Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

97647fadeb...18.exe

windows7-x64

7

97647fadeb...18.exe

windows10-2004-x64

7

$PLUGINSDI...se.dll

windows7-x64

3

$PLUGINSDI...se.dll

windows10-2004-x64

3

$PLUGINSDI...se.rtf

windows7-x64

4

$PLUGINSDI...se.rtf

windows10-2004-x64

1

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDIR/Math.dll

windows7-x64

3

$PLUGINSDIR/Math.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ub.exe

windows7-x64

7

$PLUGINSDI...ub.exe

windows10-2004-x64

7

$PLUGINSDI...se.rtf

windows7-x64

4

$PLUGINSDI...se.rtf

windows10-2004-x64

1

$PLUGINSDI...se.rtf

windows7-x64

4

$PLUGINSDI...se.rtf

windows10-2004-x64

1

$PLUGINSDI...ib.dll

windows7-x64

3

$PLUGINSDI...ib.dll

windows10-2004-x64

3

$PLUGINSDI...BL.rtf

windows7-x64

4

$PLUGINSDI...BL.rtf

windows10-2004-x64

1

$PLUGINSDI...CF.rtf

windows7-x64

4

$PLUGINSDI...CF.rtf

windows10-2004-x64

1

$PLUGINSDI...DS.rtf

windows7-x64

4

$PLUGINSDI...DS.rtf

windows10-2004-x64

1

$PLUGINSDI...PC.rtf

windows7-x64

4

$PLUGINSDI...PC.rtf

windows10-2004-x64

1

$PLUGINSDI...IM.rtf

windows7-x64

4

$PLUGINSDI...IM.rtf

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/08/2024, 19:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/license_BL.rtf

  • Size

    80KB

  • MD5

    007d1fccfd621cf3a8a829b1103c5f62

  • SHA1

    8f42d5f6644f933091ead409f414505ddf9789ae

  • SHA256

    cc6534428c6239f68d39ec82d1325c24e17e7e8085acd36ba1a61bbe22c4d4f6

  • SHA512

    0e03304c05f002e2bbd4321794b53da7bc37a4d55f56599e742d03b000fcf39435892d73f0947b3e885c15d7e1c3aee6c6f19228b41df9411ddca2c694d8f970

  • SSDEEP

    768:+M6bkuFuQAF6XcONYwIcCNftkpLvRYMHX6YXL5UMHX6YhL5UMHX6YyLvRYMHX6Ya:ZyBcDe+vISM93jWPUUOR

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\license_BL.rtf" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4720

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    73.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.144.22.2.in-addr.arpa
    IN PTR
    Response
    73.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-73deploystaticakamaitechnologiescom
  • flag-us
    DNS
    roaming.officeapps.live.com
    WINWORD.EXE
    Remote address:
    8.8.8.8:53
    Request
    roaming.officeapps.live.com
    IN A
    Response
    roaming.officeapps.live.com
    IN CNAME
    prod.roaming1.live.com.akadns.net
    prod.roaming1.live.com.akadns.net
    IN CNAME
    eur.roaming1.live.com.akadns.net
    eur.roaming1.live.com.akadns.net
    IN CNAME
    weu-azsc-000.roaming.officeapps.live.com
    weu-azsc-000.roaming.officeapps.live.com
    IN CNAME
    osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com
    osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com
    IN A
    52.109.89.19
  • flag-nl
    POST
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    WINWORD.EXE
    Remote address:
    52.109.89.19:443
    Request
    POST /rs/RoamingSoapService.svc HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/xml; charset=utf-8
    User-Agent: MS-WebServices/1.0
    SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
    Content-Length: 511
    Host: roaming.officeapps.live.com
    Response
    HTTP/1.1 200 OK
    Cache-Control: private
    Content-Type: text/xml; charset=utf-8
    Server: Microsoft-IIS/10.0
    X-OfficeFE: RoamingFE_IN_182
    X-OfficeVersion: 16.0.18004.30575
    X-OfficeCluster: weu-000.roaming.officeapps.live.com
    X-CorrelationId: ab826da9-80f9-43b4-bebc-154a03a76f57
    X-Powered-By: ASP.NET
    Date: Wed, 14 Aug 2024 19:37:33 GMT
    Content-Length: 654
  • flag-us
    DNS
    2.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.76.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.76.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.89.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.89.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.64.52.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.64.52.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    metadata.templates.cdn.office.net
    WINWORD.EXE
    Remote address:
    8.8.8.8:53
    Request
    metadata.templates.cdn.office.net
    IN A
    Response
    metadata.templates.cdn.office.net
    IN CNAME
    templatesmetadata.office.net
    templatesmetadata.office.net
    IN CNAME
    templatesmetadata.office.net.edgekey.net
    templatesmetadata.office.net.edgekey.net
    IN CNAME
    e26769.dscb.akamaiedge.net
    e26769.dscb.akamaiedge.net
    IN A
    92.123.26.217
    e26769.dscb.akamaiedge.net
    IN A
    92.123.26.202
  • flag-gb
    GET
    https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
    WINWORD.EXE
    Remote address:
    92.123.26.217:443
    Request
    GET /client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: CA85A96B-D2C3-4171-88B0-DC5B502B34DA
    Host: metadata.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Type: text/xml
    Server: Kestrel
    Content-Encoding: gzip
    Content-Length: 1265
    Cache-Control: max-age=206043
    Date: Wed, 14 Aug 2024 19:37:48 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-us
    DNS
    binaries.templates.cdn.office.net
    WINWORD.EXE
    Remote address:
    8.8.8.8:53
    Request
    binaries.templates.cdn.office.net
    IN A
    Response
    binaries.templates.cdn.office.net
    IN CNAME
    binaries.templates.cdn.office.net.edgesuite.net
    binaries.templates.cdn.office.net.edgesuite.net
    IN CNAME
    a1847.dscg2.akamai.net
    a1847.dscg2.akamai.net
    IN A
    173.222.211.24
    a1847.dscg2.akamai.net
    IN A
    173.222.211.57
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab
    WINWORD.EXE
    Remote address:
    173.222.211.24:443
    Request
    GET /support/templates/en-us/tp02851216.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: CA85A96B-D2C3-4171-88B0-DC5B502B34DA
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 34816
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: YoYxJM3NoTXswOcieCy4iA==
    Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
    ETag: 0x8D36AC8813CE0D3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 01a9fe93-e01e-0020-0397-a0f18d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Wed, 14 Aug 2024 19:37:52 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab
    WINWORD.EXE
    Remote address:
    173.222.211.24:443
    Request
    GET /support/templates/en-us/tp02851227.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: CA85A96B-D2C3-4171-88B0-DC5B502B34DA
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31471
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: karb7EFxz6gpK2GEkvXvNA==
    Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
    ETag: 0x8D36AC8848A0495
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: c81084a1-301e-0023-0625-b910e9000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Wed, 14 Aug 2024 19:37:51 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab
    WINWORD.EXE
    Remote address:
    173.222.211.24:443
    Request
    GET /support/templates/en-us/tp02851217.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: CA85A96B-D2C3-4171-88B0-DC5B502B34DA
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 33610
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: UYBOJVxXMXYDn01bVcEqsg==
    Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
    ETag: 0x8D36AC881987151
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 99ba29f3-501e-00ee-1a97-a02003000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Wed, 14 Aug 2024 19:37:49 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab
    WINWORD.EXE
    Remote address:
    173.222.211.24:443
    Request
    GET /support/templates/en-us/tp02835233.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: CA85A96B-D2C3-4171-88B0-DC5B502B34DA
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 46413
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: xFXEvEvsng2mfE0eU+RtWg==
    Last-Modified: Fri, 22 Apr 2016 16:09:25 GMT
    ETag: 0x8D36AC879BBB45C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: bcca83ea-301e-000c-1015-b91d22000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Wed, 14 Aug 2024 19:37:51 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab
    WINWORD.EXE
    Remote address:
    173.222.211.24:443
    Request
    GET /support/templates/en-us/tp02851218.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: CA85A96B-D2C3-4171-88B0-DC5B502B34DA
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31835
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: kqgZ1DSoquosZfDMLzO7Og==
    Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
    ETag: 0x8D36AC881E66CE5
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 7ac92116-501e-008c-3524-b9e224000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Wed, 14 Aug 2024 19:37:52 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab
    WINWORD.EXE
    Remote address:
    173.222.211.24:443
    Request
    GET /support/templates/en-us/tp02851220.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: CA85A96B-D2C3-4171-88B0-DC5B502B34DA
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31482
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 8Q35ApgPHVvuqWssZoQIpw==
    Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
    ETag: 0x8D36AC8827914A7
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d704013f-301e-015e-1697-a09fc7000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Wed, 14 Aug 2024 19:37:53 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab
    WINWORD.EXE
    Remote address:
    173.222.211.24:443
    Request
    GET /support/templates/en-us/tp02851219.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: CA85A96B-D2C3-4171-88B0-DC5B502B34DA
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31605
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: ae2zv4HJn+ipS7oDQIxa4Q==
    Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
    ETag: 0x8D36AC8822FFB6E
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d1eac4bf-d01e-0092-5897-a00efc000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Wed, 14 Aug 2024 19:37:54 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab
    WINWORD.EXE
    Remote address:
    173.222.211.24:443
    Request
    GET /support/templates/en-us/tp02851222.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: CA85A96B-D2C3-4171-88B0-DC5B502B34DA
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 28911
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: bXh7HiI9trkbaSOAYsyocg==
    Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
    ETag: 0x8D36AC8830E54C8
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 2bee5db1-501e-00ee-2682-b92003000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Wed, 14 Aug 2024 19:37:50 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab
    WINWORD.EXE
    Remote address:
    173.222.211.24:443
    Request
    GET /support/templates/en-us/tp02851224.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: CA85A96B-D2C3-4171-88B0-DC5B502B34DA
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 30957
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 08kDbk4RWegysbTS6dQr8A==
    Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
    ETag: 0x8D36AC883A171B7
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 7a3535a8-301e-0103-55f4-b69543000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Wed, 14 Aug 2024 19:37:53 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab
    WINWORD.EXE
    Remote address:
    173.222.211.24:443
    Request
    GET /support/templates/en-us/tp02851223.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: CA85A96B-D2C3-4171-88B0-DC5B502B34DA
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 32833
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: IFr1FgTvlu8ejmAhJUH3Qg==
    Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
    ETag: 0x8D36AC88357BC32
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 29d802a9-701e-006f-6997-a080d9000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Wed, 14 Aug 2024 19:37:54 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab
    WINWORD.EXE
    Remote address:
    173.222.211.24:443
    Request
    GET /support/templates/en-us/tp02851226.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: CA85A96B-D2C3-4171-88B0-DC5B502B34DA
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 35519
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: U+6dpJ0LhDVwOOzzdoONLg==
    Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
    ETag: 0x8D36AC88440C433
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 19a4e9a0-101e-0104-7797-a0f920000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Wed, 14 Aug 2024 19:37:54 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab
    WINWORD.EXE
    Remote address:
    173.222.211.24:443
    Request
    GET /support/templates/en-us/tp02851225.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: CA85A96B-D2C3-4171-88B0-DC5B502B34DA
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31008
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 4DPMvHunh6L4JM4JUuV9RA==
    Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
    ETag: 0x8D36AC883F49D7D
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: b3f59ba9-f01e-00aa-4597-a0aa3c000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Wed, 14 Aug 2024 19:37:49 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab
    WINWORD.EXE
    Remote address:
    173.222.211.24:443
    Request
    GET /support/templates/en-us/tp02851221.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: CA85A96B-D2C3-4171-88B0-DC5B502B34DA
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31562
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: HW+Oc6BmKkjTMgkKTIyJjw==
    Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
    ETag: 0x8D36AC882C4ED43
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: e4f000bb-501e-0148-0297-a06910000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Wed, 14 Aug 2024 19:37:54 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    DNS
    217.26.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.26.123.92.in-addr.arpa
    IN PTR
    Response
    217.26.123.92.in-addr.arpa
    IN PTR
    a92-123-26-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    217.26.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.26.123.92.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    24.211.222.173.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    24.211.222.173.in-addr.arpa
    IN PTR
    Response
    24.211.222.173.in-addr.arpa
    IN PTR
    a173-222-211-24deploystaticakamaitechnologiescom
  • flag-us
    DNS
    24.211.222.173.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    24.211.222.173.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    147.142.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    147.142.123.92.in-addr.arpa
    IN PTR
    Response
    147.142.123.92.in-addr.arpa
    IN PTR
    a92-123-142-147deploystaticakamaitechnologiescom
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418549_1ZU8FEFK0ERHP4923&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418549_1ZU8FEFK0ERHP4923&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 785290
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 07870DF7D7154F6A88C609B6CE6847DB Ref B: LON04EDGE0808 Ref C: 2024-08-14T19:39:13Z
    date: Wed, 14 Aug 2024 19:39:13 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418550_1B8YD3DMBL24NYO16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418550_1B8YD3DMBL24NYO16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 746576
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 6F0625CB690A43E0966B7622C906C895 Ref B: LON04EDGE0808 Ref C: 2024-08-14T19:39:13Z
    date: Wed, 14 Aug 2024 19:39:13 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388090_10COBJKKIBLJ6TLQ0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239339388090_10COBJKKIBLJ6TLQ0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 657438
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9F64A954BC414FA3AC8656AC28D6E4B5 Ref B: LON04EDGE0808 Ref C: 2024-08-14T19:39:13Z
    date: Wed, 14 Aug 2024 19:39:13 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388089_1YWQX3ZEHR4OT6WAR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239339388089_1YWQX3ZEHR4OT6WAR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 729980
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E2467490919C46DAA84D649F266DA047 Ref B: LON04EDGE0808 Ref C: 2024-08-14T19:39:13Z
    date: Wed, 14 Aug 2024 19:39:13 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301094_1ZX0523MAABCARXR5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301094_1ZX0523MAABCARXR5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 741206
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: BF39BEFAC2DD4B2F827F4DC7A7C02BE9 Ref B: LON04EDGE0808 Ref C: 2024-08-14T19:39:14Z
    date: Wed, 14 Aug 2024 19:39:14 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301527_1R0WB31C7EYYSTJK4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301527_1R0WB31C7EYYSTJK4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 544626
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7A22E7D18BF045CEB10C7248C6940C68 Ref B: LON04EDGE0808 Ref C: 2024-08-14T19:39:15Z
    date: Wed, 14 Aug 2024 19:39:15 GMT
  • 52.109.89.19:443
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    tls, http
    WINWORD.EXE
    1.7kB
     7.7kB
     11
    10

    HTTP Request

    POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

    HTTP Response

    200
  • 92.123.26.217:443
    https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
    tls, http
    WINWORD.EXE
    1.4kB
     7.2kB
     10
    9

    HTTP Request

    GET https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

    HTTP Response

    200
  • 173.222.211.24:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab
    tls, http
    WINWORD.EXE
    2.4kB
     41.1kB
     26
    35

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

    HTTP Response

    200
  • 173.222.211.24:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab
    tls, http
    WINWORD.EXE
    2.5kB
     40.1kB
     24
    33

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

    HTTP Response

    200
  • 173.222.211.24:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab
    tls, http
    WINWORD.EXE
    2.7kB
     42.4kB
     34
    35

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

    HTTP Response

    200
  • 173.222.211.24:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab
    tls, http
    WINWORD.EXE
    2.2kB
     52.8kB
     26
    42

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

    HTTP Response

    200
  • 173.222.211.24:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab
    tls, http
    WINWORD.EXE
    2.5kB
     37.7kB
     23
    31

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

    HTTP Response

    200
  • 173.222.211.24:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab
    tls, http
    WINWORD.EXE
    2.9kB
     41.1kB
     29
    34

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

    HTTP Response

    200
  • 173.222.211.24:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab
    tls, http
    WINWORD.EXE
    2.5kB
     37.5kB
     25
    32

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

    HTTP Response

    200
  • 173.222.211.24:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab
    tls, http
    WINWORD.EXE
    2.7kB
     36.1kB
     30
    30

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

    HTTP Response

    200
  • 173.222.211.24:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab
    tls, http
    WINWORD.EXE
    2.1kB
     36.8kB
     21
    31

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

    HTTP Response

    200
  • 173.222.211.24:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab
    tls, http
    WINWORD.EXE
    2.5kB
     38.8kB
     34
    32

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

    HTTP Response

    200
  • 173.222.211.24:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab
    tls, http
    WINWORD.EXE
    1.8kB
     41.5kB
     23
    34

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

    HTTP Response

    200
  • 173.222.211.24:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab
    tls, http
    WINWORD.EXE
    2.8kB
     41.0kB
     34
    33

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

    HTTP Response

    200
  • 173.222.211.24:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab
    tls, http
    WINWORD.EXE
    2.5kB
     37.4kB
     32
    31

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

    HTTP Response

    200
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301527_1R0WB31C7EYYSTJK4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    150.2kB
     4.4MB
     3179
    3172

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418549_1ZU8FEFK0ERHP4923&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418550_1B8YD3DMBL24NYO16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388090_10COBJKKIBLJ6TLQ0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388089_1YWQX3ZEHR4OT6WAR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301094_1ZX0523MAABCARXR5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301527_1R0WB31C7EYYSTJK4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
     6.9kB
     16
    13
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    tls
    69 B
     283 B
     1
    1
  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    73.144.22.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    73.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    roaming.officeapps.live.com
    dns
    WINWORD.EXE
    73 B
     247 B
     1
    1

    DNS Request

    roaming.officeapps.live.com

    DNS Response

    52.109.89.19

  • 8.8.8.8:53
    2.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    240.76.109.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    240.76.109.52.in-addr.arpa

  • 8.8.8.8:53
    19.89.109.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    19.89.109.52.in-addr.arpa

  • 8.8.8.8:53
    43.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    43.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    200.64.52.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    200.64.52.20.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    metadata.templates.cdn.office.net
    dns
    WINWORD.EXE
    79 B
     231 B
     1
    1

    DNS Request

    metadata.templates.cdn.office.net

    DNS Response

    92.123.26.217
    92.123.26.202

  • 8.8.8.8:53
    binaries.templates.cdn.office.net
    dns
    WINWORD.EXE
    79 B
     202 B
     1
    1

    DNS Request

    binaries.templates.cdn.office.net

    DNS Response

    173.222.211.24
    173.222.211.57

  • 8.8.8.8:53
    217.26.123.92.in-addr.arpa
    dns
    144 B
     137 B
     2
    1

    DNS Request

    217.26.123.92.in-addr.arpa

    DNS Request

    217.26.123.92.in-addr.arpa

  • 8.8.8.8:53
    24.211.222.173.in-addr.arpa
    dns
    146 B
     139 B
     2
    1

    DNS Request

    24.211.222.173.in-addr.arpa

    DNS Request

    24.211.222.173.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    147.142.123.92.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    147.142.123.92.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.28.10
    150.171.27.10

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TCDE2F4.tmp\iso690.xsl
    Filesize

    263KB

    MD5

    ff0e07eff1333cdf9fc2523d323dd654

    SHA1

    77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

    SHA256

    3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

    SHA512

    b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    2KB

    MD5

    86da650d0430c4826dc5b7bbe2d031b2

    SHA1

    6d67425363aa355c87c88cf5758d8bcc40390ea6

    SHA256

    277aebb68645d18dac9108dfa5bf74ac77c2a1ef7bddddc0ff9ea185a4e60d96

    SHA512

    8e35e869998a209c037cd9355481f35399a38d9c1250577f5b60419d5590b20153526319fa5a5e8c79550344f61ca313376cd1fe7ce7d37dad18788bdc5b2bfa

    Download Submit

  • memory/4720-21-0x00007FF898BD0000-0x00007FF898DC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4720-182-0x00007FF858C50000-0x00007FF858C60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4720-5-0x00007FF898C6D000-0x00007FF898C6E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4720-3-0x00007FF858C50000-0x00007FF858C60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4720-19-0x00007FF8565F0000-0x00007FF856600000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4720-9-0x00007FF898BD0000-0x00007FF898DC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4720-12-0x00007FF898BD0000-0x00007FF898DC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4720-11-0x00007FF898BD0000-0x00007FF898DC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4720-13-0x00007FF8565F0000-0x00007FF856600000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4720-14-0x00007FF898BD0000-0x00007FF898DC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4720-8-0x00007FF898BD0000-0x00007FF898DC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4720-17-0x00007FF898BD0000-0x00007FF898DC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4720-4-0x00007FF858C50000-0x00007FF858C60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4720-2-0x00007FF858C50000-0x00007FF858C60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4720-10-0x00007FF898BD0000-0x00007FF898DC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4720-18-0x00007FF898BD0000-0x00007FF898DC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4720-16-0x00007FF898BD0000-0x00007FF898DC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4720-15-0x00007FF898BD0000-0x00007FF898DC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4720-7-0x00007FF898BD0000-0x00007FF898DC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4720-6-0x00007FF898BD0000-0x00007FF898DC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4720-1-0x00007FF858C50000-0x00007FF858C60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4720-0-0x00007FF858C50000-0x00007FF858C60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4720-160-0x00007FF898BD0000-0x00007FF898DC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4720-20-0x00007FF898BD0000-0x00007FF898DC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4720-184-0x00007FF858C50000-0x00007FF858C60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4720-185-0x00007FF858C50000-0x00007FF858C60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4720-183-0x00007FF858C50000-0x00007FF858C60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4720-186-0x00007FF898BD0000-0x00007FF898DC5000-memory.dmp

    Filesize

    2.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.