Windows Analysis Report
https://gcv.microsoft.us/kgRWagmalJ

Overview

General Information

Sample URL: https://gcv.microsoft.us/kgRWagmalJ
Analysis ID: 1417061
Infos:

Detection

Score: 56
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
HTTP GET or POST without a user agent
Stores files to the Windows start menu directory

Classification

AV Detection
barindex
Antivirus detection for URL or domain
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html Avira URL Cloud: Label: phishing
Multi AV Scanner detection for domain / URL
Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8 Virustotal: Detection: 19% Perma Link
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49752 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.17:49756 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.17:49757 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.190.194:443 -> 192.168.2.17:49758 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49759 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49765 version: TLS 1.2
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.190.194
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.190.194
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.190.194
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.190.194
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.190.194
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.190.194
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.190.194
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 13.107.5.88
Source: global traffic HTTP traffic detected: GET /kgRWagmalJ HTTP/1.1Host: gcv.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7D HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /css/dist/cv-response-page.min.css?v=b3c1eb4c85&ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /Scripts/dists/ls-pro.en-us.18e0edc91.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://customervoice.microsoft.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /FormsPro/Scripts/Vendors/combined/basics_osi_v5_j3_3997ff6.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://customervoice.microsoft.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /FormsPro/Scripts/Vendors/combined/response_v2_5234a19.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /Scripts/dists/response-page-pro.cachegroup-nerve.min.js?v=b3c1eb4c85&ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://customervoice.microsoft.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /Scripts/dists/response-page-pro.min.js?v=b3c1eb4c85&ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://customervoice.microsoft.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$expand=questions($expand=choices) HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-UserSessionId: a3919d51-85c1-4c51-9e9d-a7542e522dd0x-ms-form-request-ring: formsprogccsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonContextParams: {"First Name":"Chez "}__RequestVerificationToken: SIHUJP0J4jcJ9nI2RIqeMfX9-76tZexD-QfhSpl_0t2pxrn7apZX__XC5CfYVOTLLAY9MTwqW0ARoD2B7IxYziWSRm7Q0qghvZFzYscuh8c1sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.1ds.323a60b.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$expand=questions($expand=choices) HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.utel.c1af5df.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.postsubmit.b7eca17.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.quiz.6dc4e0a.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /cdn/scripts/dists/telemetry-worker.1.js HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /Pages/ResponsePage.aspx/GetResourceStrings HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /FormsPro/Images/CustomerVoice/CustomerVoice.ico HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.638.3250f1d.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.vendors.e0d6b00.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /FormsPro/Images/CustomerVoice/CustomerVoice.ico HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$select=id,customCssFileName,customCSSInLineHeaderToggle,footerText HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-CorrelationId: c88ce182-a2e1-44cb-8902-572760b072bdX-UserSessionId: a3919d51-85c1-4c51-9e9d-a7542e522dd0x-ms-form-request-ring: formsprogccsec-ch-ua-mobile: ?0Authorization: OData-MaxVersion: 4.0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: application/jsonContextParams: {"First Name":"Chez "}__RequestVerificationToken: SIHUJP0J4jcJ9nI2RIqeMfX9-76tZexD-QfhSpl_0t2pxrn7apZX__XC5CfYVOTLLAY9MTwqW0ARoD2B7IxYziWSRm7Q0qghvZFzYscuh8c1x-ms-form-request-source: ms-formwebsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$select=id,customCssFileName,customCSSInLineHeaderToggle,footerText HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /formapi/api/privacy?ownerTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&currentUserTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&isAnonymous=true HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-CorrelationId: d76d5655-a51f-4ca6-b68d-555bd3ba18dbX-UserSessionId: a3919d51-85c1-4c51-9e9d-a7542e522dd0x-ms-form-request-ring: formsprogccsec-ch-ua-mobile: ?0Authorization: OData-MaxVersion: 4.0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: application/jsonContextParams: {"First Name":"Chez "}__RequestVerificationToken: SIHUJP0J4jcJ9nI2RIqeMfX9-76tZexD-QfhSpl_0t2pxrn7apZX__XC5CfYVOTLLAY9MTwqW0ARoD2B7IxYziWSRm7Q0qghvZFzYscuh8c1x-ms-form-request-source: ms-formwebsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.cvheadertheme.ce22c68.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.cvtitlerender.65b951b.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /formapi/api/privacy?ownerTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&currentUserTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&isAnonymous=true HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oKH7AKaDOEfh6P5&MD=PlelZS9N HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 60X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAW3qyTdwQuptWR9Ey%2B4YsPQCwEgYbIhQ5k%2BuSZMHY2RAPXgrB9S2QxDZ8JdvVzuO3U9YAQiTv7GSi2wL9GsIqgnhvhB3obPDRIz5FzmusEo0JzTqouYgoWI6ChC96B9lPF/CWvjDik/4T5gF8NkaJg7HcCap4YDmcojPWMPPQM6gE5ZM2cfQnrDQ1AOuB8wJmVokZ2be5EksJZ%2BFtY/7AkZFm9JN2wEvZ/XqIUHtTSBpMLDwp6htEB5Og0eEO2b5wVaEV0JeY%2BHYZ%2BCzZbxfaSFnsYALo9NGT/VQmtWM7KD7HLPZvjSo/HMhCaNK7YNpbamGF1txFr/LoBYEYD5HiYUDZgAACOJrP89Dvnm5qAG3orzwOexsxXp39x2y9YU6Voww%2BWWDmGNbG9gXRZUKQ6CPt3yNUSStKuvrX6P3nBsiVVydmlauGRm%2Bd4V0ptF8bijXl6doHUNgdSfa9tmZdxZOJVpIl/%2BlWoNJFD/waVHfrm4P2U8UX7l6QWd1fFIglHFyyv6X2DdQe12Mbs0H3H9KuTryHCEiVy31PBPz1ttpBqU4JnrI0cVPe4meYPrCbFm/s1HKyMgbICLeMI3g3%2Bv8Ad4oql2iqiWjojiMfM1JKuo6879mgMUE8REyE6inyzgZVTNvJZTgdz5hjqvepIk/89U8wyf6hrybnEHlF2WL02xZlDvN3/SzppJJVizO0oEDQ7QIHug4YgqQkwuJsxEwrHYdNdlba/x2bLuCBmCoe12NzYOarwhrffx8k8VmUtmcK/RZ4DGGJMArwmLnzpgbZmH0IEHMOPRl43ojFVnqD1ulXId/I1T8wdUwJi24%2BNu1J1dy6rcmujvdOadLzXgZNxHefmpA3V6Id3DqxTW4nKl9znii3r92O7e1KHucBwN6K4Xeja%2BdIDDyj6UoIfeJfXxwYWV72QE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1711635269User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 78167B19EE174DA3B1267413266BEA7DX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=oKH7AKaDOEfh6P5&MD=PlelZS9N HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: unknown DNS traffic detected: queries for: gcv.microsoft.us
Source: unknown HTTP traffic detected: POST /Pages/ResponsePage.aspx/GetResourceStrings HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-CorrelationId: 611afbb5-1c7d-470e-9ee4-455f6159fddcX-UserSessionId: a3919d51-85c1-4c51-9e9d-a7542e522dd0sec-ch-ua-mobile: ?0formspro: enabledUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36content-type: application/json; charset=utf-8x-ms-form-request-source: ms-formwebsec-ch-ua-platform: "Windows"Accept: */*Origin: https://customervoice.microsoft.usSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=CsL4gIEyrRuS-lA64R7DtqSADpEucloklHmtq68INfX6k8Tqg6----g6o1afhEY3GCPtfcu_nc1O8UOEWxBnq3m4nHgT3zAxf557BkTp4Yk1
Source: chromecache_96.1.dr String found in binary or memory: http://amsul.ca
Source: chromecache_96.1.dr String found in binary or memory: http://amsul.github.io/pickadate.js
Source: chromecache_96.1.dr String found in binary or memory: http://amsul.github.io/pickadate.js/date.htm
Source: chromecache_97.1.dr String found in binary or memory: http://api.jqueryui.com/category/ui-core/
Source: chromecache_97.1.dr String found in binary or memory: http://jquery.org/license
Source: chromecache_97.1.dr String found in binary or memory: http://jqueryui.com
Source: chromecache_90.1.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_115.1.dr String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.cachegroup-nerve.min.js
Source: chromecache_116.1.dr String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.1ds.323a60b.js.ma
Source: chromecache_99.1.dr String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.638.3250f1d.js.ma
Source: chromecache_101.1.dr String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.cvheadertheme.ce2
Source: chromecache_112.1.dr String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.cvtitlerender.65b
Source: chromecache_93.1.dr String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.postsubmit.b7eca1
Source: chromecache_106.1.dr String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.quiz.6dc4e0a.js.m
Source: chromecache_102.1.dr String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.utel.c1af5df.js.m
Source: chromecache_91.1.dr String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.vendors.e0d6b00.j
Source: chromecache_97.1.dr String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.min.js.map/72d2a4ad6536
Source: chromecache_92.1.dr String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/telemetry-worker.1.js.map/2fc1de80443abf8
Source: chromecache_87.1.dr, chromecache_111.1.dr String found in binary or memory: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8
Source: chromecache_90.1.dr String found in binary or memory: https://fb.me/react-polyfills
Source: chromecache_87.1.dr, chromecache_111.1.dr String found in binary or memory: https://gcv.microsoft.us/JWWGOUYU5N
Source: chromecache_108.1.dr String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_108.1.dr String found in binary or memory: https://getbootstrap.com/docs/3.4/customize/)
Source: chromecache_96.1.dr String found in binary or memory: https://github.com/SoapBox/linkifyjs
Source: chromecache_108.1.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_99.1.dr String found in binary or memory: https://jquery.com/
Source: chromecache_99.1.dr String found in binary or memory: https://jquery.org/license
Source: chromecache_99.1.dr String found in binary or memory: https://js.foundation/
Source: chromecache_111.1.dr String found in binary or memory: https://lists.gcc.osi.office365.us/Images/f8c813f9-acbb-4b18-bb10-10729643538d/1b5da865-0b25-4d96-82
Source: chromecache_87.1.dr, chromecache_111.1.dr String found in binary or memory: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html
Source: chromecache_97.1.dr String found in binary or memory: https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
Source: chromecache_90.1.dr String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: chromecache_99.1.dr String found in binary or memory: https://sizzlejs.com/
Source: chromecache_90.1.dr String found in binary or memory: https://underscorejs.org
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49752 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.17:49756 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.17:49757 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.190.194:443 -> 192.168.2.17:49758 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49759 version: TLS 1.2
Source: unknown HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.17:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49765 version: TLS 1.2
Source: classification engine Classification label: mal56.win@14/62@12/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcv.microsoft.us/kgRWagmalJ
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1912,i,12631141012789215718,17048731869604151303,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1912,i,12631141012789215718,17048731869604151303,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: chromecache_108.1.dr Binary or memory string: '}.ms-Icon--ConnectVirtualMachine::before{content:'
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1417061 URL: https://gcv.microsoft.us/kg... Startdate: 28/03/2024 Architecture: WINDOWS Score: 56 22 Multi AV Scanner detection for domain / URL 2->22 24 Antivirus detection for URL or domain 2->24 6 chrome.exe 9 2->6         started        process3 dnsIp4 12 192.168.2.17, 138, 443, 49690 unknown unknown 6->12 14 239.255.255.250 unknown Reserved 6->14 9 chrome.exe 6->9         started        process5 dnsIp6 16 eafd-3p-profile.usgovtrafficmanager.net 20.140.48.70, 443, 49702, 49703 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 9->16 18 osiusgcc-usge-teal-001.usgovvirginia.cloudapp.usgovcloudapi.net 52.127.240.65, 443, 49704, 49705 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 9->18 20 7 other IPs or domains 9->20
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
20.140.48.70
 eafd-3p-profile.usgovtrafficmanager.net United States
8070 MICROSOFT-CORP-MSN-AS-BLOCKUS false
52.127.240.65
 osiusgcc-usge-teal-001.usgovvirginia.cloudapp.usgovcloudapi.net United States
8070 MICROSOFT-CORP-MSN-AS-BLOCKUS false
239.255.255.250
 unknown Reserved
unknown unknown false
172.253.62.105
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.17

Contacted Domains

Name IP Active
eafd-3p-profile.usgovtrafficmanager.net 20.140.48.70 true
osiusgcc-usge-teal-001.usgovvirginia.cloudapp.usgovcloudapi.net 52.127.240.65 true
www.google.com 172.253.62.105 true
customervoice.microsoft.us unknown unknown
lists.gcc.osi.office365.us unknown unknown
gcv.microsoft.us unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.1ds.323a60b.js?ring=UsGovGccProduction false
  • Avira URL Cloud: safe
 unknown
https://customervoice.microsoft.us/cdn/scripts/dists/telemetry-worker.1.js false
  • Avira URL Cloud: safe
 unknown
https://gcv.microsoft.us/kgRWagmalJ false
    		unknown
    https://customervoice.microsoft.us/Pages/ResponsePage.aspx/GetResourceStrings false
    • Avira URL Cloud: safe
    		 unknown
    https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7D false
      		unknown
      https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.postsubmit.b7eca17.js?ring=UsGovGccProduction false
      • Avira URL Cloud: safe
      		 unknown
      https://customervoice.microsoft.us/Scripts/dists/ls-pro.en-us.18e0edc91.js?ring=UsGovGccProduction false
      • Avira URL Cloud: safe
      		 unknown
      https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.quiz.6dc4e0a.js?ring=UsGovGccProduction false
      • Avira URL Cloud: safe
      		 unknown
      https://customervoice.microsoft.us/FormsPro/Scripts/Vendors/combined/basics_osi_v5_j3_3997ff6.js?ring=UsGovGccProduction false
      • Avira URL Cloud: safe
      		 unknown
      https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.638.3250f1d.js?ring=UsGovGccProduction false
      • Avira URL Cloud: safe
      		 unknown
      https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.cvheadertheme.ce22c68.js?ring=UsGovGccProduction false
      • Avira URL Cloud: safe
      		 unknown
      https://customervoice.microsoft.us/css/dist/cv-response-page.min.css?v=b3c1eb4c85&ring=UsGovGccProduction false
      • Avira URL Cloud: safe
      		 unknown
      https://customervoice.microsoft.us/FormsPro/Scripts/Vendors/combined/response_v2_5234a19.js?ring=UsGovGccProduction false
      • Avira URL Cloud: safe
      		 unknown
      https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.utel.c1af5df.js?ring=UsGovGccProduction false
      • Avira URL Cloud: safe
      		 unknown
      https://customervoice.microsoft.us/formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$select=id,customCssFileName,customCSSInLineHeaderToggle,footerText false
      • Avira URL Cloud: safe
      		 unknown
      https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.cvtitlerender.65b951b.js?ring=UsGovGccProduction false
      • Avira URL Cloud: safe
      		 unknown
      https://customervoice.microsoft.us/Scripts/dists/response-page-pro.cachegroup-nerve.min.js?v=b3c1eb4c85&ring=UsGovGccProduction false
      • Avira URL Cloud: safe
      		 unknown
      https://customervoice.microsoft.us/formapi/api/privacy?ownerTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&currentUserTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&isAnonymous=true false
      • Avira URL Cloud: safe
      		 unknown
      https://customervoice.microsoft.us/FormsPro/Images/CustomerVoice/CustomerVoice.ico false
      • Avira URL Cloud: safe
      		 unknown
      https://customervoice.microsoft.us/Scripts/dists/response-page-pro.min.js?v=b3c1eb4c85&ring=UsGovGccProduction false
      • Avira URL Cloud: safe
      		 unknown
      https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.vendors.e0d6b00.js?ring=UsGovGccProduction false
      • Avira URL Cloud: safe
      		 unknown