Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/12/2024, 07:02 UTC

General

  • Target

    e53bcefe67ef4c07fbc68571aeed16bb_JaffaCakes118.exe

  • Size

    327KB

  • MD5

    e53bcefe67ef4c07fbc68571aeed16bb

  • SHA1

    ac43508e3195525348518e43c4514de1023bff2e

  • SHA256

    ea6e1cd7b54a6abca274cea4aca81c1d6a3e199c42c417089a6e1a9de655cfd0

  • SHA512

    129c2fb2cbdf3e87375ee82342e169cd025b6fa5adef0083fa3f60ddd8e9377f1bc4a7ae57c2727e10f3666bba194191eb5d9fec41196e397cd3aea5f52460db

  • SSDEEP

    6144:LmpyGttLh7jEa4q5S+MBQUC7TWZgRZUYZ:Lmt574q4rBFC7Th9Z

Malware Config

Signatures

  • Ardamax

    A keylogger first seen in 2013.

  • Ardamax family
  • Ardamax main executable 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e53bcefe67ef4c07fbc68571aeed16bb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e53bcefe67ef4c07fbc68571aeed16bb_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4468
    • C:\Windows\SysWOW64\iexplore.exe
      "C:\Windows\system32\iexplore.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2804
    • C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "C:\Users\Admin\AppData\Local\Temp\Cidade dos anjos.pps" /ou ""
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:1760

Network

  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    roaming.officeapps.live.com
    POWERPNT.EXE
    Remote address:
    8.8.8.8:53
    Request
    roaming.officeapps.live.com
    IN A
    Response
    roaming.officeapps.live.com
    IN CNAME
    prod.roaming1.live.com.akadns.net
    prod.roaming1.live.com.akadns.net
    IN CNAME
    eur.roaming1.live.com.akadns.net
    eur.roaming1.live.com.akadns.net
    IN CNAME
    weu-azsc-000.roaming.officeapps.live.com
    weu-azsc-000.roaming.officeapps.live.com
    IN CNAME
    osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com
    osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com
    IN A
    52.109.89.19
  • flag-nl
    POST
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    POWERPNT.EXE
    Remote address:
    52.109.89.19:443
    Request
    POST /rs/RoamingSoapService.svc HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/xml; charset=utf-8
    User-Agent: MS-WebServices/1.0
    SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
    Content-Length: 511
    Host: roaming.officeapps.live.com
    Response
    HTTP/1.1 200 OK
    Cache-Control: private
    Content-Type: text/xml; charset=utf-8
    Server: Microsoft-IIS/10.0
    X-OfficeFE: RoamingFE_IN_155
    X-OfficeVersion: 16.0.18315.30575
    X-OfficeCluster: weu-000.roaming.officeapps.live.com
    Content-Security-Policy-Report-Only: script-src 'nonce-iNLF7QLkkGmKELjP0MEE+rIObOXm5DqSRTxr/OpxgNNBhh1W1K0k81GKNkb7ZmWj8QS3GgE153eRIusFN5k5dPyQc1o6fU0mpr9sMsx2Dji5F0/dJMyVWqSv0HNMSWaR1jLxbDnCRRSl39QC5QMVS6cKB/1BtHrISWSnWbv7MjE=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; base-uri 'self'; object-src 'none'; require-trusted-types-for 'script'; report-uri https://csp.microsoft.com/report/OfficeIce-OfficeRoaming-Prod
    X-CorrelationId: dda31456-436c-416b-a359-3e4b82f3d67b
    X-Powered-By: ASP.NET
    Date: Thu, 12 Dec 2024 15:03:18 GMT
    Content-Length: 654
  • flag-us
    DNS
    68.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.89.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.89.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    105.193.132.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    105.193.132.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    metadata.templates.cdn.office.net
    POWERPNT.EXE
    Remote address:
    8.8.8.8:53
    Request
    metadata.templates.cdn.office.net
    IN A
    Response
    metadata.templates.cdn.office.net
    IN CNAME
    templatesmetadata.office.net
    templatesmetadata.office.net
    IN CNAME
    templatesmetadata.office.net.edgekey.net
    templatesmetadata.office.net.edgekey.net
    IN CNAME
    e26769.dscb.akamaiedge.net
    e26769.dscb.akamaiedge.net
    IN A
    95.100.195.11
    e26769.dscb.akamaiedge.net
    IN A
    95.100.195.47
  • flag-us
    GET
    https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=3&ver=16&tl=2&build=16.0.12527&gtype=0%2C2%2C
    POWERPNT.EXE
    Remote address:
    95.100.195.11:443
    Request
    GET /client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=3&ver=16&tl=2&build=16.0.12527&gtype=0%2C2%2C HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: metadata.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Type: text/xml
    Server: Kestrel
    Content-Encoding: gzip
    Content-Length: 1119
    Cache-Control: max-age=137152
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
  • flag-us
    DNS
    binaries.templates.cdn.office.net
    POWERPNT.EXE
    Remote address:
    8.8.8.8:53
    Request
    binaries.templates.cdn.office.net
    IN A
    Response
    binaries.templates.cdn.office.net
    IN CNAME
    binaries.templates.cdn.office.net.edgesuite.net
    binaries.templates.cdn.office.net.edgesuite.net
    IN CNAME
    a1847.dscg2.akamai.net
    a1847.dscg2.akamai.net
    IN A
    184.50.113.73
    a1847.dscg2.akamai.net
    IN A
    184.50.113.32
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0283634201.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0283634201.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1609163
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 689yT4iFaSu44u4kBqrcAg==
    Last-Modified: Fri, 10 May 2019 01:40:27 GMT
    ETag: 0x8D6D4E87A95C4CA
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: c7e1e4aa-f01e-005e-2e97-a061ca000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0290068801.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0290068801.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 487545
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: tDEvykqKIfiQUxHUQn6Huw==
    Last-Modified: Fri, 10 May 2019 01:39:26 GMT
    ETag: 0x8D6D4E85692E711
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 33330aa5-101e-008d-2e97-a0bdf8000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0289231501.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0289231501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 496354
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: rS2CwqYjwRdtJXJwA/R0pg==
    Last-Modified: Fri, 10 May 2019 01:39:05 GMT
    ETag: 0x8D6D4E849C6E9D3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: a209bf42-f01e-003c-3797-a0a3ed000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0290072001.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0290072001.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 2754858
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: VzmRBoJhhEA6N596moaa0w==
    Last-Modified: Fri, 10 May 2019 01:37:43 GMT
    ETag: 0x8D6D4E818DA1F68
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d215cf81-701e-001d-115b-b98796000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0290072202.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0290072202.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1393811
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: D1a0PYNhbWpgE0v1D55oTg==
    Last-Modified: Wed, 29 Aug 2018 18:15:13 GMT
    ETag: 0x8D60DDB5D2646C1
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 1c33ea78-401e-00cd-4197-a0bac0000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0290076901.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0290076901.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1088984
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: xK9J8vvCma59O4KFvAiQyQ==
    Last-Modified: Wed, 29 Aug 2018 18:21:37 GMT
    ETag: 0x8D60DDC42494332
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 85afca4c-001e-00ca-7197-a0aba4000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0290074301.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0290074301.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 8178537
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: mu0vu7Qn1voaTA2JCcs/Pw==
    Last-Modified: Fri, 10 May 2019 01:41:58 GMT
    ETag: 0x8D6D4E8B0B2BBB9
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 233fc269-001e-005f-1c55-f93479000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp03328884.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22008
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: q78QzulIDkHYEnfpU4+Yyw==
    Last-Modified: Fri, 22 Apr 2016 16:10:17 GMT
    ETag: 0x8D36AC8987823BE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: f3206081-b01e-0002-7f97-a03492000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0309043402.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 723359
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: dIpTxr3Vzpe9VKdsejNChg==
    Last-Modified: Wed, 29 Aug 2018 18:14:30 GMT
    ETag: 0x8D60DDB43B59EC5
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: b73fb8ce-601e-005c-4e97-a0df72000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp03328893.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 20235
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 48ZBc7L0qnq3LhOWqVFL2A==
    Last-Modified: Fri, 22 Apr 2016 16:10:17 GMT
    ETag: 0x8D36AC898C9059A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 984e6235-501e-0057-1e97-a02419000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp03328905.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 20457
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: TvpI7DB+ry+bNGoHPGf8+w==
    Last-Modified: Fri, 22 Apr 2016 16:09:46 GMT
    ETag: 0x8D36AC886167DDF
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 3e37f31b-801e-0044-5062-b90015000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp03328908.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 31083
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: iamBjmZY1zpztkJSL/hwHw==
    Last-Modified: Fri, 22 Apr 2016 16:09:46 GMT
    ETag: 0x8D36AC8865F4922
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d2bdd4cc-b01e-0084-2497-a0f82b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp03328919.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22149
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: ZsUZnPT7GL1Pnz8sywdABw==
    Last-Modified: Fri, 22 Apr 2016 16:09:48 GMT
    ETag: 0x8D36AC8871139C3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: bd32d8ea-801e-0033-2376-14dfee000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp03328916.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 26944
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: +RPdhJFXUwQthWzsTl2rpQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:47 GMT
    ETag: 0x8D36AC886C4C4EE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 1184cf03-901e-010a-18fd-bfd090000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp03328925.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 25314
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: xH40MK+BPfiwLhy0gp3ZSw==
    Last-Modified: Fri, 22 Apr 2016 16:09:48 GMT
    ETag: 0x8D36AC8875AEF5A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d4300e98-b01e-0122-3c97-a0b138000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0403393701.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 3256855
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: iGe99fx1Tanab1ujQTNFlQ==
    Last-Modified: Wed, 29 Aug 2018 18:19:43 GMT
    ETag: 0x8D60DDBFE4BB50C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 1aa38d20-a01e-00b7-6997-a0a780000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp03328932.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 20554
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: SGy8siO4cxMv+vS4rQrQRA==
    Last-Modified: Fri, 22 Apr 2016 16:09:49 GMT
    ETag: 0x8D36AC887A4CC19
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 66a5a3ee-401e-0074-7f97-a0beda000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp03328935.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 23597
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: fGRexQWYL+Up0OUDWzeP/A==
    Last-Modified: Fri, 22 Apr 2016 16:09:49 GMT
    ETag: 0x8D36AC887EFBA2F
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 56e459b1-f01e-010c-2097-a0e32f000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp03328940.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21791
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: e/iLPKIOtx7UU6M2GQjgEA==
    Last-Modified: Fri, 22 Apr 2016 16:09:50 GMT
    ETag: 0x8D36AC8883A8134
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: bab20722-a01e-0046-4c1d-22b4c2000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp03328951.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 19893
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 75y4vfvAjwO+9RmtZrpkLw==
    Last-Modified: Fri, 22 Apr 2016 16:09:50 GMT
    ETag: 0x8D36AC8888436CF
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: f60ed86d-c01e-00fc-3b97-a05bd3000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0403392901.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1766185
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: go+WAx9Av468teUqrut+TA==
    Last-Modified: Wed, 29 Aug 2018 18:21:39 GMT
    ETag: 0x8D60DDC4354B7FB
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: a3240f77-901e-0000-474a-3a8045000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp03328972.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21111
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 0wrSbbtt7KT90pT0jtrVXQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:51 GMT
    ETag: 0x8D36AC888CEAFBE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 477f7fba-801e-00a0-169e-b90e8b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0403392501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1310275
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: nJ9JpHIiwYAlzCVXUzepZQ==
    Last-Modified: Wed, 29 Aug 2018 18:17:15 GMT
    ETag: 0x8D60DDBA5EDDA1A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: ef258b2c-c01e-001b-4d97-a016fb000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp03328975.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22594
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 7gEpx8waySu8PWyw9lP8rg==
    Last-Modified: Fri, 22 Apr 2016 16:09:51 GMT
    ETag: 0x8D36AC889183E51
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: a209c062-f01e-003c-4097-a0a3ed000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392301.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0403392301.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 2058715
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: pt4gugbNfIqrmPjAO71J9w==
    Last-Modified: Wed, 29 Aug 2018 18:20:34 GMT
    ETag: 0x8D60DDC1C7FD7C3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: be228df2-001e-0049-2a97-a00b09000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp03328986.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 22340
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: iyn6tQb9ZcIcnNb+a7vBRg==
    Last-Modified: Fri, 22 Apr 2016 16:09:52 GMT
    ETag: 0x8D36AC889AD573C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 0b4615e6-601e-0004-20d7-c70d42000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1640137501.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp1640137501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 2148753
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: Rm5YUeYBzvpfhGgQERZe0A==
    Last-Modified: Thu, 11 May 2017 00:47:27 GMT
    ETag: 0x8D498074C08D1CD
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6ed9573b-301e-00c2-6d97-a0b0d7000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp03328983.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21875
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 5TIDh2JQP/oTcd8D+i4iLQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:52 GMT
    ETag: 0x8D36AC88963C8B3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 20402454-101e-012b-7297-a0f4eb000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0403392701.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 2527736
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 8laspQm0xsAUTSeMcDawqA==
    Last-Modified: Wed, 29 Aug 2018 18:18:47 GMT
    ETag: 0x8D60DDBDD02F94A
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 0e86dec0-501e-00d1-55b9-b9e8a0000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp03328990.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 19288
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: uab/cVcZ7p3hZCGrmDynRQ==
    Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
    ETag: 0x8D36AC88A1DF716
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6d182899-901e-0083-4897-a09448000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp03328998.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 21357
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: l/W3t+nhKBmZRopcQssS5w==
    Last-Modified: Fri, 22 Apr 2016 16:09:53 GMT
    ETag: 0x8D36AC88A7F05EE
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d5cd4d7a-901e-011a-2b97-a015f8000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0345744402.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 295527
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: mgcDXvgCv4n27SVNDbAqsA==
    Last-Modified: Wed, 29 Aug 2018 21:59:16 GMT
    ETag: 0x8D60DFAA9CC48C3
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: ea01ec0c-b01e-0110-4a97-a048da000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:34 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345745202.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0345745202.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 2887155
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 13UUMtmJN4/xByvmXYdyVg==
    Last-Modified: Fri, 10 May 2019 01:12:50 GMT
    ETag: 0x8D6D4E49EEF1189
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 3aee0210-001e-00ae-2d3c-b9273b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0345746401.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 276650
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: hNjzhI50JMvjgB+VcOBQGA==
    Last-Modified: Wed, 29 Aug 2018 18:16:15 GMT
    ETag: 0x8D60DDB824A3C69
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: c6460182-001e-00a7-1a97-a0018a000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0345747501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 271273
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: IUN4l8m4isLLK7L++SLRkQ==
    Last-Modified: Wed, 29 Aug 2018 18:16:49 GMT
    ETag: 0x8D60DDB967B9FA5
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: dacba5b7-401e-0105-2397-a08a43000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:36 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0345749101.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 261258
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: ZYKNx76Loc5hrXFCJSrMVA==
    Last-Modified: Wed, 29 Aug 2018 18:23:58 GMT
    ETag: 0x8D60DDC968C4F0E
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 02d4ae31-901e-0135-6fd0-ae1833000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:36 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0345750301.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 640684
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: +TNk7sbE/6V2jeVFosNPBw==
    Last-Modified: Wed, 29 Aug 2018 18:15:13 GMT
    ETag: 0x8D60DDB5D624CF0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 7adc3bba-701e-004d-4a96-8afe8b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:38 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0345749601.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 550906
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: HBIxXIYqdFpkfa1UbrQmfg==
    Last-Modified: Wed, 29 Aug 2018 18:21:00 GMT
    ETag: 0x8D60DDC2BE7DF3C
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 0414ccae-601e-0011-165a-b9109e000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0345751001.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1065873
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 4RAcym4/7bKLV69MQbUNNw==
    Last-Modified: Wed, 29 Aug 2018 18:15:37 GMT
    ETag: 0x8D60DDB6BA6E455
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 9ae00d4d-001e-0028-7797-a0eb82000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0345751501.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 222992
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: Jr6rnM6v5Pvwt8A2JoGp0g==
    Last-Modified: Wed, 29 Aug 2018 18:20:50 GMT
    ETag: 0x8D60DDC26100537
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6efd7f9e-101e-00b2-2f97-a0755b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:40 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0403391901.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1097591
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: v5XpZ+fRzsjv5Ca8ASfT3g==
    Last-Modified: Wed, 29 Aug 2018 18:16:09 GMT
    ETag: 0x8D60DDB7EAA50F0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 4b5a1384-701e-0032-6dfb-b98a5d000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0403391701.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 698244
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 4pziZjpWoUROqjcy/7gpQA==
    Last-Modified: Wed, 29 Aug 2018 18:15:39 GMT
    ETag: 0x8D60DDB6CAEA91D
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d7c59a99-101e-0021-318b-c7a43e000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:38 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp0403392101.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 1881952
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: U8X0WyLhM7KNS9O1o1D9vQ==
    Last-Modified: Wed, 29 Aug 2018 18:19:46 GMT
    ETag: 0x8D60DDC0007D57D
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 3d2d7040-b01e-0050-5297-a02761000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:38 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp1000111403.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 953453
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: 1OrACenntkuLABroK4EC+g==
    Last-Modified: Thu, 12 Jul 2018 00:20:10 GMT
    ETag: 0x8D5E78D3A9D8C97
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 6910c7b5-e01e-00d4-5297-a03a7b000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp1000111502.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 230916
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: k/qfd5Ugqy0irE6oZLe7NA==
    Last-Modified: Thu, 12 Jul 2018 00:23:55 GMT
    ETag: 0x8D5E78DC0BDFFD8
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 2d92c9d7-101e-00de-2910-1668c0000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:37 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-gb
    GET
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1640137101.cab
    POWERPNT.EXE
    Remote address:
    184.50.113.73:443
    Request
    GET /support/templates/en-us/tp1640137101.cab HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip
    User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.12527; Pro)
    X-IDCRL_ACCEPTED: t
    X-Office-Version: 16.0.12527
    X-Office-Application: 3
    X-Office-Platform: Win32
    X-Office-AudienceGroup: Production
    X-Office-SessionId: 684734B8-37A0-4FCC-83EE-8CC039C27D3F
    Host: binaries.templates.cdn.office.net
    Response
    HTTP/1.1 200 OK
    Content-Length: 453305
    Content-Type: application/vnd.ms-cab-compressed
    Content-MD5: Jx/5BM64tTg7Rezw2mqSOA==
    Last-Modified: Fri, 12 May 2017 00:30:55 GMT
    ETag: 0x8D498CE277C1E74
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: f2e24a3b-801e-015b-1997-a04d1c000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Thu, 12 Dec 2024 15:03:35 GMT
    Connection: keep-alive
    Access-Control-Allow-Headers: *
    Vary: Origin
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Methods: GET,POST,OPTIONS
    Access-Control-Allow-Origin: *
  • flag-us
    DNS
    11.195.100.95.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.195.100.95.in-addr.arpa
    IN PTR
    Response
    11.195.100.95.in-addr.arpa
    IN PTR
    a95-100-195-11deploystaticakamaitechnologiescom
  • flag-us
    DNS
    11.195.100.95.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.195.100.95.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    11.195.100.95.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.195.100.95.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    73.113.50.184.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.113.50.184.in-addr.arpa
    IN PTR
    Response
    73.113.50.184.in-addr.arpa
    IN PTR
    a184-50-113-73deploystaticakamaitechnologiescom
  • flag-us
    DNS
    73.113.50.184.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.113.50.184.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    73.113.50.184.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.113.50.184.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    56.163.245.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.163.245.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    30.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    30.243.111.52.in-addr.arpa
    IN PTR
    Response
  • 52.109.89.19:443
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    tls, http
    POWERPNT.EXE
    1.8kB
    8.2kB
    12
    11

    HTTP Request

    POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

    HTTP Response

    200
  • 95.100.195.11:443
    https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=3&ver=16&tl=2&build=16.0.12527&gtype=0%2C2%2C
    tls, http
    POWERPNT.EXE
    1.3kB
    5.9kB
    10
    11

    HTTP Request

    GET https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=3&ver=16&tl=2&build=16.0.12527&gtype=0%2C2%2C

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0283634201.cab
    tls, http
    POWERPNT.EXE
    70.6kB
    1.7MB
    1059
    1203

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0283634201.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0290068801.cab
    tls, http
    POWERPNT.EXE
    24.5kB
    508.1kB
    347
    370

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0290068801.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0289231501.cab
    tls, http
    POWERPNT.EXE
    24.2kB
    517.2kB
    348
    377

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0289231501.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0290072001.cab
    tls, http
    POWERPNT.EXE
    80.4kB
    2.8MB
    1435
    2045

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0290072001.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0290072202.cab
    tls, http
    POWERPNT.EXE
    59.7kB
    1.4MB
    919
    1039

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0290072202.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0290076901.cab
    tls, http
    POWERPNT.EXE
    49.7kB
    1.1MB
    728
    816

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0290076901.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0290074301.cab
    tls, http
    POWERPNT.EXE
    187.6kB
    8.4MB
    3575
    6054

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0290074301.cab

    HTTP Response

    200
  • 184.50.113.73:443
    binaries.templates.cdn.office.net
    tls
    POWERPNT.EXE
    15.4kB
    323.6kB
    218
    238
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab
    tls, http
    POWERPNT.EXE
    1.9kB
    32.0kB
    24
    29

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328884.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab
    tls, http
    POWERPNT.EXE
    26.7kB
    751.4kB
    432
    544

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0309043402.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab
    tls, http
    POWERPNT.EXE
    1.7kB
    26.0kB
    20
    25

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328893.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab
    tls, http
    POWERPNT.EXE
    1.8kB
    27.8kB
    22
    27

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328905.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab
    tls, http
    POWERPNT.EXE
    2.6kB
    37.1kB
    31
    32

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328908.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab
    tls, http
    POWERPNT.EXE
    2.2kB
    27.9kB
    26
    26

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328919.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab
    tls, http
    POWERPNT.EXE
    2.0kB
    33.9kB
    25
    32

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328916.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab
    tls, http
    POWERPNT.EXE
    127.7kB
    3.4MB
    1994
    2439

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328925.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403393701.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab
    tls, http
    POWERPNT.EXE
    2.1kB
    26.3kB
    25
    25

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328932.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab
    tls, http
    POWERPNT.EXE
    2.1kB
    29.4kB
    25
    27

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328935.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab
    tls, http
    POWERPNT.EXE
    1.9kB
    29.2kB
    23
    28

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328940.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab
    tls, http
    POWERPNT.EXE
    55.8kB
    1.8MB
    953
    1332

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328951.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392901.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab
    tls, http
    POWERPNT.EXE
    54.3kB
    1.4MB
    874
    998

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328972.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392501.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392301.cab
    tls, http
    POWERPNT.EXE
    66.0kB
    2.2MB
    1150
    1553

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328975.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392301.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1640137501.cab
    tls, http
    POWERPNT.EXE
    75.4kB
    2.2MB
    1265
    1618

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328986.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1640137501.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab
    tls, http
    POWERPNT.EXE
    78.4kB
    2.6MB
    1384
    1898

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328983.cab

    HTTP Response

    200

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392701.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab
    tls, http
    POWERPNT.EXE
    1.6kB
    26.0kB
    18
    25

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328990.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab
    tls, http
    POWERPNT.EXE
    1.6kB
    27.1kB
    18
    26

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp03328998.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab
    tls, http
    POWERPNT.EXE
    14.0kB
    313.8kB
    211
    231

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345744402.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345745202.cab
    tls, http
    POWERPNT.EXE
    90.4kB
    3.0MB
    1590
    2144

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345745202.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab
    tls, http
    POWERPNT.EXE
    12.1kB
    290.5kB
    188
    214

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345746401.cab

    HTTP Response

    200
  • 184.50.113.73:443
    binaries.templates.cdn.office.net
    tls
    POWERPNT.EXE
    1.3kB
    9.2kB
    16
    12
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab
    tls, http
    POWERPNT.EXE
    12.9kB
    287.0kB
    181
    213

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345747501.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab
    tls, http
    POWERPNT.EXE
    12.5kB
    277.4kB
    189
    205

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749101.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab
    tls, http
    POWERPNT.EXE
    18.0kB
    670.3kB
    305
    488

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345750301.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab
    tls, http
    POWERPNT.EXE
    23.7kB
    574.1kB
    366
    419

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345749601.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab
    tls, http
    POWERPNT.EXE
    50.0kB
    1.1MB
    733
    801

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751001.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab
    tls, http
    POWERPNT.EXE
    5.4kB
    235.2kB
    95
    176

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0345751501.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab
    tls, http
    POWERPNT.EXE
    43.3kB
    1.1MB
    715
    823

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391901.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab
    tls, http
    POWERPNT.EXE
    23.5kB
    727.0kB
    370
    531

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403391701.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab
    tls, http
    POWERPNT.EXE
    58.9kB
    1.9MB
    1064
    1409

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp0403392101.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab
    tls, http
    POWERPNT.EXE
    37.2kB
    988.9kB
    605
    715

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111403.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab
    tls, http
    POWERPNT.EXE
    5.9kB
    244.5kB
    100
    183

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1000111502.cab

    HTTP Response

    200
  • 184.50.113.73:443
    https://binaries.templates.cdn.office.net/support/templates/en-us/tp1640137101.cab
    tls, http
    POWERPNT.EXE
    22.6kB
    473.2kB
    345
    347

    HTTP Request

    GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp1640137101.cab

    HTTP Response

    200
  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    roaming.officeapps.live.com
    dns
    POWERPNT.EXE
    73 B
    247 B
    1
    1

    DNS Request

    roaming.officeapps.live.com

    DNS Response

    52.109.89.19

  • 8.8.8.8:53
    68.32.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    68.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    19.89.109.52.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    19.89.109.52.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    105.193.132.51.in-addr.arpa
    dns
    73 B
    159 B
    1
    1

    DNS Request

    105.193.132.51.in-addr.arpa

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    metadata.templates.cdn.office.net
    dns
    POWERPNT.EXE
    79 B
    231 B
    1
    1

    DNS Request

    metadata.templates.cdn.office.net

    DNS Response

    95.100.195.11
    95.100.195.47

  • 8.8.8.8:53
    binaries.templates.cdn.office.net
    dns
    POWERPNT.EXE
    79 B
    202 B
    1
    1

    DNS Request

    binaries.templates.cdn.office.net

    DNS Response

    184.50.113.73
    184.50.113.32

  • 8.8.8.8:53
    11.195.100.95.in-addr.arpa
    dns
    216 B
    137 B
    3
    1

    DNS Request

    11.195.100.95.in-addr.arpa

    DNS Request

    11.195.100.95.in-addr.arpa

    DNS Request

    11.195.100.95.in-addr.arpa

  • 8.8.8.8:53
    73.113.50.184.in-addr.arpa
    dns
    216 B
    137 B
    3
    1

    DNS Request

    73.113.50.184.in-addr.arpa

    DNS Request

    73.113.50.184.in-addr.arpa

    DNS Request

    73.113.50.184.in-addr.arpa

  • 8.8.8.8:53
    56.163.245.4.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    56.163.245.4.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    30.243.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    30.243.111.52.in-addr.arpa

  • 8.8.8.8:53

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\@B621.tmp

    Filesize

    4KB

    MD5

    683f1f1e72a9fd91018e379b0f45c646

    SHA1

    e715798afee630bca17bd35e382626399e608788

    SHA256

    0770043fa8f879787c32f97e915295320738b28dc5c7a07a033df6d9ac5b4e50

    SHA512

    490a8fcc256fb97bdaf0ef7a243998338b3796db448874ed85613a087e16a9e1b0105af3deb57e18db253e550e5c8a0fd02dba1e52f4959937ffb6c587e3b8f5

  • C:\Users\Admin\AppData\Local\Temp\Cidade dos anjos.pps

    Filesize

    135KB

    MD5

    0a14b8ccf3374fb94c2bde7438cedc94

    SHA1

    40704ffc1f37cc819b32dbfa9360ba8b1a694eb4

    SHA256

    78a070c66b86759cb46db93ad6bfff5518a2435ce5fd0695e2130a8b9a049f39

    SHA512

    319b63a8171f073e32b65498584218e736264af03128a6cb1d5ff2ef2a89b67478cb6d3822b17b42397437e033ae4b984f24ce156e9fff23c4b064b9f2807801

  • C:\Windows\SysWOW64\iexplore.001

    Filesize

    2KB

    MD5

    c960dc2c2ee28c2cd292445bb603dda9

    SHA1

    a736c2b77ef13a059d87158e07d89f46e9ab988e

    SHA256

    a43d34f1374c8d6b0e5ff04711a9cdfe38714147e75ffaa85a19c73e897652fd

    SHA512

    97b5e686557d4dee78c824bbe642c4b6e08db807dfb892c76ddd42c978fcbba4c390745ebf70e9858afbc3e59f3df07f976d61e76e7d43496fb6152f0b174f97

  • C:\Windows\SysWOW64\iexplore.006

    Filesize

    5KB

    MD5

    b8e130b146557e640cb3e198f3d9110e

    SHA1

    c1cbebfce4e3af8ced7d1019586e91c371432d78

    SHA256

    3dbca63a39382e4c25d0b02e668ba72c5c81071bb62937ec939325f1f89926a1

    SHA512

    bc858367e64188c3a365fff4c7986e86d6d666651b2421e3b96fe06836aede073f2228349f66f1836e6ef98bb8e5120354c54a0fb13059e5b875bbf34ed7868f

  • C:\Windows\SysWOW64\iexplore.007

    Filesize

    4KB

    MD5

    097c525e86f64364479227f1603a0221

    SHA1

    c84897900f59cbff5f607368ceba93bfc5273998

    SHA256

    1b62745c0181f36b7c0227225da12c0d357fd6f14ff8a0ea8484fd4a9c6bf766

    SHA512

    b52b9d51c3bb50fab292c8bf13d2d87694391481742830c266f4512b2e33a16b852cdbf3faea7f5945b60415a12d1d6a0e9319500cb769b12e0a03357f66ef12

  • C:\Windows\SysWOW64\iexplore.exe

    Filesize

    295KB

    MD5

    2b8def730c5bab9d9b58e117af9fb84a

    SHA1

    090c2c4f0309895bad639ba1c0af21d1eb70d987

    SHA256

    759f339edba9126cd77ee621e6852f281b9a3190bc4aa17711164bac5ece41a7

    SHA512

    809aa7300e4bef33489f4166fd5b8245a9b9523c9fd908a37b51a0384966f8f036ac09fbca3730bb04b98ff976c17380ddc4c2ed75dbda51350f049b3d0bf48a

  • memory/1760-33-0x00007FFA3F4F0000-0x00007FFA3F6E5000-memory.dmp

    Filesize

    2.0MB

  • memory/1760-35-0x00007FFA3F4F0000-0x00007FFA3F6E5000-memory.dmp

    Filesize

    2.0MB

  • memory/1760-24-0x00007FF9FF570000-0x00007FF9FF580000-memory.dmp

    Filesize

    64KB

  • memory/1760-27-0x00007FF9FF570000-0x00007FF9FF580000-memory.dmp

    Filesize

    64KB

  • memory/1760-28-0x00007FFA3F4F0000-0x00007FFA3F6E5000-memory.dmp

    Filesize

    2.0MB

  • memory/1760-29-0x00007FFA3F4F0000-0x00007FFA3F6E5000-memory.dmp

    Filesize

    2.0MB

  • memory/1760-25-0x00007FF9FF570000-0x00007FF9FF580000-memory.dmp

    Filesize

    64KB

  • memory/1760-23-0x00007FFA3F58D000-0x00007FFA3F58E000-memory.dmp

    Filesize

    4KB

  • memory/1760-34-0x00007FFA3F4F0000-0x00007FFA3F6E5000-memory.dmp

    Filesize

    2.0MB

  • memory/1760-26-0x00007FF9FF570000-0x00007FF9FF580000-memory.dmp

    Filesize

    64KB

  • memory/1760-36-0x00007FF9FCEE0000-0x00007FF9FCEF0000-memory.dmp

    Filesize

    64KB

  • memory/1760-22-0x00007FF9FF570000-0x00007FF9FF580000-memory.dmp

    Filesize

    64KB

  • memory/1760-40-0x00007FF9FCEE0000-0x00007FF9FCEF0000-memory.dmp

    Filesize

    64KB

  • memory/1760-60-0x00007FFA3F4F0000-0x00007FFA3F6E5000-memory.dmp

    Filesize

    2.0MB

  • memory/1760-59-0x00007FFA3F58D000-0x00007FFA3F58E000-memory.dmp

    Filesize

    4KB

  • memory/1760-58-0x00007FFA3F4F0000-0x00007FFA3F6E5000-memory.dmp

    Filesize

    2.0MB

  • memory/2804-57-0x0000000000600000-0x0000000000601000-memory.dmp

    Filesize

    4KB

  • memory/2804-21-0x0000000000600000-0x0000000000601000-memory.dmp

    Filesize

    4KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.