Analysis

  • max time kernel
    139s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2024, 07:58 UTC

General

  • Target

    $PLUGINSDIR/License_IT.rtf

  • Size

    7KB

  • MD5

    858d50016b5091a71bde743798e4fde9

  • SHA1

    80fe9815569fab908af407db0b0c386ee5fb0499

  • SHA256

    0d121347542face1889918432c70ce29e0fed3f53a837c9d03c9a73f49ccc834

  • SHA512

    2fa1080a2d667629fe2862075855b6ae1c6b4e592fc2e119f2775fb1ede100cbe9efd5252241b6ee4eddf8925d99e1751f06c0c3f0ad2290f489e0caaac7fce2

  • SSDEEP

    192:YfMZT9jNvNThXsR00Ao2dyTSWOrrgSRfM6+QxFHYidArvNK3pCnLPeWVRX2:X9jxBhXsR00odI1j6Hb8vg3pCLP1VRX2

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\License_IT.rtf" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2664
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4460,i,4174666705242427184,7333705955694532165,262144 --variations-seed-version --mojo-platform-channel-handle=4100 /prefetch:8
    1⤵
      PID:3216

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      18.89.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.89.109.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      roaming.officeapps.live.com
      WINWORD.EXE
      Remote address:
      8.8.8.8:53
      Request
      roaming.officeapps.live.com
      IN A
      Response
      roaming.officeapps.live.com
      IN CNAME
      prod.roaming1.live.com.akadns.net
      prod.roaming1.live.com.akadns.net
      IN CNAME
      eur.roaming1.live.com.akadns.net
      eur.roaming1.live.com.akadns.net
      IN CNAME
      neu-azsc-000.roaming.officeapps.live.com
      neu-azsc-000.roaming.officeapps.live.com
      IN CNAME
      osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com
      osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com
      IN A
      52.109.76.243
    • flag-ie
      POST
      https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
      WINWORD.EXE
      Remote address:
      52.109.76.243:443
      Request
      POST /rs/RoamingSoapService.svc HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Content-Type: text/xml; charset=utf-8
      User-Agent: MS-WebServices/1.0
      SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
      Content-Length: 511
      Host: roaming.officeapps.live.com
      Response
      HTTP/1.1 200 OK
      Cache-Control: private
      Content-Type: text/xml; charset=utf-8
      Server: Microsoft-IIS/10.0
      X-OfficeFE: RoamingFE_IN_406
      X-OfficeVersion: 16.0.18122.30576
      X-OfficeCluster: neu-000.roaming.officeapps.live.com
      X-CorrelationId: 09aaee22-69aa-4581-8c9c-8e8565db9294
      X-Powered-By: ASP.NET
      Date: Thu, 03 Oct 2024 07:58:44 GMT
      Content-Length: 654
    • flag-us
      DNS
      28.118.140.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      28.118.140.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      243.76.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      243.76.109.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      88.210.23.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      88.210.23.2.in-addr.arpa
      IN PTR
      Response
      88.210.23.2.in-addr.arpa
      IN PTR
      a2-23-210-88deploystaticakamaitechnologiescom
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      76.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      76.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      209.205.72.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.205.72.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      227.162.46.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      227.162.46.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      metadata.templates.cdn.office.net
      WINWORD.EXE
      Remote address:
      8.8.8.8:53
      Request
      metadata.templates.cdn.office.net
      IN A
      Response
      metadata.templates.cdn.office.net
      IN CNAME
      templatesmetadata.office.net
      templatesmetadata.office.net
      IN CNAME
      templatesmetadata.office.net.edgekey.net
      templatesmetadata.office.net.edgekey.net
      IN CNAME
      e26769.dscb.akamaiedge.net
      e26769.dscb.akamaiedge.net
      IN A
      2.18.63.57
      e26769.dscb.akamaiedge.net
      IN A
      2.18.63.31
    • flag-gb
      GET
      https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
      WINWORD.EXE
      Remote address:
      2.18.63.57:443
      Request
      GET /client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: metadata.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Type: text/xml
      Server: Kestrel
      Content-Encoding: gzip
      Content-Length: 1265
      Cache-Control: max-age=34689
      Date: Thu, 03 Oct 2024 07:59:00 GMT
      Connection: keep-alive
      Vary: Accept-Encoding
    • flag-us
      DNS
      binaries.templates.cdn.office.net
      WINWORD.EXE
      Remote address:
      8.8.8.8:53
      Request
      binaries.templates.cdn.office.net
      IN A
      Response
      binaries.templates.cdn.office.net
      IN CNAME
      binaries.templates.cdn.office.net.edgesuite.net
      binaries.templates.cdn.office.net.edgesuite.net
      IN CNAME
      a1847.dscg2.akamai.net
      a1847.dscg2.akamai.net
      IN A
      2.19.117.150
      a1847.dscg2.akamai.net
      IN A
      2.19.117.169
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp02851216.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 34816
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: YoYxJM3NoTXswOcieCy4iA==
      Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
      ETag: 0x8D36AC8813CE0D3
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 01a9fe93-e01e-0020-0397-a0f18d000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:01 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp02835233.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 46413
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: xFXEvEvsng2mfE0eU+RtWg==
      Last-Modified: Fri, 22 Apr 2016 16:09:25 GMT
      ETag: 0x8D36AC879BBB45C
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: bcca83ea-301e-000c-1015-b91d22000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:00 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp02851218.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31835
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: kqgZ1DSoquosZfDMLzO7Og==
      Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
      ETag: 0x8D36AC881E66CE5
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 7ac92116-501e-008c-3524-b9e224000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:00 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp02851219.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31605
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: ae2zv4HJn+ipS7oDQIxa4Q==
      Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
      ETag: 0x8D36AC8822FFB6E
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: d1eac4bf-d01e-0092-5897-a00efc000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:01 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp02851220.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31482
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 8Q35ApgPHVvuqWssZoQIpw==
      Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
      ETag: 0x8D36AC8827914A7
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: d704013f-301e-015e-1697-a09fc7000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:00 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp02851222.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 28911
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: bXh7HiI9trkbaSOAYsyocg==
      Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
      ETag: 0x8D36AC8830E54C8
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 2bee5db1-501e-00ee-2682-b92003000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:01 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp02851223.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 32833
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: IFr1FgTvlu8ejmAhJUH3Qg==
      Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
      ETag: 0x8D36AC88357BC32
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 29d802a9-701e-006f-6997-a080d9000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:00 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp02851224.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 30957
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 08kDbk4RWegysbTS6dQr8A==
      Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
      ETag: 0x8D36AC883A171B7
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 7a3535a8-301e-0103-55f4-b69543000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:01 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp02851221.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31562
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: HW+Oc6BmKkjTMgkKTIyJjw==
      Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
      ETag: 0x8D36AC882C4ED43
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: e4f000bb-501e-0148-0297-a06910000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:00 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp03998158.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 42788
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: IaS3txYxwszaX7umN1Hw0g==
      Last-Modified: Fri, 22 Apr 2016 16:11:18 GMT
      ETag: 0x8D36AC8BD065412
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 620287b7-401e-00f2-3213-ba7263000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:01 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp02851226.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 35519
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: U+6dpJ0LhDVwOOzzdoONLg==
      Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
      ETag: 0x8D36AC88440C433
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 19a4e9a0-101e-0104-7797-a0f920000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:00 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp02851217.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 33610
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: UYBOJVxXMXYDn01bVcEqsg==
      Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
      ETag: 0x8D36AC881987151
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: f2e2427f-801e-015b-3e97-a04d1c000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:01 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp03328884.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 22008
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: q78QzulIDkHYEnfpU4+Yyw==
      Last-Modified: Fri, 22 Apr 2016 16:10:17 GMT
      ETag: 0x8D36AC8987823BE
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: f3206081-b01e-0002-7f97-a03492000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:01 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp03328935.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 23597
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: fGRexQWYL+Up0OUDWzeP/A==
      Last-Modified: Fri, 22 Apr 2016 16:09:49 GMT
      ETag: 0x8D36AC887EFBA2F
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 56e459b1-f01e-010c-2097-a0e32f000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:00 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp03328998.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 21357
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: l/W3t+nhKBmZRopcQssS5w==
      Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
      ETag: 0x8D36AC88A7F05EE
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: d5cd4d7a-901e-011a-2b97-a015f8000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:00 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp0345744402.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 295527
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: mgcDXvgCv4n27SVNDbAqsA==
      Last-Modified: Wed, 29 Aug 2018 21:59:16 GMT
      ETag: 0x8D60DFAA9CC48C3
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: ea01ec0c-b01e-0110-4a97-a048da000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:00 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp02851227.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31471
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: karb7EFxz6gpK2GEkvXvNA==
      Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
      ETag: 0x8D36AC8848A0495
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: c81084a1-301e-0023-0625-b910e9000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:01 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp0403391901.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 1097591
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: v5XpZ+fRzsjv5Ca8ASfT3g==
      Last-Modified: Wed, 29 Aug 2018 18:16:09 GMT
      ETag: 0x8D60DDB7EAA50F0
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 4b5a1384-701e-0032-6dfb-b98a5d000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:00 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp0345747501.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 271273
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: IUN4l8m4isLLK7L++SLRkQ==
      Last-Modified: Wed, 29 Aug 2018 18:16:49 GMT
      ETag: 0x8D60DDB967B9FA5
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: dacba5b7-401e-0105-2397-a08a43000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:00 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp0345749101.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 261258
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: ZYKNx76Loc5hrXFCJSrMVA==
      Last-Modified: Wed, 29 Aug 2018 18:23:58 GMT
      ETag: 0x8D60DDC968C4F0E
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: efa60b57-b01e-011d-0697-a0799b000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:00 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp0345751501.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 222992
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: Jr6rnM6v5Pvwt8A2JoGp0g==
      Last-Modified: Wed, 29 Aug 2018 18:20:50 GMT
      ETag: 0x8D60DDC26100537
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 6efd7f9e-101e-00b2-2f97-a0755b000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:00 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp0403392101.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 1881952
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: U8X0WyLhM7KNS9O1o1D9vQ==
      Last-Modified: Wed, 29 Aug 2018 18:19:46 GMT
      ETag: 0x8D60DDC0007D57D
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 3d2d7040-b01e-0050-5297-a02761000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:00 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab
      WINWORD.EXE
      Remote address:
      2.19.117.150:443
      Request
      GET /support/templates/en-us/tp0403392501.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 1310275
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: nJ9JpHIiwYAlzCVXUzepZQ==
      Last-Modified: Wed, 29 Aug 2018 18:17:15 GMT
      ETag: 0x8D60DDBA5EDDA1A
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: ef258b2c-c01e-001b-4d97-a016fb000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Thu, 03 Oct 2024 07:59:00 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-us
      DNS
      57.63.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.63.18.2.in-addr.arpa
      IN PTR
      Response
      57.63.18.2.in-addr.arpa
      IN PTR
      a2-18-63-57deploystaticakamaitechnologiescom
    • flag-us
      DNS
      150.117.19.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      150.117.19.2.in-addr.arpa
      IN PTR
      Response
      150.117.19.2.in-addr.arpa
      IN PTR
      a2-19-117-150deploystaticakamaitechnologiescom
    • flag-us
      DNS
      97.17.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.17.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      97.17.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.17.167.52.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      58.55.71.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      58.55.71.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      197.87.175.4.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      197.87.175.4.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      14.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.227.111.52.in-addr.arpa
      IN PTR
      Response
    • 52.109.76.243:443
      https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
      tls, http
      WINWORD.EXE
      1.7kB
      7.7kB
      11
      10

      HTTP Request

      POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

      HTTP Response

      200
    • 2.18.63.57:443
      https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
      tls, http
      WINWORD.EXE
      2.0kB
      6.4kB
      13
      13

      HTTP Request

      GET https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab
      tls, http
      WINWORD.EXE
      2.7kB
      41.9kB
      28
      39

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab
      tls, http
      WINWORD.EXE
      2.3kB
      53.0kB
      28
      44

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab
      tls, http
      WINWORD.EXE
      2.0kB
      37.9kB
      22
      33

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab
      tls, http
      WINWORD.EXE
      2.5kB
      38.8kB
      24
      34

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab
      tls, http
      WINWORD.EXE
      2.0kB
      37.5kB
      22
      33

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab
      tls, http
      WINWORD.EXE
      2.9kB
      34.9kB
      23
      31

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab
      tls, http
      WINWORD.EXE
      2.0kB
      39.0kB
      23
      34

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab
      tls, http
      WINWORD.EXE
      3.0kB
      37.0kB
      24
      33

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab
      tls, http
      WINWORD.EXE
      2.2kB
      37.6kB
      26
      33

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

      HTTP Response

      200
    • 2.19.117.150:443
      binaries.templates.cdn.office.net
      tls
      WINWORD.EXE
      2.0kB
      37.1kB
      22
      33
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab
      tls, http
      WINWORD.EXE
      2.8kB
      49.4kB
      29
      43

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab
      tls, http
      WINWORD.EXE
      2.1kB
      41.7kB
      24
      36

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab
      tls, http
      WINWORD.EXE
      2.2kB
      39.8kB
      24
      36

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab
      tls, http
      WINWORD.EXE
      2.0kB
      27.8kB
      20
      27

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab
      tls, http
      WINWORD.EXE
      1.8kB
      29.4kB
      19
      27

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab
      tls, http
      WINWORD.EXE
      1.8kB
      27.1kB
      19
      26

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
      tls, http
      WINWORD.EXE
      8.4kB
      311.4kB
      142
      229

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab
      tls, http
      WINWORD.EXE
      3.0kB
      37.5kB
      24
      33

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
      tls, http
      WINWORD.EXE
      41.2kB
      1.1MB
      654
      826

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
      tls, http
      WINWORD.EXE
      7.6kB
      285.0kB
      129
      211

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab
      tls, http
      WINWORD.EXE
      6.3kB
      278.9kB
      115
      206

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab
      tls, http
      WINWORD.EXE
      5.2kB
      235.2kB
      93
      175

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab
      tls, http
      WINWORD.EXE
      56.8kB
      1.9MB
      955
      1403

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

      HTTP Response

      200
    • 2.19.117.150:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab
      tls, http
      WINWORD.EXE
      41.9kB
      1.4MB
      693
      983

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

      HTTP Response

      200
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
      90 B
      1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      18.89.109.52.in-addr.arpa
      dns
      71 B
      145 B
      1
      1

      DNS Request

      18.89.109.52.in-addr.arpa

    • 8.8.8.8:53
      roaming.officeapps.live.com
      dns
      WINWORD.EXE
      73 B
      248 B
      1
      1

      DNS Request

      roaming.officeapps.live.com

      DNS Response

      52.109.76.243

    • 8.8.8.8:53
      28.118.140.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      28.118.140.52.in-addr.arpa

    • 8.8.8.8:53
      243.76.109.52.in-addr.arpa
      dns
      72 B
      146 B
      1
      1

      DNS Request

      243.76.109.52.in-addr.arpa

    • 8.8.8.8:53
      88.210.23.2.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      88.210.23.2.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
      144 B
      1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      76.32.126.40.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      76.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      209.205.72.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      209.205.72.20.in-addr.arpa

    • 8.8.8.8:53
      227.162.46.104.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      227.162.46.104.in-addr.arpa

    • 8.8.8.8:53
      metadata.templates.cdn.office.net
      dns
      WINWORD.EXE
      79 B
      231 B
      1
      1

      DNS Request

      metadata.templates.cdn.office.net

      DNS Response

      2.18.63.57
      2.18.63.31

    • 8.8.8.8:53
      binaries.templates.cdn.office.net
      dns
      WINWORD.EXE
      79 B
      202 B
      1
      1

      DNS Request

      binaries.templates.cdn.office.net

      DNS Response

      2.19.117.150
      2.19.117.169

    • 8.8.8.8:53
      57.63.18.2.in-addr.arpa
      dns
      69 B
      131 B
      1
      1

      DNS Request

      57.63.18.2.in-addr.arpa

    • 8.8.8.8:53
      150.117.19.2.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      150.117.19.2.in-addr.arpa

    • 8.8.8.8:53
      97.17.167.52.in-addr.arpa
      dns
      142 B
      145 B
      2
      1

      DNS Request

      97.17.167.52.in-addr.arpa

      DNS Request

      97.17.167.52.in-addr.arpa

    • 8.8.8.8:53
      58.55.71.13.in-addr.arpa
      dns
      70 B
      144 B
      1
      1

      DNS Request

      58.55.71.13.in-addr.arpa

    • 8.8.8.8:53
      197.87.175.4.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      197.87.175.4.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      14.227.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      14.227.111.52.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\TCD9A12.tmp\sist02.xsl

      Filesize

      245KB

      MD5

      f883b260a8d67082ea895c14bf56dd56

      SHA1

      7954565c1f243d46ad3b1e2f1baf3281451fc14b

      SHA256

      ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

      SHA512

      d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

      Filesize

      1KB

      MD5

      226ad4f183aed57c7f0bc96e63ead3b8

      SHA1

      83c760a19d7453f79a2c02b2cd968c580f2b7437

      SHA256

      4d1bba526c4db300a0483261c4f4ae69f8c5ce8bd209920da8ab1249dd1049b7

      SHA512

      ad3eea03619b3691a6c8ab075a26bc053beeb91077f000897543fde0cc0072c2f3e7bde59bc134d2f19c9cbab19d044eea6906d6869bbfcca72241e45d001b42

    • memory/2664-8-0x00007FF985BD0000-0x00007FF985DC5000-memory.dmp

      Filesize

      2.0MB

    • memory/2664-42-0x00007FF985BD0000-0x00007FF985DC5000-memory.dmp

      Filesize

      2.0MB

    • memory/2664-7-0x00007FF985BD0000-0x00007FF985DC5000-memory.dmp

      Filesize

      2.0MB

    • memory/2664-10-0x00007FF985BD0000-0x00007FF985DC5000-memory.dmp

      Filesize

      2.0MB

    • memory/2664-11-0x00007FF985BD0000-0x00007FF985DC5000-memory.dmp

      Filesize

      2.0MB

    • memory/2664-12-0x00007FF985BD0000-0x00007FF985DC5000-memory.dmp

      Filesize

      2.0MB

    • memory/2664-13-0x00007FF943490000-0x00007FF9434A0000-memory.dmp

      Filesize

      64KB

    • memory/2664-9-0x00007FF985BD0000-0x00007FF985DC5000-memory.dmp

      Filesize

      2.0MB

    • memory/2664-15-0x00007FF985BD0000-0x00007FF985DC5000-memory.dmp

      Filesize

      2.0MB

    • memory/2664-14-0x00007FF985BD0000-0x00007FF985DC5000-memory.dmp

      Filesize

      2.0MB

    • memory/2664-0-0x00007FF945C50000-0x00007FF945C60000-memory.dmp

      Filesize

      64KB

    • memory/2664-6-0x00007FF985BD0000-0x00007FF985DC5000-memory.dmp

      Filesize

      2.0MB

    • memory/2664-4-0x00007FF945C50000-0x00007FF945C60000-memory.dmp

      Filesize

      64KB

    • memory/2664-16-0x00007FF943490000-0x00007FF9434A0000-memory.dmp

      Filesize

      64KB

    • memory/2664-5-0x00007FF945C50000-0x00007FF945C60000-memory.dmp

      Filesize

      64KB

    • memory/2664-18-0x00007FF985BD0000-0x00007FF985DC5000-memory.dmp

      Filesize

      2.0MB

    • memory/2664-19-0x00007FF985BD0000-0x00007FF985DC5000-memory.dmp

      Filesize

      2.0MB

    • memory/2664-20-0x00007FF985BD0000-0x00007FF985DC5000-memory.dmp

      Filesize

      2.0MB

    • memory/2664-17-0x00007FF985BD0000-0x00007FF985DC5000-memory.dmp

      Filesize

      2.0MB

    • memory/2664-40-0x00007FF985BD0000-0x00007FF985DC5000-memory.dmp

      Filesize

      2.0MB

    • memory/2664-41-0x00007FF985C6D000-0x00007FF985C6E000-memory.dmp

      Filesize

      4KB

    • memory/2664-2-0x00007FF945C50000-0x00007FF945C60000-memory.dmp

      Filesize

      64KB

    • memory/2664-43-0x00007FF985BD0000-0x00007FF985DC5000-memory.dmp

      Filesize

      2.0MB

    • memory/2664-3-0x00007FF945C50000-0x00007FF945C60000-memory.dmp

      Filesize

      64KB

    • memory/2664-1-0x00007FF985C6D000-0x00007FF985C6E000-memory.dmp

      Filesize

      4KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.