Overview
overview
7Static
static
70eb09cecff...18.exe
windows7-x64
70eb09cecff...18.exe
windows10-2004-x64
7$PLUGINSDI...nt.dll
windows7-x64
3$PLUGINSDI...nt.dll
windows10-2004-x64
3$PLUGINSDI...DE.rtf
windows7-x64
4$PLUGINSDI...DE.rtf
windows10-2004-x64
1$PLUGINSDI...EN.rtf
windows7-x64
4$PLUGINSDI...EN.rtf
windows10-2004-x64
1$PLUGINSDI...ES.rtf
windows7-x64
4$PLUGINSDI...ES.rtf
windows10-2004-x64
1$PLUGINSDI...FR.rtf
windows7-x64
4$PLUGINSDI...FR.rtf
windows10-2004-x64
1$PLUGINSDI...IT.rtf
windows7-x64
4$PLUGINSDI...IT.rtf
windows10-2004-x64
1$PLUGINSDI...NL.rtf
windows7-x64
4$PLUGINSDI...NL.rtf
windows10-2004-x64
1$PLUGINSDI...PT.rtf
windows7-x64
4$PLUGINSDI...PT.rtf
windows10-2004-x64
1$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...ry.dll
windows7-x64
3$PLUGINSDI...ry.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3$PLUGINSDI...ay.dll
windows7-x64
7$PLUGINSDI...ay.dll
windows10-2004-x64
7$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDIR/utils.dll
windows7-x64
3$PLUGINSDIR/utils.dll
windows10-2004-x64
3Analysis
-
max time kernel
139s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
03/10/2024, 07:58 UTC
Behavioral task
behavioral1
Sample
0eb09cecffd1319bcba0e7424529762a_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0eb09cecffd1319bcba0e7424529762a_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ButtonEvent.dll
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ButtonEvent.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/License_DE.rtf
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/License_DE.rtf
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/License_EN.rtf
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/License_EN.rtf
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/License_ES.rtf
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/License_ES.rtf
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/License_FR.rtf
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/License_FR.rtf
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/License_IT.rtf
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/License_IT.rtf
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/License_NL.rtf
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/License_NL.rtf
Resource
win10v2004-20240910-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/License_PT.rtf
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/License_PT.rtf
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/Registry.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/Registry.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20240704-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/nsArray.dll
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/nsArray.dll
Resource
win10v2004-20240910-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/utils.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/utils.dll
Resource
win10v2004-20240802-en
General
-
Target
$PLUGINSDIR/License_IT.rtf
-
Size
7KB
-
MD5
858d50016b5091a71bde743798e4fde9
-
SHA1
80fe9815569fab908af407db0b0c386ee5fb0499
-
SHA256
0d121347542face1889918432c70ce29e0fed3f53a837c9d03c9a73f49ccc834
-
SHA512
2fa1080a2d667629fe2862075855b6ae1c6b4e592fc2e119f2775fb1ede100cbe9efd5252241b6ee4eddf8925d99e1751f06c0c3f0ad2290f489e0caaac7fce2
-
SSDEEP
192:YfMZT9jNvNThXsR00Ao2dyTSWOrrgSRfM6+QxFHYidArvNK3pCnLPeWVRX2:X9jxBhXsR00odI1j6Hb8vg3pCLP1VRX2
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 2664 WINWORD.EXE 2664 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2664 WINWORD.EXE 2664 WINWORD.EXE 2664 WINWORD.EXE 2664 WINWORD.EXE 2664 WINWORD.EXE 2664 WINWORD.EXE 2664 WINWORD.EXE 2664 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\License_IT.rtf" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2664
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4460,i,4174666705242427184,7333705955694532165,262144 --variations-seed-version --mojo-platform-channel-handle=4100 /prefetch:81⤵PID:3216
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request18.89.109.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestroaming.officeapps.live.comIN AResponseroaming.officeapps.live.comIN CNAMEprod.roaming1.live.com.akadns.netprod.roaming1.live.com.akadns.netIN CNAMEeur.roaming1.live.com.akadns.neteur.roaming1.live.com.akadns.netIN CNAMEneu-azsc-000.roaming.officeapps.live.comneu-azsc-000.roaming.officeapps.live.comIN CNAMEosiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.comosiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.comIN A52.109.76.243
-
Remote address:52.109.76.243:443RequestPOST /rs/RoamingSoapService.svc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/xml; charset=utf-8
User-Agent: MS-WebServices/1.0
SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
Content-Length: 511
Host: roaming.officeapps.live.com
ResponseHTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/10.0
X-OfficeFE: RoamingFE_IN_406
X-OfficeVersion: 16.0.18122.30576
X-OfficeCluster: neu-000.roaming.officeapps.live.com
X-CorrelationId: 09aaee22-69aa-4581-8c9c-8e8565db9294
X-Powered-By: ASP.NET
Date: Thu, 03 Oct 2024 07:58:44 GMT
Content-Length: 654
-
Remote address:8.8.8.8:53Request28.118.140.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request243.76.109.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request88.210.23.2.in-addr.arpaIN PTRResponse88.210.23.2.in-addr.arpaIN PTRa2-23-210-88deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request76.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request209.205.72.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request227.162.46.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestmetadata.templates.cdn.office.netIN AResponsemetadata.templates.cdn.office.netIN CNAMEtemplatesmetadata.office.nettemplatesmetadata.office.netIN CNAMEtemplatesmetadata.office.net.edgekey.nettemplatesmetadata.office.net.edgekey.netIN CNAMEe26769.dscb.akamaiedge.nete26769.dscb.akamaiedge.netIN A2.18.63.57e26769.dscb.akamaiedge.netIN A2.18.63.31
-
GEThttps://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527>ype=0%2C1%2C2%2C5%2CWINWORD.EXERemote address:2.18.63.57:443RequestGET /client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527>ype=0%2C1%2C2%2C5%2C HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: metadata.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Server: Kestrel
Content-Encoding: gzip
Content-Length: 1265
Cache-Control: max-age=34689
Date: Thu, 03 Oct 2024 07:59:00 GMT
Connection: keep-alive
Vary: Accept-Encoding
-
Remote address:8.8.8.8:53Requestbinaries.templates.cdn.office.netIN AResponsebinaries.templates.cdn.office.netIN CNAMEbinaries.templates.cdn.office.net.edgesuite.netbinaries.templates.cdn.office.net.edgesuite.netIN CNAMEa1847.dscg2.akamai.neta1847.dscg2.akamai.netIN A2.19.117.150a1847.dscg2.akamai.netIN A2.19.117.169
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp02851216.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: YoYxJM3NoTXswOcieCy4iA==
Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
ETag: 0x8D36AC8813CE0D3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 01a9fe93-e01e-0020-0397-a0f18d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:01 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp02835233.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: xFXEvEvsng2mfE0eU+RtWg==
Last-Modified: Fri, 22 Apr 2016 16:09:25 GMT
ETag: 0x8D36AC879BBB45C
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: bcca83ea-301e-000c-1015-b91d22000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:00 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp02851218.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: kqgZ1DSoquosZfDMLzO7Og==
Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
ETag: 0x8D36AC881E66CE5
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7ac92116-501e-008c-3524-b9e224000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:00 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp02851219.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: ae2zv4HJn+ipS7oDQIxa4Q==
Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
ETag: 0x8D36AC8822FFB6E
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d1eac4bf-d01e-0092-5897-a00efc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:01 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp02851220.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 8Q35ApgPHVvuqWssZoQIpw==
Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
ETag: 0x8D36AC8827914A7
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d704013f-301e-015e-1697-a09fc7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:00 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp02851222.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: bXh7HiI9trkbaSOAYsyocg==
Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
ETag: 0x8D36AC8830E54C8
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2bee5db1-501e-00ee-2682-b92003000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:01 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp02851223.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: IFr1FgTvlu8ejmAhJUH3Qg==
Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
ETag: 0x8D36AC88357BC32
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 29d802a9-701e-006f-6997-a080d9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:00 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp02851224.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 08kDbk4RWegysbTS6dQr8A==
Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
ETag: 0x8D36AC883A171B7
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7a3535a8-301e-0103-55f4-b69543000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:01 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp02851221.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: HW+Oc6BmKkjTMgkKTIyJjw==
Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
ETag: 0x8D36AC882C4ED43
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e4f000bb-501e-0148-0297-a06910000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:00 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp03998158.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: IaS3txYxwszaX7umN1Hw0g==
Last-Modified: Fri, 22 Apr 2016 16:11:18 GMT
ETag: 0x8D36AC8BD065412
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 620287b7-401e-00f2-3213-ba7263000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:01 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp02851226.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: U+6dpJ0LhDVwOOzzdoONLg==
Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
ETag: 0x8D36AC88440C433
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 19a4e9a0-101e-0104-7797-a0f920000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:00 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp02851217.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: UYBOJVxXMXYDn01bVcEqsg==
Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
ETag: 0x8D36AC881987151
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f2e2427f-801e-015b-3e97-a04d1c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:01 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp03328884.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: q78QzulIDkHYEnfpU4+Yyw==
Last-Modified: Fri, 22 Apr 2016 16:10:17 GMT
ETag: 0x8D36AC8987823BE
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f3206081-b01e-0002-7f97-a03492000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:01 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp03328935.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: fGRexQWYL+Up0OUDWzeP/A==
Last-Modified: Fri, 22 Apr 2016 16:09:49 GMT
ETag: 0x8D36AC887EFBA2F
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 56e459b1-f01e-010c-2097-a0e32f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:00 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp03328998.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: l/W3t+nhKBmZRopcQssS5w==
Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
ETag: 0x8D36AC88A7F05EE
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d5cd4d7a-901e-011a-2b97-a015f8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:00 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp0345744402.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: mgcDXvgCv4n27SVNDbAqsA==
Last-Modified: Wed, 29 Aug 2018 21:59:16 GMT
ETag: 0x8D60DFAA9CC48C3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ea01ec0c-b01e-0110-4a97-a048da000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:00 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp02851227.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: karb7EFxz6gpK2GEkvXvNA==
Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
ETag: 0x8D36AC8848A0495
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c81084a1-301e-0023-0625-b910e9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:01 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp0403391901.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: v5XpZ+fRzsjv5Ca8ASfT3g==
Last-Modified: Wed, 29 Aug 2018 18:16:09 GMT
ETag: 0x8D60DDB7EAA50F0
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4b5a1384-701e-0032-6dfb-b98a5d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:00 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp0345747501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: IUN4l8m4isLLK7L++SLRkQ==
Last-Modified: Wed, 29 Aug 2018 18:16:49 GMT
ETag: 0x8D60DDB967B9FA5
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: dacba5b7-401e-0105-2397-a08a43000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:00 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp0345749101.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: ZYKNx76Loc5hrXFCJSrMVA==
Last-Modified: Wed, 29 Aug 2018 18:23:58 GMT
ETag: 0x8D60DDC968C4F0E
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: efa60b57-b01e-011d-0697-a0799b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:00 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp0345751501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: Jr6rnM6v5Pvwt8A2JoGp0g==
Last-Modified: Wed, 29 Aug 2018 18:20:50 GMT
ETag: 0x8D60DDC26100537
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 6efd7f9e-101e-00b2-2f97-a0755b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:00 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp0403392101.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: U8X0WyLhM7KNS9O1o1D9vQ==
Last-Modified: Wed, 29 Aug 2018 18:19:46 GMT
ETag: 0x8D60DDC0007D57D
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3d2d7040-b01e-0050-5297-a02761000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:00 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:2.19.117.150:443RequestGET /support/templates/en-us/tp0403392501.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 10F32818-C0D6-480A-A518-F282208DB119
Host: binaries.templates.cdn.office.net
ResponseHTTP/1.1 200 OK
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: nJ9JpHIiwYAlzCVXUzepZQ==
Last-Modified: Wed, 29 Aug 2018 18:17:15 GMT
ETag: 0x8D60DDBA5EDDA1A
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ef258b2c-c01e-001b-4d97-a016fb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 03 Oct 2024 07:59:00 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
-
Remote address:8.8.8.8:53Request57.63.18.2.in-addr.arpaIN PTRResponse57.63.18.2.in-addr.arpaIN PTRa2-18-63-57deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request150.117.19.2.in-addr.arpaIN PTRResponse150.117.19.2.in-addr.arpaIN PTRa2-19-117-150deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request97.17.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request97.17.167.52.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request58.55.71.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request197.87.175.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request14.227.111.52.in-addr.arpaIN PTRResponse
-
52.109.76.243:443https://roaming.officeapps.live.com/rs/RoamingSoapService.svctls, httpWINWORD.EXE1.7kB 7.7kB 11 10
HTTP Request
POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svcHTTP Response
200 -
2.18.63.57:443https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527>ype=0%2C1%2C2%2C5%2Ctls, httpWINWORD.EXE2.0kB 6.4kB 13 13
HTTP Request
GET https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527>ype=0%2C1%2C2%2C5%2CHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cabtls, httpWINWORD.EXE2.7kB 41.9kB 28 39
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cabtls, httpWINWORD.EXE2.3kB 53.0kB 28 44
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cabtls, httpWINWORD.EXE2.0kB 37.9kB 22 33
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cabtls, httpWINWORD.EXE2.5kB 38.8kB 24 34
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cabtls, httpWINWORD.EXE2.0kB 37.5kB 22 33
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cabtls, httpWINWORD.EXE2.9kB 34.9kB 23 31
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cabtls, httpWINWORD.EXE2.0kB 39.0kB 23 34
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cabtls, httpWINWORD.EXE3.0kB 37.0kB 24 33
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cabtls, httpWINWORD.EXE2.2kB 37.6kB 26 33
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cabHTTP Response
200 -
2.0kB 37.1kB 22 33
-
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cabtls, httpWINWORD.EXE2.8kB 49.4kB 29 43
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cabtls, httpWINWORD.EXE2.1kB 41.7kB 24 36
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cabtls, httpWINWORD.EXE2.2kB 39.8kB 24 36
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cabtls, httpWINWORD.EXE2.0kB 27.8kB 20 27
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cabtls, httpWINWORD.EXE1.8kB 29.4kB 19 27
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cabtls, httpWINWORD.EXE1.8kB 27.1kB 19 26
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cabtls, httpWINWORD.EXE8.4kB 311.4kB 142 229
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cabtls, httpWINWORD.EXE3.0kB 37.5kB 24 33
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cabtls, httpWINWORD.EXE41.2kB 1.1MB 654 826
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cabtls, httpWINWORD.EXE7.6kB 285.0kB 129 211
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cabtls, httpWINWORD.EXE6.3kB 278.9kB 115 206
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cabtls, httpWINWORD.EXE5.2kB 235.2kB 93 175
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cabtls, httpWINWORD.EXE56.8kB 1.9MB 955 1403
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cabHTTP Response
200 -
2.19.117.150:443https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cabtls, httpWINWORD.EXE41.9kB 1.4MB 693 983
HTTP Request
GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cabHTTP Response
200
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
18.89.109.52.in-addr.arpa
-
73 B 248 B 1 1
DNS Request
roaming.officeapps.live.com
DNS Response
52.109.76.243
-
72 B 158 B 1 1
DNS Request
28.118.140.52.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
243.76.109.52.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
88.210.23.2.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
76.32.126.40.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
209.205.72.20.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
227.162.46.104.in-addr.arpa
-
79 B 231 B 1 1
DNS Request
metadata.templates.cdn.office.net
DNS Response
2.18.63.572.18.63.31
-
79 B 202 B 1 1
DNS Request
binaries.templates.cdn.office.net
DNS Response
2.19.117.1502.19.117.169
-
69 B 131 B 1 1
DNS Request
57.63.18.2.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
150.117.19.2.in-addr.arpa
-
142 B 145 B 2 1
DNS Request
97.17.167.52.in-addr.arpa
DNS Request
97.17.167.52.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
58.55.71.13.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
197.87.175.4.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
14.227.111.52.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
245KB
MD5f883b260a8d67082ea895c14bf56dd56
SHA17954565c1f243d46ad3b1e2f1baf3281451fc14b
SHA256ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353
SHA512d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize1KB
MD5226ad4f183aed57c7f0bc96e63ead3b8
SHA183c760a19d7453f79a2c02b2cd968c580f2b7437
SHA2564d1bba526c4db300a0483261c4f4ae69f8c5ce8bd209920da8ab1249dd1049b7
SHA512ad3eea03619b3691a6c8ab075a26bc053beeb91077f000897543fde0cc0072c2f3e7bde59bc134d2f19c9cbab19d044eea6906d6869bbfcca72241e45d001b42