Analysis

  • max time kernel
    102s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-09-2024 15:39

General

  • Target

    e725fdbb26a61f9f037406969f2618de_JaffaCakes118.exe

  • Size

    816KB

  • MD5

    e725fdbb26a61f9f037406969f2618de

  • SHA1

    8c07c84296c35fd93ba0499856f12ee45128cf18

  • SHA256

    5170180a716eaf47159bf537707410dfb75dc5e78fbc79e6697f393e2d7a208c

  • SHA512

    0972faba8e0a230382ac3ac0fc832e658dece7b2f1774238e2e7525eb86fd4032fc7805844bca427fd6237c8b2502980cc58522aa236d91f05a9d5b15db9117a

  • SSDEEP

    3072:hWe51vVRpJMFkstvxxrHA7ZFx+UMFQowJKfpThp+38uEEDUOIg:9st7rHA7xbMeLKDpKwpg

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://104.248.41.209:80/ZXq9

http://104.248.41.209:80/Oz1b

Attributes
  • headers User-Agent: Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request 1 IoCs
  • Suspicious Office macro 1 IoCs

    Office document equipped with macros.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e725fdbb26a61f9f037406969f2618de_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e725fdbb26a61f9f037406969f2618de_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4728
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\fundraiser_protected.docm" /o ""
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5048
      • C:\Windows\SysWOW64\rundll32.exe
        C:\Windows\SysWOW64\rundll32.exe
        3⤵
        • Process spawned unexpected child process
        • Blocklisted process makes network request
        • System Location Discovery: System Language Discovery
        PID:620

Network

  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.143.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.143.123.92.in-addr.arpa
    IN PTR
    Response
    240.143.123.92.in-addr.arpa
    IN PTR
    a92-123-143-240deploystaticakamaitechnologiescom
  • flag-us
    DNS
    6.181.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    6.181.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    roaming.officeapps.live.com
    WINWORD.EXE
    Remote address:
    8.8.8.8:53
    Request
    roaming.officeapps.live.com
    IN A
    Response
    roaming.officeapps.live.com
    IN CNAME
    prod.roaming1.live.com.akadns.net
    prod.roaming1.live.com.akadns.net
    IN CNAME
    eur.roaming1.live.com.akadns.net
    eur.roaming1.live.com.akadns.net
    IN CNAME
    neu-azsc-000.roaming.officeapps.live.com
    neu-azsc-000.roaming.officeapps.live.com
    IN CNAME
    osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com
    osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com
    IN A
    52.109.76.243
  • flag-ie
    POST
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    WINWORD.EXE
    Remote address:
    52.109.76.243:443
    Request
    POST /rs/RoamingSoapService.svc HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/xml; charset=utf-8
    User-Agent: MS-WebServices/1.0
    SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
    Content-Length: 511
    Host: roaming.officeapps.live.com
    Response
    HTTP/1.1 200 OK
    Cache-Control: private
    Content-Type: text/xml; charset=utf-8
    Server: Microsoft-IIS/10.0
    X-OfficeFE: RoamingFE_IN_40
    X-OfficeVersion: 16.0.18108.30576
    X-OfficeCluster: neu-000.roaming.officeapps.live.com
    X-CorrelationId: efda63c9-2525-4e6e-a79f-03e5819b60b4
    X-Powered-By: ASP.NET
    Date: Tue, 17 Sep 2024 15:39:45 GMT
    Content-Length: 654
  • flag-us
    DNS
    240.76.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.76.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    29.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.243.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    243.76.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    243.76.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    metadata.templates.cdn.office.net
    WINWORD.EXE
    Remote address:
    8.8.8.8:53
    Request
    metadata.templates.cdn.office.net
    IN A
    Response
    metadata.templates.cdn.office.net
    IN CNAME
    templatesmetadata.office.net
    templatesmetadata.office.net
    IN CNAME
    templatesmetadata.office.net.edgekey.net
    templatesmetadata.office.net.edgekey.net
    IN CNAME
    e26769.dscb.akamaiedge.net
    e26769.dscb.akamaiedge.net
    IN A
    92.123.26.202
    e26769.dscb.akamaiedge.net
    IN A
    92.123.26.217
  • flag-gb
    GET
    https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
    WINWORD.EXE
    Remote address:
    92.123.26.202:443
    Request
    GET /client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: metadata.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Type: text/xml
    Server: Kestrel
    Content-Encoding: gzip
    Content-Length: 1265
    Cache-Control: max-age=187296
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-us
    DNS
    binaries.templates.cdn.office.net
    WINWORD.EXE
    Remote address:
    8.8.8.8:53
    Request
    binaries.templates.cdn.office.net
    IN A
    Response
    binaries.templates.cdn.office.net
    IN CNAME
    binaries.templates.cdn.office.net.edgesuite.net
    binaries.templates.cdn.office.net.edgesuite.net
    IN CNAME
    a1847.dscg2.akamai.net
    a1847.dscg2.akamai.net
    IN A
    173.222.211.57
    a1847.dscg2.akamai.net
    IN A
    173.222.211.24
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp01840907.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 43653
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 2jOARYFw5gy+pyYC/dDZVQ==
    Last-Modified: Fri, 22 Apr 2016 16:08:15 GMT
    ETag: 0x8D36AC84F8E1FB0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d47d4a02-201e-00a9-0e0f-ba4b58000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0309043402.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 723359
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: dIpTxr3Vzpe9VKdsejNChg==
    Last-Modified: Wed, 29 Aug 2018 18:14:30 GMT
    ETag: 0x8D60DDB43B59EC5
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: b73fb8ce-601e-005c-4e97-a0df72000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328884.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22008
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: q78QzulIDkHYEnfpU4+Yyw==
    Last-Modified: Fri, 22 Apr 2016 16:10:17 GMT
    ETag: 0x8D36AC8987823BE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: f3206081-b01e-0002-7f97-a03492000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02835233.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 46413
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: xFXEvEvsng2mfE0eU+RtWg==
    Last-Modified: Fri, 22 Apr 2016 16:09:25 GMT
    ETag: 0x8D36AC879BBB45C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: bcca83ea-301e-000c-1015-b91d22000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851217.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 33610
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: UYBOJVxXMXYDn01bVcEqsg==
    Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
    ETag: 0x8D36AC881987151
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 99ba29f3-501e-00ee-1a97-a02003000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851216.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 34816
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: YoYxJM3NoTXswOcieCy4iA==
    Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
    ETag: 0x8D36AC8813CE0D3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 01a9fe93-e01e-0020-0397-a0f18d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851219.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31605
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: ae2zv4HJn+ipS7oDQIxa4Q==
    Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
    ETag: 0x8D36AC8822FFB6E
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d1eac4bf-d01e-0092-5897-a00efc000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0345750301.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 640684
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: +TNk7sbE/6V2jeVFosNPBw==
    Last-Modified: Wed, 29 Aug 2018 18:15:13 GMT
    ETag: 0x8D60DDB5D624CF0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 7adc3bba-701e-004d-4a96-8afe8b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851221.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31562
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: HW+Oc6BmKkjTMgkKTIyJjw==
    Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
    ETag: 0x8D36AC882C4ED43
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: e4f000bb-501e-0148-0297-a06910000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0345751001.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1065873
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 4RAcym4/7bKLV69MQbUNNw==
    Last-Modified: Wed, 29 Aug 2018 18:15:37 GMT
    ETag: 0x8D60DDB6BA6E455
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 9ae00d4d-001e-0028-7797-a0eb82000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851220.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31482
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 8Q35ApgPHVvuqWssZoQIpw==
    Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
    ETag: 0x8D36AC8827914A7
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d704013f-301e-015e-1697-a09fc7000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0345749601.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 550906
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: HBIxXIYqdFpkfa1UbrQmfg==
    Last-Modified: Wed, 29 Aug 2018 18:21:00 GMT
    ETag: 0x8D60DDC2BE7DF3C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 0414ccae-601e-0011-165a-b9109e000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851222.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 28911
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: bXh7HiI9trkbaSOAYsyocg==
    Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
    ETag: 0x8D36AC8830E54C8
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 2bee5db1-501e-00ee-2682-b92003000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851223.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 32833
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: IFr1FgTvlu8ejmAhJUH3Qg==
    Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
    ETag: 0x8D36AC88357BC32
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 29d802a9-701e-006f-6997-a080d9000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851225.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31008
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 4DPMvHunh6L4JM4JUuV9RA==
    Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
    ETag: 0x8D36AC883F49D7D
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: b3f59ba9-f01e-00aa-4597-a0aa3c000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851227.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31471
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: karb7EFxz6gpK2GEkvXvNA==
    Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
    ETag: 0x8D36AC8848A0495
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: c81084a1-301e-0023-0625-b910e9000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851226.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 35519
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: U+6dpJ0LhDVwOOzzdoONLg==
    Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
    ETag: 0x8D36AC88440C433
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: b3f59b25-f01e-00aa-4f97-a0aa3c000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851218.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31835
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: kqgZ1DSoquosZfDMLzO7Og==
    Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
    ETag: 0x8D36AC881E66CE5
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 7ac92116-501e-008c-3524-b9e224000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0309043001.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 307348
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: DrxFqg5nzENdB0VDg3H5SA==
    Last-Modified: Wed, 29 Aug 2018 18:20:24 GMT
    ETag: 0x8D60DDC169CBCB0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 875b64ee-b01e-0079-1097-a05123000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851224.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 30957
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 08kDbk4RWegysbTS6dQr8A==
    Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
    ETag: 0x8D36AC883A171B7
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 7a3535a8-301e-0103-55f4-b69543000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328905.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 20457
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: TvpI7DB+ry+bNGoHPGf8+w==
    Last-Modified: Fri, 22 Apr 2016 16:09:46 GMT
    ETag: 0x8D36AC886167DDF
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 66a5a3f3-401e-0074-0397-a0beda000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328893.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 20235
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 48ZBc7L0qnq3LhOWqVFL2A==
    Last-Modified: Fri, 22 Apr 2016 16:10:17 GMT
    ETag: 0x8D36AC898C9059A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 9220a431-b01e-0132-5d97-a07450000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328916.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 26944
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: +RPdhJFXUwQthWzsTl2rpQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:47 GMT
    ETag: 0x8D36AC886C4C4EE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 1184cf03-901e-010a-18fd-bfd090000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328908.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31083
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: iamBjmZY1zpztkJSL/hwHw==
    Last-Modified: Fri, 22 Apr 2016 16:09:46 GMT
    ETag: 0x8D36AC8865F4922
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 7551dfc1-501e-00b3-0597-a02a87000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328919.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22149
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: ZsUZnPT7GL1Pnz8sywdABw==
    Last-Modified: Fri, 22 Apr 2016 16:09:48 GMT
    ETag: 0x8D36AC8871139C3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d704032d-301e-015e-4e97-a09fc7000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328932.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 20554
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: SGy8siO4cxMv+vS4rQrQRA==
    Last-Modified: Fri, 22 Apr 2016 16:09:49 GMT
    ETag: 0x8D36AC887A4CC19
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 2cfa2269-c01e-0045-22f2-a05fc9000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328925.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 25314
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: xH40MK+BPfiwLhy0gp3ZSw==
    Last-Modified: Fri, 22 Apr 2016 16:09:48 GMT
    ETag: 0x8D36AC8875AEF5A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 77d2d97b-f01e-00d8-5fc1-a3ad73000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328940.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21791
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: e/iLPKIOtx7UU6M2GQjgEA==
    Last-Modified: Fri, 22 Apr 2016 16:09:50 GMT
    ETag: 0x8D36AC8883A8134
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 5af37852-901e-0010-30f8-f7452d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03998159.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 3417042
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: dJw2FeVMjmh1UYz9hOWhsg==
    Last-Modified: Fri, 22 Apr 2016 16:11:19 GMT
    ETag: 0x8D36AC8BD7E1FE9
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: c28a3f34-b01e-00c9-0497-a037c7000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328935.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 23597
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: fGRexQWYL+Up0OUDWzeP/A==
    Last-Modified: Fri, 22 Apr 2016 16:09:49 GMT
    ETag: 0x8D36AC887EFBA2F
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 56e459b1-f01e-010c-2097-a0e32f000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0403392501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1310275
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: nJ9JpHIiwYAlzCVXUzepZQ==
    Last-Modified: Wed, 29 Aug 2018 18:17:15 GMT
    ETag: 0x8D60DDBA5EDDA1A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: ef258b2c-c01e-001b-4d97-a016fb000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328972.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21111
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 0wrSbbtt7KT90pT0jtrVXQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:51 GMT
    ETag: 0x8D36AC888CEAFBE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 477f7fba-801e-00a0-169e-b90e8b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328951.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 19893
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 75y4vfvAjwO+9RmtZrpkLw==
    Last-Modified: Fri, 22 Apr 2016 16:09:50 GMT
    ETag: 0x8D36AC8888436CF
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: f60ed86d-c01e-00fc-3b97-a05bd3000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:01 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328975.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22594
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 7gEpx8waySu8PWyw9lP8rg==
    Last-Modified: Fri, 22 Apr 2016 16:09:51 GMT
    ETag: 0x8D36AC889183E51
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: a209c062-f01e-003c-4097-a0a3ed000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328983.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21875
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 5TIDh2JQP/oTcd8D+i4iLQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:52 GMT
    ETag: 0x8D36AC88963C8B3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: b450fbbe-c01e-00c3-7c97-a09370000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp1000111502.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 230916
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: k/qfd5Ugqy0irE6oZLe7NA==
    Last-Modified: Thu, 12 Jul 2018 00:23:55 GMT
    ETag: 0x8D5E78DC0BDFFD8
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: b597281b-e01e-00c0-4097-a0b22d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328986.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22340
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: iyn6tQb9ZcIcnNb+a7vBRg==
    Last-Modified: Fri, 22 Apr 2016 16:09:52 GMT
    ETag: 0x8D36AC889AD573C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 0b4615e6-601e-0004-20d7-c70d42000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp1000111403.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 953453
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 1OrACenntkuLABroK4EC+g==
    Last-Modified: Thu, 12 Jul 2018 00:20:10 GMT
    ETag: 0x8D5E78D3A9D8C97
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6910c7b5-e01e-00d4-5297-a03a7b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328990.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 19288
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: uab/cVcZ7p3hZCGrmDynRQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
    ETag: 0x8D36AC88A1DF716
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6d182899-901e-0083-4897-a09448000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328998.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21357
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: l/W3t+nhKBmZRopcQssS5w==
    Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
    ETag: 0x8D36AC88A7F05EE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d5cd4d7a-901e-011a-2b97-a015f8000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0345746401.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 276650
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: hNjzhI50JMvjgB+VcOBQGA==
    Last-Modified: Wed, 29 Aug 2018 18:16:15 GMT
    ETag: 0x8D60DDB824A3C69
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: c6460182-001e-00a7-1a97-a0018a000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:03 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0345744402.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 295527
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: mgcDXvgCv4n27SVNDbAqsA==
    Last-Modified: Wed, 29 Aug 2018 21:59:16 GMT
    ETag: 0x8D60DFAA9CC48C3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: ea01ec0c-b01e-0110-4a97-a048da000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:03 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0345747501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 271273
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: IUN4l8m4isLLK7L++SLRkQ==
    Last-Modified: Wed, 29 Aug 2018 18:16:49 GMT
    ETag: 0x8D60DDB967B9FA5
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: dacba5b7-401e-0105-2397-a08a43000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:03 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0345749101.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 261258
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: ZYKNx76Loc5hrXFCJSrMVA==
    Last-Modified: Wed, 29 Aug 2018 18:23:58 GMT
    ETag: 0x8D60DDC968C4F0E
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: efa60b57-b01e-011d-0697-a0799b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0345748501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 2591108
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: vrEqBGTQlsozuupDUs6ADw==
    Last-Modified: Wed, 29 Aug 2018 18:18:43 GMT
    ETag: 0x8D60DDBDA502B66
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 288124e2-901e-00de-5d97-a09ecc000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0345751501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 222992
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: Jr6rnM6v5Pvwt8A2JoGp0g==
    Last-Modified: Wed, 29 Aug 2018 18:20:50 GMT
    ETag: 0x8D60DDC26100537
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6efd7f9e-101e-00b2-2f97-a0755b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03998158.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 42788
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: IaS3txYxwszaX7umN1Hw0g==
    Last-Modified: Fri, 22 Apr 2016 16:11:18 GMT
    ETag: 0x8D36AC8BD065412
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 620287b7-401e-00f2-3213-ba7263000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0403391701.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 698244
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 4pziZjpWoUROqjcy/7gpQA==
    Last-Modified: Wed, 29 Aug 2018 18:15:39 GMT
    ETag: 0x8D60DDB6CAEA91D
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d7c59a99-101e-0021-318b-c7a43e000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0403391901.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1097591
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: v5XpZ+fRzsjv5Ca8ASfT3g==
    Last-Modified: Wed, 29 Aug 2018 18:16:09 GMT
    ETag: 0x8D60DDB7EAA50F0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 4b5a1384-701e-0032-6dfb-b98a5d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0403392101.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1881952
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: U8X0WyLhM7KNS9O1o1D9vQ==
    Last-Modified: Wed, 29 Aug 2018 18:19:46 GMT
    ETag: 0x8D60DDC0007D57D
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 3d2d7040-b01e-0050-5297-a02761000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0403392701.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 2527736
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 8laspQm0xsAUTSeMcDawqA==
    Last-Modified: Wed, 29 Aug 2018 18:18:47 GMT
    ETag: 0x8D60DDBDD02F94A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 0e86dec0-501e-00d1-55b9-b9e8a0000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0403392901.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1766185
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: go+WAx9Av468teUqrut+TA==
    Last-Modified: Wed, 29 Aug 2018 18:21:39 GMT
    ETag: 0x8D60DDC4354B7FB
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 8dba996d-901e-00e1-2697-a0566f000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0403393701.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: F0595ECE-051F-460A-906A-D23559CB4767
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 3256855
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: iGe99fx1Tanab1ujQTNFlQ==
    Last-Modified: Wed, 29 Aug 2018 18:19:43 GMT
    ETag: 0x8D60DDBFE4BB50C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 1aa38d20-a01e-00b7-6997-a0a780000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Tue, 17 Sep 2024 15:40:02 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    DNS
    202.26.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    202.26.123.92.in-addr.arpa
    IN PTR
    Response
    202.26.123.92.in-addr.arpa
    IN PTR
    a92-123-26-202deploystaticakamaitechnologiescom
  • flag-us
    DNS
    57.211.222.173.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.211.222.173.in-addr.arpa
    IN PTR
    Response
    57.211.222.173.in-addr.arpa
    IN PTR
    a173-222-211-57deploystaticakamaitechnologiescom
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    121.170.16.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    121.170.16.2.in-addr.arpa
    IN PTR
    Response
    121.170.16.2.in-addr.arpa
    IN PTR
    a2-16-170-121deploystaticakamaitechnologiescom
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.229.111.52.in-addr.arpa
    IN PTR
    Response
  • 104.248.41.209:80
    e725fdbb26a61f9f037406969f2618de_JaffaCakes118.exe
    260 B
    5
  • 52.109.76.243:443
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    tls, http
    WINWORD.EXE
    1.7kB
    7.7kB
    11
    10

    HTTP Request

    POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

    HTTP Response

    200
  • 104.248.41.209:80
    rundll32.exe
    260 B
    5
  • 92.123.26.202:443
    https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
    tls, http
    WINWORD.EXE
    1.2kB
    5.9kB
    8
    9

    HTTP Request

    GET https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab
    tls, http
    WINWORD.EXE
    2.4kB
    50.0kB
    33
    40

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab
    tls, http
    WINWORD.EXE
    28.6kB
    751.3kB
    448
    543

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab
    tls, http
    WINWORD.EXE
    2.0kB
    27.7kB
    24
    24

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab
    tls, http
    WINWORD.EXE
    1.9kB
    52.8kB
    25
    42

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab
    tls, http
    WINWORD.EXE
    2.2kB
    39.7kB
    28
    33

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab
    tls, http
    WINWORD.EXE
    2.0kB
    40.9kB
    25
    34

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab
    tls, http
    WINWORD.EXE
    24.4kB
    699.2kB
    406
    506

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab
    tls, http
    WINWORD.EXE
    35.3kB
    1.1MB
    639
    822

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab
    tls, http
    WINWORD.EXE
    19.1kB
    606.5kB
    340
    439

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab
    tls, http
    WINWORD.EXE
    1.7kB
    34.8kB
    20
    29

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab
    tls, http
    WINWORD.EXE
    1.8kB
    38.8kB
    22
    32

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab
    tls, http
    WINWORD.EXE
    2.1kB
    38.3kB
    26
    32

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab
    tls, http
    WINWORD.EXE
    2.3kB
    37.4kB
    31
    31

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab
    tls, http
    WINWORD.EXE
    2.3kB
    41.6kB
    30
    34

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab
    tls, http
    WINWORD.EXE
    1.8kB
    37.8kB
    22
    31

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab
    tls, http
    WINWORD.EXE
    13.0kB
    322.1kB
    214
    236

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab
    tls, http
    WINWORD.EXE
    2.0kB
    36.9kB
    26
    31

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab
    tls, http
    WINWORD.EXE
    1.9kB
    26.1kB
    22
    23

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab
    tls, http
    WINWORD.EXE
    1.6kB
    27.2kB
    18
    24

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab
    tls, http
    WINWORD.EXE
    2.3kB
    32.8kB
    28
    28

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab
    tls, http
    WINWORD.EXE
    2.3kB
    37.0kB
    31
    31

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab
    tls, http
    WINWORD.EXE
    1.8kB
    27.8kB
    22
    24

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab
    tls, http
    WINWORD.EXE
    1.9kB
    26.2kB
    23
    23

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab
    tls, http
    WINWORD.EXE
    2.1kB
    31.1kB
    27
    27

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab
    tls, http
    WINWORD.EXE
    79.0kB
    3.6MB
    1537
    2551

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab
    tls, http
    WINWORD.EXE
    45.4kB
    1.4MB
    777
    995

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab
    tls, http
    WINWORD.EXE
    2.0kB
    26.8kB
    24
    24

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab
    tls, http
    WINWORD.EXE
    1.9kB
    25.5kB
    23
    23

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab
    tls, http
    WINWORD.EXE
    2.0kB
    28.3kB
    25
    25

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab
    tls, http
    WINWORD.EXE
    8.5kB
    266.5kB
    136
    196

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab
    tls, http
    WINWORD.EXE
    31.6kB
    1.0MB
    548
    732

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab
    tls, http
    WINWORD.EXE
    1.5kB
    24.8kB
    15
    21

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab
    tls, http
    WINWORD.EXE
    1.7kB
    27.4kB
    19
    25

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab
    tls, http
    WINWORD.EXE
    11.4kB
    290.3kB
    183
    211

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
    tls, http
    WINWORD.EXE
    11.4kB
    309.8kB
    192
    225

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
    tls, http
    WINWORD.EXE
    12.4kB
    284.8kB
    183
    207

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab
    tls, http
    WINWORD.EXE
    9.0kB
    274.5kB
    158
    201

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab
    tls, http
    WINWORD.EXE
    74.7kB
    2.7MB
    1320
    1925

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab
    tls, http
    WINWORD.EXE
    8.0kB
    235.0kB
    133
    173

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab
    tls, http
    WINWORD.EXE
    2.8kB
    50.2kB
    35
    41

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab
    tls, http
    WINWORD.EXE
    22.5kB
    727.9kB
    392
    527

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
    tls, http
    WINWORD.EXE
    40.2kB
    1.1MB
    677
    821

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab
    tls, http
    WINWORD.EXE
    75.9kB
    2.0MB
    1188
    1422

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab
    tls, http
    WINWORD.EXE
    91.3kB
    2.6MB
    1478
    1879

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab
    tls, http
    WINWORD.EXE
    71.0kB
    1.8MB
    1119
    1319

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab
    tls, http
    WINWORD.EXE
    74.8kB
    3.4MB
    1446
    2417

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

    HTTP Response

    200
  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    240.143.123.92.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    240.143.123.92.in-addr.arpa

  • 8.8.8.8:53
    6.181.190.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    6.181.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    roaming.officeapps.live.com
    dns
    WINWORD.EXE
    73 B
    248 B
    1
    1

    DNS Request

    roaming.officeapps.live.com

    DNS Response

    52.109.76.243

  • 8.8.8.8:53
    240.76.109.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    240.76.109.52.in-addr.arpa

  • 8.8.8.8:53
    29.243.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    29.243.111.52.in-addr.arpa

  • 8.8.8.8:53
    243.76.109.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    243.76.109.52.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
    159 B
    1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    metadata.templates.cdn.office.net
    dns
    WINWORD.EXE
    79 B
    231 B
    1
    1

    DNS Request

    metadata.templates.cdn.office.net

    DNS Response

    92.123.26.202
    92.123.26.217

  • 8.8.8.8:53
    binaries.templates.cdn.office.net
    dns
    WINWORD.EXE
    79 B
    202 B
    1
    1

    DNS Request

    binaries.templates.cdn.office.net

    DNS Response

    173.222.211.57
    173.222.211.24

  • 8.8.8.8:53
    202.26.123.92.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    202.26.123.92.in-addr.arpa

  • 8.8.8.8:53
    57.211.222.173.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    57.211.222.173.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    121.170.16.2.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    121.170.16.2.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    43.229.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    43.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TCD9D03.tmp\gb.xsl

    Filesize

    262KB

    MD5

    51d32ee5bc7ab811041f799652d26e04

    SHA1

    412193006aa3ef19e0a57e16acf86b830993024a

    SHA256

    6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

    SHA512

    5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

  • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

    Filesize

    85B

    MD5

    d3d4e96e0dfa38bcdb4e1e49ea7a9702

    SHA1

    58d8123fba63691effd12116354b12044c568b1c

    SHA256

    9d6a226852c0e28286d898363da730f9d4075fdcfc92a441a461a597916b73d2

    SHA512

    215823a3c0971c12b8e54126945d861c66c2e27ace4cc0f4bf5d04ebdb33f4eb7aa5827f94dabea1d5b13a018a7682dc12eae9da08b8dbe28ae95d105efb9bfb

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

    Filesize

    18KB

    MD5

    02898a5df819403c72028285d8224731

    SHA1

    49c57a3f6a32927b49acda5df4a0e0704480e4e6

    SHA256

    1ffefb04638452e3fa13c079fe7bc9a7252f7699f453e76c30496497898450d2

    SHA512

    8b710027f428eb0c00804cc0de22e2ff5938b2a64f16dcc558acc43076d94ec6980ecb66d35d7f431839c68cac058358ddcae4174b6932e745a289b7e801c671

  • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

    Filesize

    2B

    MD5

    f3b25701fe362ec84616a93a45ce9998

    SHA1

    d62636d8caec13f04e28442a0a6fa1afeb024bbb

    SHA256

    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

    SHA512

    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

    Filesize

    24B

    MD5

    4fcb2a3ee025e4a10d21e1b154873fe2

    SHA1

    57658e2fa594b7d0b99d02e041d0f3418e58856b

    SHA256

    90bf6baa6f968a285f88620fbf91e1f5aa3e66e2bad50fd16f37913280ad8228

    SHA512

    4e85d48db8c0ee5c4dd4149ab01d33e4224456c3f3e3b0101544a5ca87a0d74b3ccd8c0509650008e2abed65efd1e140b1e65ae5215ab32de6f6a49c9d3ec3ff

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

    Filesize

    728B

    MD5

    209f74af1529d01bc36d3973b62736e0

    SHA1

    aed4fb616cd3079b1426ac85868f362756584f33

    SHA256

    d1a61a13050809a3dbcc81f9eb4544e67774155af86d87306a837144737fda58

    SHA512

    1cd4114a5aede0e5451b48a257e849285a8987b6831e9132503d02d6caa99530026375127248371aa66e66bbdc5e19d18878b88f6326da67190baa4be5de073b

  • C:\Users\Admin\Documents\fundraiser_protected.docm

    Filesize

    791KB

    MD5

    154dd13d7480c3586911fe3295f1c169

    SHA1

    15266197d1ce2d261b60ce986e45ce62fccf6833

    SHA256

    efbe0e787cd9676ed0500cb736038db5bf2d78fcf63d53f3fa7414447ce5fe40

    SHA512

    07cdddf00a09302ea1e17c315d3af62dd93da7e8f70c892d71aecbd7cfb3ecb84882810e3ca8104c46b2e57d92ee42352b232bf2ff9bf4ee29cadfc2427d7f43

  • memory/620-69-0x0000000000E70000-0x0000000000E71000-memory.dmp

    Filesize

    4KB

  • memory/4728-0-0x0000000000680000-0x0000000000681000-memory.dmp

    Filesize

    4KB

  • memory/4728-586-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/4728-88-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

  • memory/5048-24-0x00007FFAC5870000-0x00007FFAC5A65000-memory.dmp

    Filesize

    2.0MB

  • memory/5048-10-0x00007FFAC5870000-0x00007FFAC5A65000-memory.dmp

    Filesize

    2.0MB

  • memory/5048-16-0x00007FFAC5870000-0x00007FFAC5A65000-memory.dmp

    Filesize

    2.0MB

  • memory/5048-21-0x00007FFAC5870000-0x00007FFAC5A65000-memory.dmp

    Filesize

    2.0MB

  • memory/5048-20-0x00007FFAC5870000-0x00007FFAC5A65000-memory.dmp

    Filesize

    2.0MB

  • memory/5048-22-0x00007FFAC5870000-0x00007FFAC5A65000-memory.dmp

    Filesize

    2.0MB

  • memory/5048-19-0x00007FFAC5870000-0x00007FFAC5A65000-memory.dmp

    Filesize

    2.0MB

  • memory/5048-15-0x00007FFA83890000-0x00007FFA838A0000-memory.dmp

    Filesize

    64KB

  • memory/5048-23-0x00007FFA83890000-0x00007FFA838A0000-memory.dmp

    Filesize

    64KB

  • memory/5048-17-0x00007FFAC5870000-0x00007FFAC5A65000-memory.dmp

    Filesize

    2.0MB

  • memory/5048-14-0x00007FFAC5870000-0x00007FFAC5A65000-memory.dmp

    Filesize

    2.0MB

  • memory/5048-13-0x00007FFAC5870000-0x00007FFAC5A65000-memory.dmp

    Filesize

    2.0MB

  • memory/5048-12-0x00007FFA858F0000-0x00007FFA85900000-memory.dmp

    Filesize

    64KB

  • memory/5048-11-0x00007FFAC5870000-0x00007FFAC5A65000-memory.dmp

    Filesize

    2.0MB

  • memory/5048-87-0x00007FFAC5870000-0x00007FFAC5A65000-memory.dmp

    Filesize

    2.0MB

  • memory/5048-18-0x00007FFAC5870000-0x00007FFAC5A65000-memory.dmp

    Filesize

    2.0MB

  • memory/5048-89-0x00007FFAC590D000-0x00007FFAC590E000-memory.dmp

    Filesize

    4KB

  • memory/5048-90-0x00007FFAC5870000-0x00007FFAC5A65000-memory.dmp

    Filesize

    2.0MB

  • memory/5048-91-0x00007FFAC5870000-0x00007FFAC5A65000-memory.dmp

    Filesize

    2.0MB

  • memory/5048-95-0x00007FFAC5870000-0x00007FFAC5A65000-memory.dmp

    Filesize

    2.0MB

  • memory/5048-9-0x00007FFA858F0000-0x00007FFA85900000-memory.dmp

    Filesize

    64KB

  • memory/5048-8-0x00007FFA858F0000-0x00007FFA85900000-memory.dmp

    Filesize

    64KB

  • memory/5048-7-0x00007FFA858F0000-0x00007FFA85900000-memory.dmp

    Filesize

    64KB

  • memory/5048-5-0x00007FFA858F0000-0x00007FFA85900000-memory.dmp

    Filesize

    64KB

  • memory/5048-6-0x00007FFAC590D000-0x00007FFAC590E000-memory.dmp

    Filesize

    4KB

  • memory/5048-616-0x00007FFA858F0000-0x00007FFA85900000-memory.dmp

    Filesize

    64KB

  • memory/5048-615-0x00007FFA858F0000-0x00007FFA85900000-memory.dmp

    Filesize

    64KB

  • memory/5048-618-0x00007FFA858F0000-0x00007FFA85900000-memory.dmp

    Filesize

    64KB

  • memory/5048-617-0x00007FFA858F0000-0x00007FFA85900000-memory.dmp

    Filesize

    64KB

  • memory/5048-619-0x00007FFAC5870000-0x00007FFAC5A65000-memory.dmp

    Filesize

    2.0MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.