Analysis

  • max time kernel
    100s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 05:50 UTC

General

  • Target

    $PLUGINSDIR/license_iolo.rtf

  • Size

    61KB

  • MD5

    fa686d2f6cee9080150b9c273db7e8ef

  • SHA1

    1d9d4db6acdf6c9af6036cc1dc9766a65fe3d298

  • SHA256

    9b22e04dd604b521d2f94d5f2f5381b63e4dec75c2ec644605d519070ef2b45e

  • SHA512

    46013e6e6e53ca4dd65409e6f42010536f3133e1bacf3266b1e4acbcce5bc7120881fb1105c538103fef415e4125d0537cfbbfe5a3c6b6d55d1448c94f86c334

  • SSDEEP

    768:dK6DBjUzF50JEuRwRzR0R1btqYr2wW5VU9YuWcfjWQ7L2vBIBYmSSQJ6j2jCjAcB:sJ5uByJ6BudgboXY

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\license_iolo.rtf" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4112

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    18.89.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.89.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    roaming.officeapps.live.com
    WINWORD.EXE
    Remote address:
    8.8.8.8:53
    Request
    roaming.officeapps.live.com
    IN A
    Response
    roaming.officeapps.live.com
    IN CNAME
    prod.roaming1.live.com.akadns.net
    prod.roaming1.live.com.akadns.net
    IN CNAME
    eur.roaming1.live.com.akadns.net
    eur.roaming1.live.com.akadns.net
    IN CNAME
    ukw-azsc-000.roaming.officeapps.live.com
    ukw-azsc-000.roaming.officeapps.live.com
    IN CNAME
    osiprod-ukw-buff-azsc-000.ukwest.cloudapp.azure.com
    osiprod-ukw-buff-azsc-000.ukwest.cloudapp.azure.com
    IN A
    52.109.32.7
  • flag-gb
    POST
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    WINWORD.EXE
    Remote address:
    52.109.32.7:443
    Request
    POST /rs/RoamingSoapService.svc HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/xml; charset=utf-8
    User-Agent: MS-WebServices/1.0
    SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
    Content-Length: 511
    Host: roaming.officeapps.live.com
    Response
    HTTP/1.1 200 OK
    Cache-Control: private
    Content-Type: text/xml; charset=utf-8
    Server: Microsoft-IIS/10.0
    X-OfficeFE: RoamingFE_IN_167
    X-OfficeVersion: 16.0.18108.30576
    X-OfficeCluster: ukw-000.roaming.officeapps.live.com
    X-CorrelationId: 010e87a1-140f-4b36-a635-6df66e384e3a
    X-Powered-By: ASP.NET
    Date: Thu, 19 Sep 2024 05:50:17 GMT
    Content-Length: 654
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    7.32.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    7.32.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.17.178.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.17.178.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    metadata.templates.cdn.office.net
    WINWORD.EXE
    Remote address:
    8.8.8.8:53
    Request
    metadata.templates.cdn.office.net
    IN A
    Response
    metadata.templates.cdn.office.net
    IN CNAME
    templatesmetadata.office.net
    templatesmetadata.office.net
    IN CNAME
    templatesmetadata.office.net.edgekey.net
    templatesmetadata.office.net.edgekey.net
    IN CNAME
    e26769.dscb.akamaiedge.net
    e26769.dscb.akamaiedge.net
    IN A
    92.123.26.217
    e26769.dscb.akamaiedge.net
    IN A
    92.123.26.202
  • flag-gb
    GET
    https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
    WINWORD.EXE
    Remote address:
    92.123.26.217:443
    Request
    GET /client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: metadata.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Type: text/xml
    Server: Kestrel
    Content-Encoding: gzip
    Content-Length: 1264
    Cache-Control: max-age=192449
    Date: Thu, 19 Sep 2024 05:50:33 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-us
    DNS
    binaries.templates.cdn.office.net
    WINWORD.EXE
    Remote address:
    8.8.8.8:53
    Request
    binaries.templates.cdn.office.net
    IN A
    Response
    binaries.templates.cdn.office.net
    IN CNAME
    binaries.templates.cdn.office.net.edgesuite.net
    binaries.templates.cdn.office.net.edgesuite.net
    IN CNAME
    a1847.dscg2.akamai.net
    a1847.dscg2.akamai.net
    IN A
    173.222.211.57
    a1847.dscg2.akamai.net
    IN A
    173.222.211.24
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02835233.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 46413
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: xFXEvEvsng2mfE0eU+RtWg==
    Last-Modified: Fri, 22 Apr 2016 16:09:25 GMT
    ETag: 0x8D36AC879BBB45C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: bcca83ea-301e-000c-1015-b91d22000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:37 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328932.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 20554
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: SGy8siO4cxMv+vS4rQrQRA==
    Last-Modified: Fri, 22 Apr 2016 16:09:49 GMT
    ETag: 0x8D36AC887A4CC19
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 2cfa2269-c01e-0045-22f2-a05fc9000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:37 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851226.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 35519
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: U+6dpJ0LhDVwOOzzdoONLg==
    Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
    ETag: 0x8D36AC88440C433
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: b3f59b25-f01e-00aa-4f97-a0aa3c000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp1000111403.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 953453
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 1OrACenntkuLABroK4EC+g==
    Last-Modified: Thu, 12 Jul 2018 00:20:10 GMT
    ETag: 0x8D5E78D3A9D8C97
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6910c7b5-e01e-00d4-5297-a03a7b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:41 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp01840907.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 43653
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 2jOARYFw5gy+pyYC/dDZVQ==
    Last-Modified: Fri, 22 Apr 2016 16:08:15 GMT
    ETag: 0x8D36AC84F8E1FB0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d47d4a02-201e-00a9-0e0f-ba4b58000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851219.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31605
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: ae2zv4HJn+ipS7oDQIxa4Q==
    Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
    ETag: 0x8D36AC8822FFB6E
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d1eac4bf-d01e-0092-5897-a00efc000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851220.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31482
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 8Q35ApgPHVvuqWssZoQIpw==
    Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
    ETag: 0x8D36AC8827914A7
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d704013f-301e-015e-1697-a09fc7000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851225.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31008
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 4DPMvHunh6L4JM4JUuV9RA==
    Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
    ETag: 0x8D36AC883F49D7D
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: b3f59ba9-f01e-00aa-4597-a0aa3c000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:37 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851227.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31471
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: karb7EFxz6gpK2GEkvXvNA==
    Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
    ETag: 0x8D36AC8848A0495
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: c81084a1-301e-0023-0625-b910e9000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:37 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328884.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22008
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: q78QzulIDkHYEnfpU4+Yyw==
    Last-Modified: Fri, 22 Apr 2016 16:10:17 GMT
    ETag: 0x8D36AC8987823BE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: f3206081-b01e-0002-7f97-a03492000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:37 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851221.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31562
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: HW+Oc6BmKkjTMgkKTIyJjw==
    Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
    ETag: 0x8D36AC882C4ED43
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: e4f000bb-501e-0148-0297-a06910000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:37 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851224.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 30957
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 08kDbk4RWegysbTS6dQr8A==
    Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
    ETag: 0x8D36AC883A171B7
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 7a3535a8-301e-0103-55f4-b69543000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328905.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 20457
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: TvpI7DB+ry+bNGoHPGf8+w==
    Last-Modified: Fri, 22 Apr 2016 16:09:46 GMT
    ETag: 0x8D36AC886167DDF
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 3e37f31b-801e-0044-5062-b90015000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:40 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328893.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 20235
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 48ZBc7L0qnq3LhOWqVFL2A==
    Last-Modified: Fri, 22 Apr 2016 16:10:17 GMT
    ETag: 0x8D36AC898C9059A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 9220a431-b01e-0132-5d97-a07450000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851222.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 28911
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: bXh7HiI9trkbaSOAYsyocg==
    Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
    ETag: 0x8D36AC8830E54C8
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 2bee5db1-501e-00ee-2682-b92003000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:38 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328940.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21791
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: e/iLPKIOtx7UU6M2GQjgEA==
    Last-Modified: Fri, 22 Apr 2016 16:09:50 GMT
    ETag: 0x8D36AC8883A8134
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 5af37852-901e-0010-30f8-f7452d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851216.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 34816
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: YoYxJM3NoTXswOcieCy4iA==
    Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
    ETag: 0x8D36AC8813CE0D3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 01a9fe93-e01e-0020-0397-a0f18d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:38 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328935.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 23597
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: fGRexQWYL+Up0OUDWzeP/A==
    Last-Modified: Fri, 22 Apr 2016 16:09:49 GMT
    ETag: 0x8D36AC887EFBA2F
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 56e459b1-f01e-010c-2097-a0e32f000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328916.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 26944
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: +RPdhJFXUwQthWzsTl2rpQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:47 GMT
    ETag: 0x8D36AC886C4C4EE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 1184cf03-901e-010a-18fd-bfd090000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:40 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328972.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21111
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 0wrSbbtt7KT90pT0jtrVXQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:51 GMT
    ETag: 0x8D36AC888CEAFBE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 477f7fba-801e-00a0-169e-b90e8b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0309043402.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 723359
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: dIpTxr3Vzpe9VKdsejNChg==
    Last-Modified: Wed, 29 Aug 2018 18:14:30 GMT
    ETag: 0x8D60DDB43B59EC5
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: b73fb8ce-601e-005c-4e97-a0df72000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:38 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328951.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 19893
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 75y4vfvAjwO+9RmtZrpkLw==
    Last-Modified: Fri, 22 Apr 2016 16:09:50 GMT
    ETag: 0x8D36AC8888436CF
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: f60ed86d-c01e-00fc-3b97-a05bd3000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:33 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0403392501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1310275
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: nJ9JpHIiwYAlzCVXUzepZQ==
    Last-Modified: Wed, 29 Aug 2018 18:17:15 GMT
    ETag: 0x8D60DDBA5EDDA1A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: ef258b2c-c01e-001b-4d97-a016fb000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851223.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 32833
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: IFr1FgTvlu8ejmAhJUH3Qg==
    Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
    ETag: 0x8D36AC88357BC32
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 29d802a9-701e-006f-6997-a080d9000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:38 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    DNS
    217.26.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.26.123.92.in-addr.arpa
    IN PTR
    Response
    217.26.123.92.in-addr.arpa
    IN PTR
    a92-123-26-217deploystaticakamaitechnologiescom
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328975.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22594
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 7gEpx8waySu8PWyw9lP8rg==
    Last-Modified: Fri, 22 Apr 2016 16:09:51 GMT
    ETag: 0x8D36AC889183E51
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: a209c062-f01e-003c-4097-a0a3ed000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851217.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 33610
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: UYBOJVxXMXYDn01bVcEqsg==
    Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
    ETag: 0x8D36AC881987151
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 99ba29f3-501e-00ee-1a97-a02003000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:38 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328983.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21875
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 5TIDh2JQP/oTcd8D+i4iLQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:52 GMT
    ETag: 0x8D36AC88963C8B3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: b450fbbe-c01e-00c3-7c97-a09370000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0309043001.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 307348
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: DrxFqg5nzENdB0VDg3H5SA==
    Last-Modified: Wed, 29 Aug 2018 18:20:24 GMT
    ETag: 0x8D60DDC169CBCB0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 875b64ee-b01e-0079-1097-a05123000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:38 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328986.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22340
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: iyn6tQb9ZcIcnNb+a7vBRg==
    Last-Modified: Fri, 22 Apr 2016 16:09:52 GMT
    ETag: 0x8D36AC889AD573C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 0b4615e6-601e-0004-20d7-c70d42000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328919.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22149
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: ZsUZnPT7GL1Pnz8sywdABw==
    Last-Modified: Fri, 22 Apr 2016 16:09:48 GMT
    ETag: 0x8D36AC8871139C3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d704032d-301e-015e-4e97-a09fc7000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:40 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328998.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21357
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: l/W3t+nhKBmZRopcQssS5w==
    Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
    ETag: 0x8D36AC88A7F05EE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d5cd4d7a-901e-011a-2b97-a015f8000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328925.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 25314
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: xH40MK+BPfiwLhy0gp3ZSw==
    Last-Modified: Fri, 22 Apr 2016 16:09:48 GMT
    ETag: 0x8D36AC8875AEF5A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 77d2d97b-f01e-00d8-5fc1-a3ad73000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:40 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328990.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 19288
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: uab/cVcZ7p3hZCGrmDynRQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
    ETag: 0x8D36AC88A1DF716
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6d182899-901e-0083-4897-a09448000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:38 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0345744402.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 295527
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: mgcDXvgCv4n27SVNDbAqsA==
    Last-Modified: Wed, 29 Aug 2018 21:59:16 GMT
    ETag: 0x8D60DFAA9CC48C3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: ea01ec0c-b01e-0110-4a97-a048da000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0345746401.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 276650
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: hNjzhI50JMvjgB+VcOBQGA==
    Last-Modified: Wed, 29 Aug 2018 18:16:15 GMT
    ETag: 0x8D60DDB824A3C69
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: c6460182-001e-00a7-1a97-a0018a000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:37 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0345747501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 271273
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: IUN4l8m4isLLK7L++SLRkQ==
    Last-Modified: Wed, 29 Aug 2018 18:16:49 GMT
    ETag: 0x8D60DDB967B9FA5
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: dacba5b7-401e-0105-2397-a08a43000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:37 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0345749101.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 261258
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: ZYKNx76Loc5hrXFCJSrMVA==
    Last-Modified: Wed, 29 Aug 2018 18:23:58 GMT
    ETag: 0x8D60DDC968C4F0E
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: efa60b57-b01e-011d-0697-a0799b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:37 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0345748501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 2591108
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: vrEqBGTQlsozuupDUs6ADw==
    Last-Modified: Wed, 29 Aug 2018 18:18:43 GMT
    ETag: 0x8D60DDBDA502B66
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 288124e2-901e-00de-5d97-a09ecc000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:37 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0345749601.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 550906
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: HBIxXIYqdFpkfa1UbrQmfg==
    Last-Modified: Wed, 29 Aug 2018 18:21:00 GMT
    ETag: 0x8D60DDC2BE7DF3C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 0414ccae-601e-0011-165a-b9109e000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0345750301.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 640684
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: +TNk7sbE/6V2jeVFosNPBw==
    Last-Modified: Wed, 29 Aug 2018 18:15:13 GMT
    ETag: 0x8D60DDB5D624CF0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 7adc3bba-701e-004d-4a96-8afe8b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03328908.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31083
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: iamBjmZY1zpztkJSL/hwHw==
    Last-Modified: Fri, 22 Apr 2016 16:09:46 GMT
    ETag: 0x8D36AC8865F4922
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 7551dfc1-501e-00b3-0597-a02a87000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:40 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0345751501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 222992
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: Jr6rnM6v5Pvwt8A2JoGp0g==
    Last-Modified: Wed, 29 Aug 2018 18:20:50 GMT
    ETag: 0x8D60DDC26100537
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6efd7f9e-101e-00b2-2f97-a0755b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0345751001.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1065873
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 4RAcym4/7bKLV69MQbUNNw==
    Last-Modified: Wed, 29 Aug 2018 18:15:37 GMT
    ETag: 0x8D60DDB6BA6E455
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 9ae00d4d-001e-0028-7797-a0eb82000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:37 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03998158.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 42788
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: IaS3txYxwszaX7umN1Hw0g==
    Last-Modified: Fri, 22 Apr 2016 16:11:18 GMT
    ETag: 0x8D36AC8BD065412
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 620287b7-401e-00f2-3213-ba7263000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp02851218.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31835
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: kqgZ1DSoquosZfDMLzO7Og==
    Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
    ETag: 0x8D36AC881E66CE5
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 7ac92116-501e-008c-3524-b9e224000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:38 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp03998159.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 3417042
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: dJw2FeVMjmh1UYz9hOWhsg==
    Last-Modified: Fri, 22 Apr 2016 16:11:19 GMT
    ETag: 0x8D36AC8BD7E1FE9
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: c28a3f34-b01e-00c9-0497-a037c7000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0403391701.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 698244
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 4pziZjpWoUROqjcy/7gpQA==
    Last-Modified: Wed, 29 Aug 2018 18:15:39 GMT
    ETag: 0x8D60DDB6CAEA91D
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d7c59a99-101e-0021-318b-c7a43e000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0403391901.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1097591
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: v5XpZ+fRzsjv5Ca8ASfT3g==
    Last-Modified: Wed, 29 Aug 2018 18:16:09 GMT
    ETag: 0x8D60DDB7EAA50F0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 4b5a1384-701e-0032-6dfb-b98a5d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:41 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0403392101.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1881952
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: U8X0WyLhM7KNS9O1o1D9vQ==
    Last-Modified: Wed, 29 Aug 2018 18:19:46 GMT
    ETag: 0x8D60DDC0007D57D
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 3d2d7040-b01e-0050-5297-a02761000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0403392701.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 2527736
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 8laspQm0xsAUTSeMcDawqA==
    Last-Modified: Wed, 29 Aug 2018 18:18:47 GMT
    ETag: 0x8D60DDBDD02F94A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 0e86dec0-501e-00d1-55b9-b9e8a0000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0403392901.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1766185
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: go+WAx9Av468teUqrut+TA==
    Last-Modified: Wed, 29 Aug 2018 18:21:39 GMT
    ETag: 0x8D60DDC4354B7FB
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 8dba996d-901e-00e1-2697-a0566f000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:48 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp0403393701.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 3256855
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: iGe99fx1Tanab1ujQTNFlQ==
    Last-Modified: Wed, 29 Aug 2018 18:19:43 GMT
    ETag: 0x8D60DDBFE4BB50C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 1aa38d20-a01e-00b7-6997-a0a780000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:37 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab
    WINWORD.EXE
    Remote address:
    173.222.211.57:443
    Request
    GET /support/templates/en-us/tp1000111502.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 0
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 4ACB94ED-3C23-44B6-9D0A-3E0C176C8707
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 230916
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: k/qfd5Ugqy0irE6oZLe7NA==
    Last-Modified: Thu, 12 Jul 2018 00:23:55 GMT
    ETag: 0x8D5E78DC0BDFFD8
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: b597281b-e01e-00c0-4097-a0b22d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 19 Sep 2024 05:50:44 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    DNS
    57.211.222.173.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.211.222.173.in-addr.arpa
    IN PTR
    Response
    57.211.222.173.in-addr.arpa
    IN PTR
    a173-222-211-57deploystaticakamaitechnologiescom
  • flag-us
    DNS
    57.211.222.173.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.211.222.173.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    197.87.175.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    197.87.175.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
    Response
    18.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-18deploystaticakamaitechnologiescom
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    31.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    31.243.111.52.in-addr.arpa
    IN PTR
    Response
  • 52.109.32.7:443
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    tls, http
    WINWORD.EXE
    1.7kB
    7.7kB
    11
    10

    HTTP Request

    POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

    HTTP Response

    200
  • 92.123.26.217:443
    https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
    tls, http
    WINWORD.EXE
    1.8kB
    7.3kB
    12
    9

    HTTP Request

    GET https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab
    tls, http
    WINWORD.EXE
    3.7kB
    53.9kB
    43
    43

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab
    tls, http
    WINWORD.EXE
    2.4kB
    27.2kB
    20
    24

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab
    tls, http
    WINWORD.EXE
    24.9kB
    1.0MB
    440
    742

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab
    tls, http
    WINWORD.EXE
    2.6kB
    50.1kB
    28
    41

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

    HTTP Response

    200
  • 173.222.211.57:443
    binaries.templates.cdn.office.net
    tls
    WINWORD.EXE
    1.6kB
    9.2kB
    18
    13
  • 173.222.211.57:443
    binaries.templates.cdn.office.net
    tls
    WINWORD.EXE
    1.5kB
    9.1kB
    16
    11
  • 173.222.211.57:443
    binaries.templates.cdn.office.net
    tls
    WINWORD.EXE
    1.7kB
    10.3kB
    19
    14
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab
    tls, http
    WINWORD.EXE
    3.7kB
    39.0kB
    36
    34

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab
    tls, http
    WINWORD.EXE
    2.8kB
    37.5kB
    29
    32

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

    HTTP Response

    200
  • 173.222.211.57:443
    binaries.templates.cdn.office.net
    tls
    WINWORD.EXE
    1.6kB
    9.2kB
    18
    13
  • 173.222.211.57:443
    binaries.templates.cdn.office.net
    tls
    WINWORD.EXE
    1.6kB
    9.2kB
    18
    13
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab
    tls, http
    WINWORD.EXE
    2.7kB
    38.6kB
    26
    34

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab
    tls, http
    WINWORD.EXE
    2.7kB
    39.5kB
    26
    34

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

    HTTP Response

    200
  • 173.222.211.57:443
    binaries.templates.cdn.office.net
    tls
    WINWORD.EXE
    1.5kB
    9.1kB
    16
    11
  • 173.222.211.57:443
    binaries.templates.cdn.office.net
    tls
    WINWORD.EXE
    1.5kB
    9.1kB
    16
    11
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab
    tls, http
    WINWORD.EXE
    2.5kB
    28.8kB
    22
    26

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab
    tls, http
    WINWORD.EXE
    2.6kB
    38.6kB
    25
    33

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab
    tls, http
    WINWORD.EXE
    2.8kB
    61.9kB
    34
    50

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

    HTTP Response

    200
  • 173.222.211.57:443
    binaries.templates.cdn.office.net
    tls
    WINWORD.EXE
    532 B
    219 B
    8
    5
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab
    tls, http
    WINWORD.EXE
    2.6kB
    56.9kB
    29
    46

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

    HTTP Response

    200
  • 173.222.211.57:443
    binaries.templates.cdn.office.net
    tls
    WINWORD.EXE
    532 B
    179 B
    8
    4
  • 173.222.211.57:443
    binaries.templates.cdn.office.net
    tls
    WINWORD.EXE
    584 B
    271 B
    9
    6
  • 173.222.211.57:443
    binaries.templates.cdn.office.net
    tls
    WINWORD.EXE
    584 B
    231 B
    9
    5
  • 173.222.211.57:443
    binaries.templates.cdn.office.net
    tls
    WINWORD.EXE
    584 B
    231 B
    9
    5
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab
    tls, http
    WINWORD.EXE
    3.2kB
    64.8kB
    40
    52

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab
    tls, http
    WINWORD.EXE
    2.8kB
    59.2kB
    33
    47

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab
    tls, http
    WINWORD.EXE
    33.4kB
    775.5kB
    487
    563

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab
    tls, http
    WINWORD.EXE
    49.9kB
    1.4MB
    787
    1021

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab
    tls, http
    WINWORD.EXE
    2.8kB
    63.6kB
    31
    50

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab
    tls, http
    WINWORD.EXE
    16.4kB
    347.4kB
    223
    255

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab
    tls, http
    WINWORD.EXE
    3.8kB
    51.8kB
    34
    42

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab
    tls, http
    WINWORD.EXE
    3.5kB
    53.8kB
    38
    44

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab
    tls, http
    WINWORD.EXE
    2.3kB
    25.9kB
    20
    23

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
    tls, http
    WINWORD.EXE
    10.4kB
    309.9kB
    177
    226

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab
    tls, http
    WINWORD.EXE
    9.1kB
    290.4kB
    155
    213

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
    tls, http
    WINWORD.EXE
    7.6kB
    284.9kB
    130
    209

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab
    tls, http
    WINWORD.EXE
    8.6kB
    274.6kB
    143
    202

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab
    tls, http
    WINWORD.EXE
    92.8kB
    2.7MB
    1556
    1943

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab
    tls, http
    WINWORD.EXE
    12.2kB
    573.7kB
    229
    417

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab
    tls, http
    WINWORD.EXE
    25.7kB
    699.2kB
    386
    508

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab
    tls, http
    WINWORD.EXE
    12.2kB
    235.4kB
    165
    174

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab
    tls, http
    WINWORD.EXE
    28.5kB
    1.1MB
    513
    800

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab
    tls, http
    WINWORD.EXE
    3.2kB
    83.8kB
    40
    66

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab
    tls, http
    WINWORD.EXE
    137.6kB
    3.5MB
    2082
    2545

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab
    tls, http
    WINWORD.EXE
    19.2kB
    725.4kB
    334
    524

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
    tls, http
    WINWORD.EXE
    22.7kB
    1.1MB
    451
    831

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab
    tls, http
    WINWORD.EXE
    79.0kB
    2.0MB
    1205
    1407

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab
    tls, http
    WINWORD.EXE
    97.4kB
    2.6MB
    1534
    1883

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab
    tls, http
    WINWORD.EXE
    32.9kB
    1.8MB
    674
    1325

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

    HTTP Response

    200
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab
    tls, http
    WINWORD.EXE
    122.0kB
    3.4MB
    2007
    2417

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

    HTTP Response

    200
  • 173.222.211.57:443
    binaries.templates.cdn.office.net
    tls
    WINWORD.EXE
    584 B
    271 B
    9
    6
  • 173.222.211.57:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab
    tls, http
    WINWORD.EXE
    5.5kB
    243.3kB
    99
    180

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

    HTTP Response

    200
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
    90 B
    1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    18.89.109.52.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    18.89.109.52.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    roaming.officeapps.live.com
    dns
    WINWORD.EXE
    73 B
    243 B
    1
    1

    DNS Request

    roaming.officeapps.live.com

    DNS Response

    52.109.32.7

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    7.32.109.52.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    7.32.109.52.in-addr.arpa

  • 8.8.8.8:53
    2.17.178.52.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    2.17.178.52.in-addr.arpa

  • 8.8.8.8:53
    metadata.templates.cdn.office.net
    dns
    WINWORD.EXE
    79 B
    231 B
    1
    1

    DNS Request

    metadata.templates.cdn.office.net

    DNS Response

    92.123.26.217
    92.123.26.202

  • 8.8.8.8:53
    binaries.templates.cdn.office.net
    dns
    WINWORD.EXE
    79 B
    202 B
    1
    1

    DNS Request

    binaries.templates.cdn.office.net

    DNS Response

    173.222.211.57
    173.222.211.24

  • 8.8.8.8:53
    217.26.123.92.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    217.26.123.92.in-addr.arpa

  • 8.8.8.8:53
    57.211.222.173.in-addr.arpa
    dns
    146 B
    139 B
    2
    1

    DNS Request

    57.211.222.173.in-addr.arpa

    DNS Request

    57.211.222.173.in-addr.arpa

  • 8.8.8.8:53
    197.87.175.4.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    197.87.175.4.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    18.134.221.88.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    18.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    31.243.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    31.243.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TCDB6DB.tmp\gb.xsl

    Filesize

    262KB

    MD5

    51d32ee5bc7ab811041f799652d26e04

    SHA1

    412193006aa3ef19e0a57e16acf86b830993024a

    SHA256

    6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

    SHA512

    5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

  • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

    Filesize

    2B

    MD5

    f3b25701fe362ec84616a93a45ce9998

    SHA1

    d62636d8caec13f04e28442a0a6fa1afeb024bbb

    SHA256

    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

    SHA512

    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

  • memory/4112-10-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

  • memory/4112-20-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

  • memory/4112-2-0x00007FF938A30000-0x00007FF938A40000-memory.dmp

    Filesize

    64KB

  • memory/4112-1-0x00007FF978A4D000-0x00007FF978A4E000-memory.dmp

    Filesize

    4KB

  • memory/4112-7-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

  • memory/4112-6-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

  • memory/4112-0-0x00007FF938A30000-0x00007FF938A40000-memory.dmp

    Filesize

    64KB

  • memory/4112-13-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

  • memory/4112-14-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

  • memory/4112-15-0x00007FF936670000-0x00007FF936680000-memory.dmp

    Filesize

    64KB

  • memory/4112-18-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

  • memory/4112-17-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

  • memory/4112-19-0x00007FF936670000-0x00007FF936680000-memory.dmp

    Filesize

    64KB

  • memory/4112-16-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

  • memory/4112-23-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

  • memory/4112-22-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

  • memory/4112-5-0x00007FF938A30000-0x00007FF938A40000-memory.dmp

    Filesize

    64KB

  • memory/4112-12-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

  • memory/4112-21-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

  • memory/4112-11-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

  • memory/4112-9-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

  • memory/4112-8-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

  • memory/4112-4-0x00007FF938A30000-0x00007FF938A40000-memory.dmp

    Filesize

    64KB

  • memory/4112-41-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

  • memory/4112-42-0x00007FF978A4D000-0x00007FF978A4E000-memory.dmp

    Filesize

    4KB

  • memory/4112-43-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

  • memory/4112-46-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

  • memory/4112-3-0x00007FF938A30000-0x00007FF938A40000-memory.dmp

    Filesize

    64KB

  • memory/4112-552-0x00007FF938A30000-0x00007FF938A40000-memory.dmp

    Filesize

    64KB

  • memory/4112-551-0x00007FF938A30000-0x00007FF938A40000-memory.dmp

    Filesize

    64KB

  • memory/4112-550-0x00007FF938A30000-0x00007FF938A40000-memory.dmp

    Filesize

    64KB

  • memory/4112-553-0x00007FF938A30000-0x00007FF938A40000-memory.dmp

    Filesize

    64KB

  • memory/4112-554-0x00007FF9789B0000-0x00007FF978BA5000-memory.dmp

    Filesize

    2.0MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.