWith.exe
4432	OpenWith.exe
4432	OpenWith.exe
4432	OpenWith.exe
4432	OpenWith.exe
4432	OpenWith.exe
4432	OpenWith.exe
4432	OpenWith.exe
4432	OpenWith.exe
4432	OpenWith.exe
4432	OpenWith.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4024 wrote to memory of 4984	4024	Predstavlenie № 6-51-2024 .docx.exe	84
PID 4024 wrote to memory of 4984	4024	Predstavlenie № 6-51-2024 .docx.exe	84
PID 4024 wrote to memory of 4160	4024	Predstavlenie № 6-51-2024 .docx.exe	86
PID 4024 wrote to memory of 4160	4024	Predstavlenie № 6-51-2024 .docx.exe	86
PID 4024 wrote to memory of 4160	4024	Predstavlenie № 6-51-2024 .docx.exe	86
PID 4160 wrote to memory of 1892	4160	rupedoras.exe	89
PID 4160 wrote to memory of 1892	4160	rupedoras.exe	89
PID 4160 wrote to memory of 1892	4160	rupedoras.exe	89
PID 4160 wrote to memory of 1892	4160	rupedoras.exe	89
PID 4160 wrote to memory of 1892	4160	rupedoras.exe	89
PID 4160 wrote to memory of 1892	4160	rupedoras.exe	89
PID 4160 wrote to memory of 1892	4160	rupedoras.exe	89
PID 4432 wrote to memory of 3328	4432	OpenWith.exe	93
PID 4432 wrote to memory of 3328	4432	OpenWith.exe	93

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\4423890.rar
1⤵
- Modifies registry class
PID:212

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5112

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1476

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\4423890.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2352

C:\Users\Admin\Desktop\Predstavlenie № 6-51-2024 .docx.exe
"C:\Users\Admin\Desktop\Predstavlenie № 6-51-2024 .docx.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4024
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\zapros.docx" /o ""
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:4984
- C:\Users\Admin\AppData\Local\Temp\rupedoras.exe
  C:\Users\Admin\AppData\Local\Temp\rupedoras.exe
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4160
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
    3⤵
    - Suspicious behavior: GetForegroundWindowSpam
    PID:1892

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Klog.dat
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3328

Network

DNS

239.249.30.184.in-addr.arpa

Remote address:

8.8.8.8:53

Request

239.249.30.184.in-addr.arpa

IN PTR

Response

239.249.30.184.in-addr.arpa

IN PTR

a184-30-249-239deploystaticakamaitechnologiescom
DNS

18.89.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.89.109.52.in-addr.arpa

IN PTR

Response
DNS

roaming.officeapps.live.com

WINWORD.EXE

Remote address:

8.8.8.8:53

Request

roaming.officeapps.live.com

IN A

Response

roaming.officeapps.live.com

IN CNAME

prod.roaming1.live.com.akadns.net

prod.roaming1.live.com.akadns.net

IN CNAME

eur.roaming1.live.com.akadns.net

eur.roaming1.live.com.akadns.net

IN CNAME

uks-azsc-000.roaming.officeapps.live.com

uks-azsc-000.roaming.officeapps.live.com

IN CNAME

osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com

osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com

IN A

52.109.28.47
POST

https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

WINWORD.EXE

Remote address:

52.109.28.47:443

Request

POST /rs/RoamingSoapService.svc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/xml; charset=utf-8
User-Agent: MS-WebServices/1.0
SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
Content-Length: 511
Host: roaming.officeapps.live.com

Response

HTTP/1.1 200 OK

Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/10.0
X-OfficeFE: RoamingFE_IN_478
X-OfficeVersion: 16.0.17705.30576
X-OfficeCluster: uks-000.roaming.officeapps.live.com
X-CorrelationId: 3d147d10-97d3-4207-82e0-4e8da244bd68
X-Powered-By: ASP.NET
Date: Wed, 15 May 2024 12:00:28 GMT
Content-Length: 654
DNS

47.28.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

47.28.109.52.in-addr.arpa

IN PTR

Response
DNS

79.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.190.18.2.in-addr.arpa

IN PTR

Response

79.190.18.2.in-addr.arpa

IN PTR

a2-18-190-79deploystaticakamaitechnologiescom
DNS

0.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.159.190.20.in-addr.arpa

IN PTR

Response
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

13.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.173.189.20.in-addr.arpa

IN PTR

Response
DNS

metadata.templates.cdn.office.net

WINWORD.EXE

Remote address:

8.8.8.8:53

Request

metadata.templates.cdn.office.net

IN A

Response

metadata.templates.cdn.office.net

IN CNAME

templatesmetadata.office.net

templatesmetadata.office.net

IN CNAME

templatesmetadata.office.net.edgekey.net

templatesmetadata.office.net.edgekey.net

IN CNAME

e26769.dscb.akamaiedge.net

e26769.dscb.akamaiedge.net

IN A

2.17.196.160

e26769.dscb.akamaiedge.net

IN A

2.17.196.82
GET

https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

WINWORD.EXE

Remote address:

2.17.196.160:443

Request

GET /client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: metadata.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Type: text/xml
Server: Kestrel
Content-Encoding: gzip
Content-Length: 1265
Cache-Control: max-age=192819
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Vary: Accept-Encoding
DNS

binaries.templates.cdn.office.net

WINWORD.EXE

Remote address:

8.8.8.8:53

Request

binaries.templates.cdn.office.net

IN A

Response

binaries.templates.cdn.office.net

IN CNAME

binaries.templates.cdn.office.net.edgesuite.net

binaries.templates.cdn.office.net.edgesuite.net

IN CNAME

a1847.dscg2.akamai.net

a1847.dscg2.akamai.net

IN A

104.110.191.169

a1847.dscg2.akamai.net

IN A

104.110.191.165
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp02851218.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31835
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: kqgZ1DSoquosZfDMLzO7Og==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC4998BC504
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 10c52304-b01e-0014-3b97-a0fb0d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp02851219.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31605
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: ae2zv4HJn+ipS7oDQIxa4Q==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC499B0654A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9347087c-301e-008d-2497-a074cf000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp02851220.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31482
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 8Q35ApgPHVvuqWssZoQIpw==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC499D1A9F8
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: dc60f1e2-901e-002a-1497-a04d2c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp03328893.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 20235
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 48ZBc7L0qnq3LhOWqVFL2A==
Last-Modified: Fri, 22 Apr 2016 15:41:57 GMT
ETag: 0x8D36AC4A3175138
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b61ec186-801e-0035-5597-a0963c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp1000111502.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 230916
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: k/qfd5Ugqy0irE6oZLe7NA==
Last-Modified: Thu, 12 Jul 2018 00:23:55 GMT
ETag: 0x8D5E78DC0BDFFD8
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4145748d-001e-0042-5197-a0137d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp02851222.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 28911
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: bXh7HiI9trkbaSOAYsyocg==
Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
ETag: 0x8D36AC8830E54C8
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a209befb-f01e-003c-7897-a0a3ed000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp02851227.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31471
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: karb7EFxz6gpK2GEkvXvNA==
Last-Modified: Fri, 22 Apr 2016 15:41:43 GMT
ETag: 0x8D36AC49B376014
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 30578817-d01e-00ae-4c97-a01b04000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp0309043402.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 723359
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: dIpTxr3Vzpe9VKdsejNChg==
Last-Modified: Wed, 29 Aug 2018 18:14:28 GMT
ETag: 0x8D60DDB424DEB76
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 738df4f4-201e-0011-0897-a00f72000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp03328884.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22008
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: q78QzulIDkHYEnfpU4+Yyw==
Last-Modified: Fri, 22 Apr 2016 15:41:56 GMT
ETag: 0x8D36AC4A2F6A8CC
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9173c5a2-401e-0023-1497-a057a2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp03998159.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 3417042
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: dJw2FeVMjmh1UYz9hOWhsg==
Last-Modified: Fri, 22 Apr 2016 16:11:19 GMT
ETag: 0x8D36AC8BD7E1FE9
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 17449561-001e-0081-5997-a02af0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:45 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp03328908.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31083
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: iamBjmZY1zpztkJSL/hwHw==
Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
ETag: 0x8D36AC498DE687B
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ff55b740-c01e-0039-4897-a078cd000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp03328916.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 26944
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: +RPdhJFXUwQthWzsTl2rpQ==
Last-Modified: Fri, 22 Apr 2016 16:09:47 GMT
ETag: 0x8D36AC886C4C4EE
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b5364943-d01e-0082-2f97-a0cb94000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp03328919.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22149
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: ZsUZnPT7GL1Pnz8sywdABw==
Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
ETag: 0x8D36AC4992C63CE
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 8364533c-801e-00f2-1497-a0eafd000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp1000111403.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 953453
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 1OrACenntkuLABroK4EC+g==
Last-Modified: Thu, 12 Jul 2018 00:20:10 GMT
ETag: 0x8D5E78D3A9D8C97
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d0d6cc18-401e-0109-4497-a031f4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp03328905.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 20457
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: TvpI7DB+ry+bNGoHPGf8+w==
Last-Modified: Fri, 22 Apr 2016 15:41:39 GMT
ETag: 0x8D36AC498BB27EF
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9173c92d-401e-0023-5997-a057a2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp0403392701.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 2527736
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 8laspQm0xsAUTSeMcDawqA==
Last-Modified: Wed, 29 Aug 2018 18:18:47 GMT
ETag: 0x8D60DDBDD02F94A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9b6286de-601e-003e-0c97-a01d55000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp0309043001.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 307348
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: DrxFqg5nzENdB0VDg3H5SA==
Last-Modified: Wed, 29 Aug 2018 18:20:24 GMT
ETag: 0x8D60DDC16D93762
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 51141c51-201e-00cb-4597-a0897f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp02851226.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 35519
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: U+6dpJ0LhDVwOOzzdoONLg==
Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
ETag: 0x8D36AC88440C433
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 19a4e9a0-101e-0104-7797-a0f920000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp02851225.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31008
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 4DPMvHunh6L4JM4JUuV9RA==
Last-Modified: Fri, 22 Apr 2016 15:41:43 GMT
ETag: 0x8D36AC49AA813B7
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b06db0e7-601e-009e-1797-a0412e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp02851224.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 30957
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 08kDbk4RWegysbTS6dQr8A==
Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
ETag: 0x8D36AC49A7FC9DF
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b61ec0df-801e-0035-3b97-a0963c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp02851223.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 32833
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: IFr1FgTvlu8ejmAhJUH3Qg==
Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
ETag: 0x8D36AC49A4270D3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: cc75bd11-e01e-002e-7897-a0b8ae000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp02851221.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31562
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: HW+Oc6BmKkjTMgkKTIyJjw==
Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
ETag: 0x8D36AC882C4ED43
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 59969ada-701e-00f9-4897-a08908000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp02851217.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 33610
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: UYBOJVxXMXYDn01bVcEqsg==
Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
ETag: 0x8D36AC499632D1A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 0b6ab214-701e-0124-7897-a0e772000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp02851216.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 34816
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: YoYxJM3NoTXswOcieCy4iA==
Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
ETag: 0x8D36AC4993E3EB5
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 0b03ef21-101e-0074-4a97-a0be2f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp0403392901.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1766185
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: go+WAx9Av468teUqrut+TA==
Last-Modified: Wed, 29 Aug 2018 18:21:39 GMT
ETag: 0x8D60DDC4354B7FB
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d0d6cad7-401e-0109-1e97-a031f4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp03328925.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 25314
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: xH40MK+BPfiwLhy0gp3ZSw==
Last-Modified: Fri, 22 Apr 2016 16:09:48 GMT
ETag: 0x8D36AC8875AEF5A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 1744a40d-001e-0081-4b97-a02af0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp03328935.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 23597
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: fGRexQWYL+Up0OUDWzeP/A==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC49996C1E0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5ae4f2a5-201e-00d6-7a97-a073b3000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp0403393701.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 3256855
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: iGe99fx1Tanab1ujQTNFlQ==
Last-Modified: Wed, 29 Aug 2018 18:19:39 GMT
ETag: 0x8D60DDBFC361FBC
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: fe79cf1d-e01e-0025-2a97-a0a0da000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp03328932.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 20554
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: SGy8siO4cxMv+vS4rQrQRA==
Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
ETag: 0x8D36AC4997221A3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 1d87077a-d01e-0129-4397-a0087e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp0403392501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1310275
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: nJ9JpHIiwYAlzCVXUzepZQ==
Last-Modified: Wed, 29 Aug 2018 18:17:15 GMT
ETag: 0x8D60DDBA5EDDA1A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d9813135-301e-0041-0c97-a0107a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp02835233.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 46413
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: xFXEvEvsng2mfE0eU+RtWg==
Last-Modified: Fri, 22 Apr 2016 15:41:34 GMT
ETag: 0x8D36AC4959B7E4C
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 738df3c1-201e-0011-7197-a00f72000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp03328951.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 19893
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 75y4vfvAjwO+9RmtZrpkLw==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC499DEA2B6
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9681e92c-c01e-00ba-1097-a0d860000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp0403392101.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1881952
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: U8X0WyLhM7KNS9O1o1D9vQ==
Last-Modified: Wed, 29 Aug 2018 18:19:46 GMT
ETag: 0x8D60DDC004A49D0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 551600a6-301e-00f8-7197-a0d6d4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:45 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp03328940.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21791
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: e/iLPKIOtx7UU6M2GQjgEA==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC499BA77A5
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 8e1b4eef-201e-0137-4297-a0d293000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp0403391701.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 698244
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 4pziZjpWoUROqjcy/7gpQA==
Last-Modified: Wed, 29 Aug 2018 18:15:36 GMT
ETag: 0x8D60DDB6B40A3B1
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a64d9899-f01e-009b-4597-a0b551000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:45 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp01840907.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 43653
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 2jOARYFw5gy+pyYC/dDZVQ==
Last-Modified: Fri, 22 Apr 2016 15:41:23 GMT
ETag: 0x8D36AC48EC98375
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 28348583-901e-0065-0997-a08934000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp03328972.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21111
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 0wrSbbtt7KT90pT0jtrVXQ==
Last-Modified: Fri, 22 Apr 2016 16:09:51 GMT
ETag: 0x8D36AC888CEAFBE
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e75ca22d-901e-00f1-6197-a09307000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp03328975.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22594
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 7gEpx8waySu8PWyw9lP8rg==
Last-Modified: Fri, 22 Apr 2016 16:09:51 GMT
ETag: 0x8D36AC889183E51
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a209c062-f01e-003c-4097-a0a3ed000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp0403391901.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1097591
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: v5XpZ+fRzsjv5Ca8ASfT3g==
Last-Modified: Wed, 29 Aug 2018 18:16:09 GMT
ETag: 0x8D60DDB7EAA50F0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 1a005d49-f01e-0085-6f97-a0a7f7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:45 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp03328986.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22340
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: iyn6tQb9ZcIcnNb+a7vBRg==
Last-Modified: Fri, 22 Apr 2016 16:09:52 GMT
ETag: 0x8D36AC889AD573C
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f2e243ab-801e-015b-4097-a04d1c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp03328998.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21357
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: l/W3t+nhKBmZRopcQssS5w==
Last-Modified: Fri, 22 Apr 2016 15:41:43 GMT
ETag: 0x8D36AC49AD89B1B
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7a3a0d17-f01e-00d4-1a97-a07149000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp03328983.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21875
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 5TIDh2JQP/oTcd8D+i4iLQ==
Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
ETag: 0x8D36AC49A5E8527
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4f07f30f-a01e-0083-7997-a098c4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp0345744402.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 295527
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: mgcDXvgCv4n27SVNDbAqsA==
Last-Modified: Wed, 29 Aug 2018 21:59:16 GMT
ETag: 0x8D60DFAA9FC6013
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2e8ae3b8-901e-00ce-1797-a05ba4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp03328990.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 19288
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: uab/cVcZ7p3hZCGrmDynRQ==
Last-Modified: Fri, 22 Apr 2016 15:41:43 GMT
ETag: 0x8D36AC49AB72F69
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 35df8dee-901e-0107-0597-a088b9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp0345746401.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 276650
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: hNjzhI50JMvjgB+VcOBQGA==
Last-Modified: Wed, 29 Aug 2018 18:16:15 GMT
ETag: 0x8D60DDB82865741
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ab9dfb93-301e-007e-3197-a01a6d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp0345747501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 271273
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: IUN4l8m4isLLK7L++SLRkQ==
Last-Modified: Wed, 29 Aug 2018 18:16:49 GMT
ETag: 0x8D60DDB967B9FA5
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: dacba5b7-401e-0105-2397-a08a43000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp0345748501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 2591108
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: vrEqBGTQlsozuupDUs6ADw==
Last-Modified: Wed, 29 Aug 2018 18:18:43 GMT
ETag: 0x8D60DDBDA502B66
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 288124e2-901e-00de-5d97-a09ecc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp0345749101.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 261258
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: ZYKNx76Loc5hrXFCJSrMVA==
Last-Modified: Wed, 29 Aug 2018 18:23:56 GMT
ETag: 0x8D60DDC9562A996
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4f07f447-a01e-0083-5497-a098c4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp0345749601.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 550906
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: HBIxXIYqdFpkfa1UbrQmfg==
Last-Modified: Wed, 29 Aug 2018 18:20:59 GMT
ETag: 0x8D60DDC2BA71326
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e3823abf-901e-010c-3097-a090cd000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp0345750301.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 640684
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: +TNk7sbE/6V2jeVFosNPBw==
Last-Modified: Wed, 29 Aug 2018 18:15:13 GMT
ETag: 0x8D60DDB5D624CF0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4f79bb1e-701e-004d-0e97-a0fe8b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp0345751001.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1065873
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 4RAcym4/7bKLV69MQbUNNw==
Last-Modified: Wed, 29 Aug 2018 18:15:37 GMT
ETag: 0x8D60DDB6BA6E455
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e5d10d7b-501e-0047-7497-a0e171000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp0345751501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 222992
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: Jr6rnM6v5Pvwt8A2JoGp0g==
Last-Modified: Wed, 29 Aug 2018 18:20:50 GMT
ETag: 0x8D60DDC26100537
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 0a3abd66-301e-000c-2897-a01d22000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

WINWORD.EXE

Remote address:

104.110.191.169:443

Request

GET /support/templates/en-us/tp03998158.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 909DAD7E-AC18-4713-A56E-A936C78CFC43
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 42788
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: IaS3txYxwszaX7umN1Hw0g==
Last-Modified: Fri, 22 Apr 2016 15:41:55 GMT
ETag: 0x8D36AC4A24B210A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7b39fde5-701e-00c5-3d97-a04652000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 15 May 2024 12:00:44 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
DNS

160.196.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

160.196.17.2.in-addr.arpa

IN PTR

Response

160.196.17.2.in-addr.arpa

IN PTR

a2-17-196-160deploystaticakamaitechnologiescom
DNS

169.191.110.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

169.191.110.104.in-addr.arpa

IN PTR

Response

169.191.110.104.in-addr.arpa

IN PTR

a104-110-191-169deploystaticakamaitechnologiescom
DNS

57.79.156.94.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.79.156.94.in-addr.arpa

IN PTR

Response
DNS

2.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.173.189.20.in-addr.arpa

IN PTR

Response
DNS

77.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.190.18.2.in-addr.arpa

IN PTR

Response

77.190.18.2.in-addr.arpa

IN PTR

a2-18-190-77deploystaticakamaitechnologiescom
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response

52.109.28.47:443

https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

tls, http

WINWORD.EXE

1.8kB
8.7kB
12
11

HTTP Request

POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

HTTP Response

200
2.17.196.160:443

https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

tls, http

WINWORD.EXE

1.3kB
6.0kB
10
10

HTTP Request

GET https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

tls, http

WINWORD.EXE

2.0kB
37.9kB
25
34

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

tls, http

WINWORD.EXE

2.0kB
37.7kB
25
34

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

tls, http

WINWORD.EXE

1.8kB
37.6kB
23
34

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

tls, http

WINWORD.EXE

6.0kB
265.0kB
104
199

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

tls, http

WINWORD.EXE

1.7kB
34.9kB
20
32

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

tls, http

WINWORD.EXE

1.7kB
37.6kB
21
34

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

tls, http

WINWORD.EXE

21.2kB
751.5kB
374
547

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

tls, http

WINWORD.EXE

66.0kB
3.6MB
1357
2560

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

tls, http

WINWORD.EXE

2.4kB
37.1kB
33
33

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

tls, http

WINWORD.EXE

1.7kB
32.9kB
20
31

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

tls, http

WINWORD.EXE

32.8kB
1.0MB
543
734

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

tls, http

WINWORD.EXE

52.7kB
2.6MB
1073
1898

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

tls, http

WINWORD.EXE

8.4kB
323.7kB
158
240

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

tls, http

WINWORD.EXE

1.8kB
41.8kB
23
37

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

tls, http

WINWORD.EXE

1.7kB
37.1kB
21
34

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

tls, http

WINWORD.EXE

1.7kB
37.1kB
21
34

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

tls, http

WINWORD.EXE

1.8kB
39.0kB
22
35

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

tls, http

WINWORD.EXE

1.7kB
37.7kB
21
34

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

tls, http

WINWORD.EXE

1.8kB
39.8kB
22
36

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

tls, http

WINWORD.EXE

48.6kB
1.9MB
867
1351

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

tls, http

WINWORD.EXE

1.6kB
31.3kB
19
30

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

tls, http

WINWORD.EXE

63.5kB
3.4MB
1299
2443

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

tls, http

WINWORD.EXE

30.3kB
1.4MB
589
1001

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

tls, http

WINWORD.EXE

2.0kB
53.0kB
27
45

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

tls, http

WINWORD.EXE

41.0kB
2.0MB
798
1425

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

tls, http

WINWORD.EXE

23.6kB
749.0kB
387
551

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

tls, http

WINWORD.EXE

2.0kB
50.2kB
26
43

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

tls, http

WINWORD.EXE

1.6kB
26.9kB
18
27

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

tls, http

WINWORD.EXE

27.2kB
1.2MB
512
844

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

tls, http

WINWORD.EXE

1.8kB
25.5kB
19
24

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

tls, http

WINWORD.EXE

1.7kB
23.1kB
17
23

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

tls, http

WINWORD.EXE

1.8kB
24.5kB
19
25

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

tls, http

WINWORD.EXE

8.8kB
306.0kB
148
226

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

tls, http

WINWORD.EXE

1.6kB
21.0kB
16
22

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

tls, http

WINWORD.EXE

6.9kB
286.5kB
125
213

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

tls, http

WINWORD.EXE

6.6kB
281.0kB
119
208

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

tls, http

WINWORD.EXE

52.6kB
2.7MB
1071
1927

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

tls, http

WINWORD.EXE

5.7kB
270.6kB
105
201

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

tls, http

WINWORD.EXE

15.6kB
569.6kB
280
417

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

tls, http

WINWORD.EXE

18.8kB
662.2kB
333
484

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

tls, http

WINWORD.EXE

26.9kB
1.1MB
532
795

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

tls, http

WINWORD.EXE

5.1kB
231.2kB
91
173

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

HTTP Response

200
104.110.191.169:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

tls, http

WINWORD.EXE

2.0kB
45.3kB
25
40

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

HTTP Response

200
94.156.79.57:1443

AddInProcess32.exe

487 B
322 B
8
7

8.8.8.8:53

239.249.30.184.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

239.249.30.184.in-addr.arpa
8.8.8.8:53

18.89.109.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

18.89.109.52.in-addr.arpa
8.8.8.8:53

roaming.officeapps.live.com

dns

WINWORD.EXE

73 B
244 B
1
1

DNS Request

roaming.officeapps.live.com

DNS Response

52.109.28.47
8.8.8.8:53

47.28.109.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

47.28.109.52.in-addr.arpa
8.8.8.8:53

79.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

79.190.18.2.in-addr.arpa
8.8.8.8:53

0.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

0.159.190.20.in-addr.arpa
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

19.229.111.52.in-addr.arpa
8.8.8.8:53

13.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.173.189.20.in-addr.arpa
8.8.8.8:53

metadata.templates.cdn.office.net

dns

WINWORD.EXE

79 B
231 B
1
1

DNS Request

metadata.templates.cdn.office.net

DNS Response

2.17.196.160

2.17.196.82
8.8.8.8:53

binaries.templates.cdn.office.net

dns

WINWORD.EXE

79 B
202 B
1
1

DNS Request

binaries.templates.cdn.office.net

DNS Response

104.110.191.169

104.110.191.165
8.8.8.8:53

160.196.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

160.196.17.2.in-addr.arpa
8.8.8.8:53

169.191.110.104.in-addr.arpa

dns

74 B
141 B
1
1

DNS Request

169.191.110.104.in-addr.arpa
8.8.8.8:53

57.79.156.94.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

57.79.156.94.in-addr.arpa
8.8.8.8:53

2.173.189.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.173.189.20.in-addr.arpa
8.8.8.8:53

77.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

77.190.18.2.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

14.227.111.52.in-addr.arpa

DNS Request

14.227.111.52.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Klog.dat

Filesize
578B

MD5
aea50de80ee06f58ca7269d995643107

SHA1
8831309e7dabf84406619ce6329d758bbef0b751

SHA256
e03fff1947e32a2206de556197b51f0ca0798c2023b0e742e25320abd5ee8f8e

SHA512
c6815dd334043ec8c762ad50b85a458d651c952f70aa8231c96e16c079484c69faa96338d84d5c743d8f522b5479678b56db48810fa6c0c052f8d40dc2f70f20

Download Submit
C:\Users\Admin\AppData\Local\Temp\rupedoras.exe

Filesize
11.2MB

MD5
d483c1a9718cf5d880b3cce5d6ff7423

SHA1
72be5e949dd6923a43e7eaab1811baea4bc4b644

SHA256
8df595a1528a09fdcfe237a7dd1009d1380a886875747d1b145925968463f7bd

SHA512
370e220b3bdb617a12479db075ee26741075306ce7a72237115b2d79c452baadf931ccf3b422e9d0ef1eb0138316c3233f3ecd27074f3e797dc20ee974eb6fe4

Download Submit
C:\Users\Admin\AppData\Local\Temp\zapros.docx

Filesize
11KB

MD5
9871272af8b06b484f0529c10350a910

SHA1
707979b027f371989fb71e36795b652a2d466592

SHA256
c2a256547433bec8d7afbed923f453eb2df978f18ed498e82bb2b244b126a9f3

SHA512
5bd60de706ed3ef717177b08fa69ebc8117fe52bf53e896b91d102430b4b976b136f2df75fe4d1cb9cf16f5e73052e030e364bdf212148b1471e9c2b99f76a4c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851218[[fn=gb]].xsl

Filesize
262KB

MD5
51d32ee5bc7ab811041f799652d26e04

SHA1
412193006aa3ef19e0a57e16acf86b830993024a

SHA256
6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

SHA512
5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

Download Submit
C:\Users\Admin\Desktop\Predstavlenie № 6-51-2024 .docx.exe

Filesize
11.3MB

MD5
45ae0c08a1fb98fe77e4cd127b79ef7d

SHA1
12c7847fc2567ee9e6c0010f5c311753c017fa48

SHA256
bb8165b8f60818061d12cac775d8d41436b16c9b40e01071fca7fb96f6ef435e

SHA512
21cc13630fc1fe3bea4d45e356e63d4e94db7357040793b4d091ef75b2cf05191037380c493b944d1ecf748b9bd9935f1f91ba0c8654c57dbbe4530ab4fff4cd

Download Submit
memory/1892-698-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1892-701-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1892-700-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1892-702-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1892-703-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1892-704-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/4160-197-0x0000000006E50000-0x0000000006E5A000-memory.dmp

Filesize
40KB

Download
memory/4160-156-0x0000000000400000-0x0000000001F60000-memory.dmp

Filesize
27.4MB

Download
memory/4160-195-0x00000000064F0000-0x000000000658C000-memory.dmp

Filesize
624KB

Download
memory/4160-194-0x0000000006450000-0x00000000064E2000-memory.dmp

Filesize
584KB

Download
memory/4160-193-0x0000000006600000-0x0000000006AFE000-memory.dmp

Filesize
5.0MB

Download
memory/4160-707-0x0000000000400000-0x0000000001F60000-memory.dmp

Filesize
27.4MB

Download
memory/4160-196-0x0000000006DE0000-0x0000000006E24000-memory.dmp

Filesize
272KB

Download
memory/4160-676-0x0000000007FE0000-0x0000000007FFA000-memory.dmp

Filesize
104KB

Download
memory/4160-677-0x0000000008040000-0x0000000008046000-memory.dmp

Filesize
24KB

Download
memory/4160-679-0x0000000000400000-0x0000000001F60000-memory.dmp

Filesize
27.4MB

Download
memory/4160-191-0x0000000000400000-0x0000000001F60000-memory.dmp

Filesize
27.4MB

Download
memory/4160-192-0x0000000000400000-0x0000000001F60000-memory.dmp

Filesize
27.4MB

Download
memory/4984-9-0x00007FF83CB40000-0x00007FF83CB50000-memory.dmp

Filesize
64KB

Download
memory/4984-10-0x00007FF83CB40000-0x00007FF83CB50000-memory.dmp

Filesize
64KB

Download
memory/4984-11-0x00007FF83CB40000-0x00007FF83CB50000-memory.dmp

Filesize
64KB

Download
memory/4984-14-0x00007FF838FD0000-0x00007FF838FE0000-memory.dmp

Filesize
64KB

Download
memory/4984-15-0x00007FF838FD0000-0x00007FF838FE0000-memory.dmp

Filesize
64KB

Download
memory/4984-8-0x00007FF83CB40000-0x00007FF83CB50000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response