Windows Analysis Report
https://gcv.microsoft.us/kgRWagmalJ

Overview

General Information

Sample URL:	https://gcv.microsoft.us/kgRWagmalJ
Analysis ID:	1417063
Infos:

Detection

HtmlDropper, HTMLPhisher

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Phishing site detected (based on favicon image match)

Yara detected Html Dropper

Yara detected HtmlPhish10

Phishing site detected (based on image similarity)

Phishing site or detected (based on various text indicators)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML body with high number of embedded images detected

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Invalid 'forgot password' link found

Stores files to the Windows start menu directory

Classification

Signatures

AV Detection

Antivirus detection for URL or domain

Source: https://cloudflare-ipfs.com/favicon.ico

Avira URL Cloud: Label: phishing

Multi AV Scanner detection for domain / URL

Source: cloudflare-ipfs.com	Virustotal: Detection: 13%	Perma Link
Source: https://cloudflare-ipfs.com/favicon.ico	Virustotal: Detection: 16%	Perma Link
Source: https://eu.starton-ipfs.com/ipfs//bafkreibb3ns2kx3hqnpsq4g5yizug65kyll3jxnubjzp2jcwt56kwwdo3a	Virustotal: Detection: 6%	Perma Link

Phishing

Phishing site detected (based on favicon image match)

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Source: Yara match

File source: 1.4.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 2.3

OCR Text: Adolw Shared File Welcome to Adobe Shared File Your Contact has shared a file with you. Save your files to PDF and get them from any device, anywhere Select any of the options below to view and download the file Login with Login with with Office365 Outlook Other Office365, Outlook SharePoint Skype. OneNote, krd, Excel are trademarks of Microsoft All rights reserved Microsoft 2023.

HTML body contains low number of good links

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8	HTTP Parser: Number of links: 0
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8	HTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: <input type="password" .../> found but no <form action="...

HTML body with high number of embedded images detected

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8

HTTP Parser: Total embedded image size: 31111

HTML page contains hidden URLs or javascript code

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8

HTTP Parser: Base64 decoded: https://53northaviations.com/we5ijvc2/e154491.php

HTML title does not match URL

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8	HTTP Parser: Title: Sign in to Best Productivity Provider! does not match URL
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: Title: Adobe&Businessing does not match URL

Invalid 'forgot password' link found

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8

HTTP Parser: Invalid link: Forgot my password

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8	HTTP Parser: <input type="password" .../> found
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: <input type="password" .../> found

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8	HTTP Parser: No favicon
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: No favicon
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: No favicon
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: No favicon

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8	HTTP Parser: No <meta name="author".. found
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: No <meta name="author".. found
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: No <meta name="author".. found
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: No <meta name="author".. found

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.151.70:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49804 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.70
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.70

Source: global traffic	HTTP traffic detected: GET /kgRWagmalJ HTTP/1.1Host: gcv.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7D HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/dist/cv-response-page.min.css?v=b3c1eb4c85&ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/ls-pro.en-us.18e0edc91.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://customervoice.microsoft.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /FormsPro/Scripts/Vendors/combined/basics_osi_v5_j3_3997ff6.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://customervoice.microsoft.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /FormsPro/Scripts/Vendors/combined/response_v2_5234a19.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.cachegroup-nerve.min.js?v=b3c1eb4c85&ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://customervoice.microsoft.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.min.js?v=b3c1eb4c85&ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://customervoice.microsoft.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$expand=questions($expand=choices) HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-UserSessionId: fe879f87-7297-4618-b97e-9ee369406328x-ms-form-request-ring: formsprogccsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonContextParams: {"First Name":"Chez "}__RequestVerificationToken: vAFhIq65AjuMRAOWYOP0ThgzxOdyPPOUl5f8aYYE8U4HeO-e0MKjZscKialrItDPaf9E9O_qTfXYIAQUS4hICV8OmSW-RUpMlmnO1Smr_3k1sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$expand=questions($expand=choices) HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.1ds.323a60b.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.utel.c1af5df.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.postsubmit.b7eca17.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.quiz.6dc4e0a.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.638.3250f1d.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Pages/ResponsePage.aspx/GetResourceStrings HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.vendors.e0d6b00.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$select=id,customCssFileName,customCSSInLineHeaderToggle,footerText HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-CorrelationId: 2849e432-921e-40cb-9b81-3b62dfb732d2X-UserSessionId: fe879f87-7297-4618-b97e-9ee369406328x-ms-form-request-ring: formsprogccsec-ch-ua-mobile: ?0Authorization: OData-MaxVersion: 4.0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: application/jsonContextParams: {"First Name":"Chez "}__RequestVerificationToken: vAFhIq65AjuMRAOWYOP0ThgzxOdyPPOUl5f8aYYE8U4HeO-e0MKjZscKialrItDPaf9E9O_qTfXYIAQUS4hICV8OmSW-RUpMlmnO1Smr_3k1x-ms-form-request-source: ms-formwebsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /cdn/scripts/dists/telemetry-worker.1.js HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /FormsPro/Images/CustomerVoice/CustomerVoice.ico HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /FormsPro/Images/CustomerVoice/CustomerVoice.ico HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/privacy?ownerTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&currentUserTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&isAnonymous=true HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-CorrelationId: 5801eb27-88c7-490a-a488-6baed75319ceX-UserSessionId: fe879f87-7297-4618-b97e-9ee369406328x-ms-form-request-ring: formsprogccsec-ch-ua-mobile: ?0Authorization: OData-MaxVersion: 4.0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: application/jsonContextParams: {"First Name":"Chez "}__RequestVerificationToken: vAFhIq65AjuMRAOWYOP0ThgzxOdyPPOUl5f8aYYE8U4HeO-e0MKjZscKialrItDPaf9E9O_qTfXYIAQUS4hICV8OmSW-RUpMlmnO1Smr_3k1x-ms-form-request-source: ms-formwebsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.cvheadertheme.ce22c68.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$select=id,customCssFileName,customCSSInLineHeaderToggle,footerText HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.cvtitlerender.65b951b.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/privacy?ownerTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&currentUserTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&isAnonymous=true HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZrrosLDHdpGBAor&MD=vLhttoZU HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 60X-DeviceID: 01000A4109009A83X-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75X-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAdByaR4dlMgw2gcO2liGGuAwC74ArGIcrvLssBttAPtXxo0UiogqzEbaFc0U6hP0y2NpK3F2%2BUJjh4I%2BsuivHP1BYtjG0XpzrvpDvgj61C8Qmj/GbXQ7zHxmpVWkyo8uOAp2tDhF6ot4FuYAbpuQ6hw3MrljcERwCu%2BEkiK894RgEBJ25NyHmL027MPez/ermYbjgfKRsGjAT5Mkqg5y1jSTcwrZ57szO7B7Un3yJ8vGu1RlzxjQfTkIBa/QpdMYdR4%2BnCcK8f6yyY4/r7c4gEkirWTw%2B0cZBCNp1hTn9WC2HYN6HnO0zdFLHwPPDbvAi7vQQlz6%2BYsNx0HLR4JkO6QDZgAACAR0roVX9vpNqAHUB1Tj75NVFw8w4zj6taoIKrSaeQas8wAxXGQ%2B7O3KZ9Kbc6ysUkI561yz3m6Vk1dip%2BLWz0lLoj6YLs4f5xOw%2Bvtvn1KikDMnwhJKQhbF5gwsWk%2B18clHXL1tEqSsMN6vf0fUrgD5br9M9wyVrq9dfxOkC4FlVfdmHtiTzP7XkW/bCKfkvZrWK9b2pRT0W1IisFYmZhbdeiICC57f0ZjiVT%2BnMZCJzh3UNB5qQiJ1kB67JEzivss6tjtb1OwiUiX/bdRHBlxGevgZigNIjS4jvk48wWKsdWLo3VgH17gwwbq7ovN2L8f0c%2BtcKhSVkhPYAKTLbM%2BXalL3ILHdVz6kaMqFAiXrwbS0Ziv5dyQ%2Bgg/lD04cHbD%2BsWfYJ/Zg6fi/CY9RZEgV5VxdtB9hp%2B9S2swqb%2B/3mHkHN3MGtD49xPPmhfGXOTTmjRabQCCbdJpN%2B27J3WY0YWZxlzA/qkCN6li8TfZJgcZwiflBPhnoMasmsUeqgFyBm6TJBJ/K9fwxLk69gKqFhlHizO9aEYjw1Zx9Y2PS5ABfznNcAdoNn7OTGWWXK3SI2QE%3D%26p%3DX-Agent-DeviceId: 01000A4109009A83X-BM-CBT: 1711635496User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: F69159E7235A42FCBE5DDAEC0D3A6548X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=3a628620&IPMID=1707317755885; MUID=5047E5942BB2460EA35B53CCF78DDB3D; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8 HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://customervoice.microsoft.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /we5ijvc2/admin/js/sc.php?r=ZW0sZW1haWwsYWRk HTTP/1.1Host: 53northaviations.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=AfIeh0nkXOYGWx0giV0AI7dmpT3tGAHd4oimaTUB8CY-1711635503-1.0.1.1-8tJL7jRbSRta3xrAH_FRhovHnkGZhNwNCG9PqbtkK8IACvE4qjwpKx.FE7eZX.7AWlOhdw.RTJEfEcEk6SYXyQ
Source: global traffic	HTTP traffic detected: GET /df-invest.html HTTP/1.1Host: pub-67b1238eb6e243dc93f415a9f97faade.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://customervoice.microsoft.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ipfs//bafkreibb3ns2kx3hqnpsq4g5yizug65kyll3jxnubjzp2jcwt56kwwdo3a HTTP/1.1Host: eu.starton-ipfs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.5.2/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.5.2/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.16.0/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/gmail.png HTTP/1.1Host: pub-67b1238eb6e243dc93f415a9f97faade.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a9c17eb8-a395-4f7a-ba3f-0e2fc9fb1237/office3651.png HTTP/1.1Host: cdn.glitch.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a9c17eb8-a395-4f7a-ba3f-0e2fc9fb1237/outlook.png HTTP/1.1Host: cdn.glitch.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a9c17eb8-a395-4f7a-ba3f-0e2fc9fb1237/other1.png HTTP/1.1Host: cdn.glitch.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a9c17eb8-a395-4f7a-ba3f-0e2fc9fb1237/office3651.png HTTP/1.1Host: cdn.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a9c17eb8-a395-4f7a-ba3f-0e2fc9fb1237/other1.png HTTP/1.1Host: cdn.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a9c17eb8-a395-4f7a-ba3f-0e2fc9fb1237/outlook.png HTTP/1.1Host: cdn.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pub-67b1238eb6e243dc93f415a9f97faade.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://cloudflare-ipfs.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /we5ijvc2/e154491.php HTTP/1.1Host: 53northaviations.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6ca72b66-8609-4328-9f2e-521097041961%2Foffice1.png HTTP/1.1Host: cdn.glitch.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6ca72b66-8609-4328-9f2e-521097041961%2Foffice1.png HTTP/1.1Host: cdn.glitch.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6ca72b66-8609-4328-9f2e-521097041961%2Foffice1.png HTTP/1.1Host: cdn.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZrrosLDHdpGBAor&MD=vLhttoZU HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7D HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$expand=questions($expand=choices) HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$select=id,customCssFileName,customCSSInLineHeaderToggle,footerText HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-CorrelationId: 6e78364d-d516-4466-836e-47dd6ae0e1f1X-UserSessionId: dc2661d5-daba-4a31-ab97-5def3438f483x-ms-form-request-ring: formsprogccsec-ch-ua-mobile: ?0Authorization: OData-MaxVersion: 4.0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: application/jsonContextParams: {"First Name":"Chez "}__RequestVerificationToken: OpVrihiuUYK5-XLc37I2pO7RsXbrdrNP2iI6oWu3LYCmBwr1toUhNMIEwJoMVQl-6qwuCnmYTOWvgQ_P7XSofmpsFmEPmVgpK0OAZKvgchU1x-ms-form-request-source: ms-formwebsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Pages/ResponsePage.aspx/GetResourceStrings HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$select=id,customCssFileName,customCSSInLineHeaderToggle,footerText HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/privacy?ownerTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&currentUserTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&isAnonymous=true HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-CorrelationId: b478bba9-d387-4510-b635-31723018a544X-UserSessionId: dc2661d5-daba-4a31-ab97-5def3438f483x-ms-form-request-ring: formsprogccsec-ch-ua-mobile: ?0Authorization: OData-MaxVersion: 4.0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: application/jsonContextParams: {"First Name":"Chez "}__RequestVerificationToken: OpVrihiuUYK5-XLc37I2pO7RsXbrdrNP2iI6oWu3LYCmBwr1toUhNMIEwJoMVQl-6qwuCnmYTOWvgQ_P7XSofmpsFmEPmVgpK0OAZKvgchU1x-ms-form-request-source: ms-formwebsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/privacy?ownerTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&currentUserTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&isAnonymous=true HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1

Source: unknown

DNS traffic detected: queries for: gcv.microsoft.us

Source: unknown

HTTP traffic detected: POST /Pages/ResponsePage.aspx/GetResourceStrings HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-CorrelationId: 79478216-3c1c-4553-a677-1a4ca369100bX-UserSessionId: fe879f87-7297-4618-b97e-9ee369406328sec-ch-ua-mobile: ?0formspro: enabledUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36content-type: application/json; charset=utf-8x-ms-form-request-source: ms-formwebsec-ch-ua-platform: "Windows"Accept: */*Origin: https://customervoice.microsoft.usSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 14:18:25 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 14Connection: closeServer: cloudflareCF-RAY: 86b83fd25ad22d24-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 14:18:28 GMTContent-Type: text/htmlContent-Length: 27242Connection: closeServer: cloudflareCF-RAY: 86b83fe56be9059e-IAD
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 14:18:29 GMTContent-Type: text/htmlContent-Length: 27242Connection: closeServer: cloudflareCF-RAY: 86b83ff0cc823b95-IAD

Source: chromecache_161.1.dr	String found in binary or memory: http://amsul.ca
Source: chromecache_161.1.dr	String found in binary or memory: http://amsul.github.io/pickadate.js
Source: chromecache_161.1.dr	String found in binary or memory: http://amsul.github.io/pickadate.js/date.htm
Source: chromecache_166.1.dr	String found in binary or memory: http://api.jqueryui.com/category/ui-core/
Source: chromecache_209.1.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_209.1.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_166.1.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_166.1.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_172.1.dr, chromecache_227.1.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_149.1.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_217.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.cachegroup-nerve.min.js
Source: chromecache_219.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.1ds.323a60b.js.ma
Source: chromecache_169.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.638.3250f1d.js.ma
Source: chromecache_171.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.cvheadertheme.ce2
Source: chromecache_206.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.cvtitlerender.65b
Source: chromecache_155.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.postsubmit.b7eca1
Source: chromecache_187.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.quiz.6dc4e0a.js.m
Source: chromecache_174.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.utel.c1af5df.js.m
Source: chromecache_150.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.vendors.e0d6b00.j
Source: chromecache_166.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.min.js.map/72d2a4ad6536
Source: chromecache_151.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/telemetry-worker.1.js.map/2fc1de80443abf8
Source: chromecache_214.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
Source: chromecache_143.1.dr, chromecache_200.1.dr	String found in binary or memory: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8
Source: chromecache_159.1.dr	String found in binary or memory: https://developers.cloudflare.com/r2/data-access/public-buckets/
Source: chromecache_222.1.dr	String found in binary or memory: https://eu.starton-ipfs.com/ipfs//bafkreibb3ns2kx3hqnpsq4g5yizug65kyll3jxnubjzp2jcwt56kwwdo3a
Source: chromecache_149.1.dr	String found in binary or memory: https://fb.me/react-polyfills
Source: chromecache_143.1.dr, chromecache_200.1.dr	String found in binary or memory: https://gcv.microsoft.us/JWWGOUYU5N
Source: chromecache_226.1.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_194.1.dr, chromecache_152.1.dr, chromecache_163.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_194.1.dr	String found in binary or memory: https://getbootstrap.com/docs/3.4/customize/)
Source: chromecache_161.1.dr	String found in binary or memory: https://github.com/SoapBox/linkifyjs
Source: chromecache_152.1.dr, chromecache_163.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_194.1.dr, chromecache_226.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_152.1.dr, chromecache_226.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_169.1.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_169.1.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_169.1.dr	String found in binary or memory: https://js.foundation/
Source: chromecache_200.1.dr	String found in binary or memory: https://lists.gcc.osi.office365.us/Images/f8c813f9-acbb-4b18-bb10-10729643538d/1b5da865-0b25-4d96-82
Source: chromecache_143.1.dr, chromecache_200.1.dr	String found in binary or memory: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html
Source: chromecache_166.1.dr	String found in binary or memory: https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
Source: chromecache_149.1.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: chromecache_169.1.dr	String found in binary or memory: https://sizzlejs.com/
Source: chromecache_149.1.dr	String found in binary or memory: https://underscorejs.org
Source: chromecache_159.1.dr	String found in binary or memory: https://www.cloudflare.com/favicon.ico

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.151.70:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49804 version: TLS 1.2

Source: classification engine

Classification label: mal88.phis.troj.win@19/165@50/18

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcv.microsoft.us/kgRWagmalJ
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1972,i,9016777741866051104,18441761001042926646,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4364 --field-trial-handle=1972,i,9016777741866051104,18441761001042926646,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1972,i,9016777741866051104,18441761001042926646,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4364 --field-trial-handle=1972,i,9016777741866051104,18441761001042926646,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Data Obfuscation

Yara detected Html Dropper

Source: Yara match

File source: 1.2.pages.csv, type: HTML

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: chromecache_194.1.dr

Binary or memory string: '}.ms-Icon--ConnectVirtualMachine::before{content:'

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.96.13	cloudflare-ipfs.com	United States	13335	CLOUDFLARENETUS	false
104.18.10.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
151.101.130.137	unknown	United States	54113	FASTLYUS	false
99.84.208.101	cdn.glitch.com	United States	16509	AMAZON-02US	false
13.107.213.40	part-0012.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.140.151.75	eafd-3p-profile.usgovtrafficmanager.net	United States	8070	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.2.35	pub-67b1238eb6e243dc93f415a9f97faade.r2.dev	United States	13335	CLOUDFLARENETUS	false
172.253.63.103	www.google.com	United States	15169	GOOGLEUS	false
151.101.2.137	code.jquery.com	United States	54113	FASTLYUS	false
52.127.240.65	osiusgcc-usge-teal-001.usgovvirginia.cloudapp.usgovcloudapi.net	United States	8070	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.21.38.16	eu.starton-ipfs.com	United States	13335	CLOUDFLARENETUS	false
18.165.98.104	cdn.glitch.me	United States	3	MIT-GATEWAYSUS	false
5.181.80.98	53northaviations.com	Bulgaria	57344	TELEHOUSE-ASBG	false
173.231.215.6	sign.13thav.com	United States	54641	INMOTI-1US	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.17
192.168.2.16

Contacted Domains

Name	IP	Active
53northaviations.com	5.181.80.98	true
cdn.glitch.me	18.165.98.104	true
sign.13thav.com	173.231.215.6	true
maxcdn.bootstrapcdn.com	104.18.10.207	true
cloudflare-ipfs.com	104.17.96.13	true
pub-67b1238eb6e243dc93f415a9f97faade.r2.dev	104.18.2.35	true
cdn.glitch.com	99.84.208.101	true
code.jquery.com	151.101.2.137	true
eafd-3p-profile.usgovtrafficmanager.net	20.140.151.75	true
cdnjs.cloudflare.com	104.17.25.14	true
osiusgcc-usge-teal-001.usgovvirginia.cloudapp.usgovcloudapi.net	52.127.240.65	true
www.google.com	172.253.63.103	true
part-0012.t-0009.t-msedge.net	13.107.213.40	true
eu.starton-ipfs.com	104.21.38.16	true
customervoice.microsoft.us	unknown	unknown
lists.gcc.osi.office365.us	unknown	unknown
gcv.microsoft.us	unknown	unknown
cdn.glitch.global	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdn.glitch.me/a9c17eb8-a395-4f7a-ba3f-0e2fc9fb1237/outlook.png	false		high
https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.1ds.323a60b.js?ring=UsGovGccProduction	false	Avira URL Cloud: safe	unknown
https://customervoice.microsoft.us/cdn/scripts/dists/telemetry-worker.1.js	false	Avira URL Cloud: safe	unknown
https://gcv.microsoft.us/kgRWagmalJ	false		unknown
https://eu.starton-ipfs.com/ipfs//bafkreibb3ns2kx3hqnpsq4g5yizug65kyll3jxnubjzp2jcwt56kwwdo3a	false	7%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.2.1.slim.min.js	false		high
https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/images/gmail.png	false	Avira URL Cloud: safe	unknown
https://customervoice.microsoft.us/Pages/ResponsePage.aspx/GetResourceStrings	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js	false		high
https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7D	false		unknown
https://sign.13thav.com/wazzy1.php	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.postsubmit.b7eca17.js?ring=UsGovGccProduction	false	Avira URL Cloud: safe	unknown
https://cloudflare-ipfs.com/favicon.ico	false	16%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://customervoice.microsoft.us/Scripts/dists/ls-pro.en-us.18e0edc91.js?ring=UsGovGccProduction	false	Avira URL Cloud: safe	unknown
https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.quiz.6dc4e0a.js?ring=UsGovGccProduction	false	Avira URL Cloud: safe	unknown
https://customervoice.microsoft.us/FormsPro/Scripts/Vendors/combined/basics_osi_v5_j3_3997ff6.js?ring=UsGovGccProduction	false	Avira URL Cloud: safe	unknown
https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.638.3250f1d.js?ring=UsGovGccProduction	false	Avira URL Cloud: safe	unknown
https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.cvheadertheme.ce22c68.js?ring=UsGovGccProduction	false	Avira URL Cloud: safe	unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	false		high
https://cdn.glitch.me/6ca72b66-8609-4328-9f2e-521097041961%2Foffice1.png	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js	false		high
https://customervoice.microsoft.us/css/dist/cv-response-page.min.css?v=b3c1eb4c85&ring=UsGovGccProduction	false	Avira URL Cloud: safe	unknown
https://cdn.glitch.com/6ca72b66-8609-4328-9f2e-521097041961%2Foffice1.png	false		high
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css	false		high
https://customervoice.microsoft.us/FormsPro/Scripts/Vendors/combined/response_v2_5234a19.js?ring=UsGovGccProduction	false	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.1.1.min.js	false		high
https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.utel.c1af5df.js?ring=UsGovGccProduction	false	Avira URL Cloud: safe	unknown
https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/favicon.ico	false	Avira URL Cloud: safe	unknown
https://53northaviations.com/we5ijvc2/admin/js/sc.php?r=ZW0sZW1haWwsYWRk	false	Avira URL Cloud: safe	unknown
https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8	true		unknown
https://cdn.glitch.me/a9c17eb8-a395-4f7a-ba3f-0e2fc9fb1237/other1.png	false		high
https://customervoice.microsoft.us/formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$select=id,customCssFileName,customCSSInLineHeaderToggle,footerText	false	Avira URL Cloud: safe	unknown
https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.cvtitlerender.65b951b.js?ring=UsGovGccProduction	false	Avira URL Cloud: safe	unknown
https://customervoice.microsoft.us/Scripts/dists/response-page-pro.cachegroup-nerve.min.js?v=b3c1eb4c85&ring=UsGovGccProduction	false	Avira URL Cloud: safe	unknown
https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	false		unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	false		high
https://customervoice.microsoft.us/formapi/api/privacy?ownerTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&currentUserTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&isAnonymous=true	false	Avira URL Cloud: safe	unknown
https://cdn.glitch.me/a9c17eb8-a395-4f7a-ba3f-0e2fc9fb1237/office3651.png	false		high
https://customervoice.microsoft.us/FormsPro/Images/CustomerVoice/CustomerVoice.ico	false	Avira URL Cloud: safe	unknown
https://customervoice.microsoft.us/Scripts/dists/response-page-pro.min.js?v=b3c1eb4c85&ring=UsGovGccProduction	false	Avira URL Cloud: safe	unknown
https://53northaviations.com/we5ijvc2/e154491.php	false	Avira URL Cloud: safe	unknown
https://customervoice.microsoft.us/Scripts/dists/response-page-pro.chunk.vendors.e0d6b00.js?ring=UsGovGccProduction	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css	false		high

AV Detection

Antivirus detection for URL or domain

Source: https://cloudflare-ipfs.com/favicon.ico

Avira URL Cloud: Label: phishing

Multi AV Scanner detection for domain / URL

Source: cloudflare-ipfs.com	Virustotal: Detection: 13%	Perma Link
Source: https://cloudflare-ipfs.com/favicon.ico	Virustotal: Detection: 16%	Perma Link
Source: https://eu.starton-ipfs.com/ipfs//bafkreibb3ns2kx3hqnpsq4g5yizug65kyll3jxnubjzp2jcwt56kwwdo3a	Virustotal: Detection: 6%	Perma Link

Phishing

Phishing site detected (based on favicon image match)

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Source: Yara match

File source: 1.4.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 2.3

HTML body contains low number of good links

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8	HTTP Parser: Number of links: 0
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8	HTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: <input type="password" .../> found but no <form action="...

HTML body with high number of embedded images detected

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8

HTTP Parser: Total embedded image size: 31111

HTML page contains hidden URLs or javascript code

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8

HTTP Parser: Base64 decoded: https://53northaviations.com/we5ijvc2/e154491.php

HTML title does not match URL

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8	HTTP Parser: Title: Sign in to Best Productivity Provider! does not match URL
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: Title: Adobe&Businessing does not match URL

Invalid 'forgot password' link found

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8

HTTP Parser: Invalid link: Forgot my password

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8	HTTP Parser: <input type="password" .../> found
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: <input type="password" .../> found

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8	HTTP Parser: No favicon
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: No favicon
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: No favicon
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: No favicon

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8	HTTP Parser: No <meta name="author".. found
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: No <meta name="author".. found
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: No <meta name="author".. found
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: No <meta name="author".. found

Source: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: No <meta name="copyright".. found
Source: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.151.70:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49804 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.70
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.70

Source: global traffic	HTTP traffic detected: GET /kgRWagmalJ HTTP/1.1Host: gcv.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7D HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/dist/cv-response-page.min.css?v=b3c1eb4c85&ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/ls-pro.en-us.18e0edc91.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://customervoice.microsoft.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /FormsPro/Scripts/Vendors/combined/basics_osi_v5_j3_3997ff6.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://customervoice.microsoft.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /FormsPro/Scripts/Vendors/combined/response_v2_5234a19.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.cachegroup-nerve.min.js?v=b3c1eb4c85&ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://customervoice.microsoft.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.min.js?v=b3c1eb4c85&ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://customervoice.microsoft.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$expand=questions($expand=choices) HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-UserSessionId: fe879f87-7297-4618-b97e-9ee369406328x-ms-form-request-ring: formsprogccsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonContextParams: {"First Name":"Chez "}__RequestVerificationToken: vAFhIq65AjuMRAOWYOP0ThgzxOdyPPOUl5f8aYYE8U4HeO-e0MKjZscKialrItDPaf9E9O_qTfXYIAQUS4hICV8OmSW-RUpMlmnO1Smr_3k1sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$expand=questions($expand=choices) HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.1ds.323a60b.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.utel.c1af5df.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.postsubmit.b7eca17.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.quiz.6dc4e0a.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.638.3250f1d.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Pages/ResponsePage.aspx/GetResourceStrings HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.vendors.e0d6b00.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$select=id,customCssFileName,customCSSInLineHeaderToggle,footerText HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-CorrelationId: 2849e432-921e-40cb-9b81-3b62dfb732d2X-UserSessionId: fe879f87-7297-4618-b97e-9ee369406328x-ms-form-request-ring: formsprogccsec-ch-ua-mobile: ?0Authorization: OData-MaxVersion: 4.0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: application/jsonContextParams: {"First Name":"Chez "}__RequestVerificationToken: vAFhIq65AjuMRAOWYOP0ThgzxOdyPPOUl5f8aYYE8U4HeO-e0MKjZscKialrItDPaf9E9O_qTfXYIAQUS4hICV8OmSW-RUpMlmnO1Smr_3k1x-ms-form-request-source: ms-formwebsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /cdn/scripts/dists/telemetry-worker.1.js HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /FormsPro/Images/CustomerVoice/CustomerVoice.ico HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /FormsPro/Images/CustomerVoice/CustomerVoice.ico HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/privacy?ownerTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&currentUserTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&isAnonymous=true HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-CorrelationId: 5801eb27-88c7-490a-a488-6baed75319ceX-UserSessionId: fe879f87-7297-4618-b97e-9ee369406328x-ms-form-request-ring: formsprogccsec-ch-ua-mobile: ?0Authorization: OData-MaxVersion: 4.0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: application/jsonContextParams: {"First Name":"Chez "}__RequestVerificationToken: vAFhIq65AjuMRAOWYOP0ThgzxOdyPPOUl5f8aYYE8U4HeO-e0MKjZscKialrItDPaf9E9O_qTfXYIAQUS4hICV8OmSW-RUpMlmnO1Smr_3k1x-ms-form-request-source: ms-formwebsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.cvheadertheme.ce22c68.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$select=id,customCssFileName,customCSSInLineHeaderToggle,footerText HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Scripts/dists/response-page-pro.chunk.cvtitlerender.65b951b.js?ring=UsGovGccProduction HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/privacy?ownerTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&currentUserTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&isAnonymous=true HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZrrosLDHdpGBAor&MD=vLhttoZU HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 60X-DeviceID: 01000A4109009A83X-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75X-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAdByaR4dlMgw2gcO2liGGuAwC74ArGIcrvLssBttAPtXxo0UiogqzEbaFc0U6hP0y2NpK3F2%2BUJjh4I%2BsuivHP1BYtjG0XpzrvpDvgj61C8Qmj/GbXQ7zHxmpVWkyo8uOAp2tDhF6ot4FuYAbpuQ6hw3MrljcERwCu%2BEkiK894RgEBJ25NyHmL027MPez/ermYbjgfKRsGjAT5Mkqg5y1jSTcwrZ57szO7B7Un3yJ8vGu1RlzxjQfTkIBa/QpdMYdR4%2BnCcK8f6yyY4/r7c4gEkirWTw%2B0cZBCNp1hTn9WC2HYN6HnO0zdFLHwPPDbvAi7vQQlz6%2BYsNx0HLR4JkO6QDZgAACAR0roVX9vpNqAHUB1Tj75NVFw8w4zj6taoIKrSaeQas8wAxXGQ%2B7O3KZ9Kbc6ysUkI561yz3m6Vk1dip%2BLWz0lLoj6YLs4f5xOw%2Bvtvn1KikDMnwhJKQhbF5gwsWk%2B18clHXL1tEqSsMN6vf0fUrgD5br9M9wyVrq9dfxOkC4FlVfdmHtiTzP7XkW/bCKfkvZrWK9b2pRT0W1IisFYmZhbdeiICC57f0ZjiVT%2BnMZCJzh3UNB5qQiJ1kB67JEzivss6tjtb1OwiUiX/bdRHBlxGevgZigNIjS4jvk48wWKsdWLo3VgH17gwwbq7ovN2L8f0c%2BtcKhSVkhPYAKTLbM%2BXalL3ILHdVz6kaMqFAiXrwbS0Ziv5dyQ%2Bgg/lD04cHbD%2BsWfYJ/Zg6fi/CY9RZEgV5VxdtB9hp%2B9S2swqb%2B/3mHkHN3MGtD49xPPmhfGXOTTmjRabQCCbdJpN%2B27J3WY0YWZxlzA/qkCN6li8TfZJgcZwiflBPhnoMasmsUeqgFyBm6TJBJ/K9fwxLk69gKqFhlHizO9aEYjw1Zx9Y2PS5ABfznNcAdoNn7OTGWWXK3SI2QE%3D%26p%3DX-Agent-DeviceId: 01000A4109009A83X-BM-CBT: 1711635496User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: F69159E7235A42FCBE5DDAEC0D3A6548X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=3a628620&IPMID=1707317755885; MUID=5047E5942BB2460EA35B53CCF78DDB3D; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8 HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://customervoice.microsoft.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /we5ijvc2/admin/js/sc.php?r=ZW0sZW1haWwsYWRk HTTP/1.1Host: 53northaviations.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=AfIeh0nkXOYGWx0giV0AI7dmpT3tGAHd4oimaTUB8CY-1711635503-1.0.1.1-8tJL7jRbSRta3xrAH_FRhovHnkGZhNwNCG9PqbtkK8IACvE4qjwpKx.FE7eZX.7AWlOhdw.RTJEfEcEk6SYXyQ
Source: global traffic	HTTP traffic detected: GET /df-invest.html HTTP/1.1Host: pub-67b1238eb6e243dc93f415a9f97faade.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://customervoice.microsoft.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ipfs//bafkreibb3ns2kx3hqnpsq4g5yizug65kyll3jxnubjzp2jcwt56kwwdo3a HTTP/1.1Host: eu.starton-ipfs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.5.2/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.5.2/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.16.0/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/gmail.png HTTP/1.1Host: pub-67b1238eb6e243dc93f415a9f97faade.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a9c17eb8-a395-4f7a-ba3f-0e2fc9fb1237/office3651.png HTTP/1.1Host: cdn.glitch.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a9c17eb8-a395-4f7a-ba3f-0e2fc9fb1237/outlook.png HTTP/1.1Host: cdn.glitch.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a9c17eb8-a395-4f7a-ba3f-0e2fc9fb1237/other1.png HTTP/1.1Host: cdn.glitch.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a9c17eb8-a395-4f7a-ba3f-0e2fc9fb1237/office3651.png HTTP/1.1Host: cdn.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a9c17eb8-a395-4f7a-ba3f-0e2fc9fb1237/other1.png HTTP/1.1Host: cdn.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a9c17eb8-a395-4f7a-ba3f-0e2fc9fb1237/outlook.png HTTP/1.1Host: cdn.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pub-67b1238eb6e243dc93f415a9f97faade.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://cloudflare-ipfs.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /we5ijvc2/e154491.php HTTP/1.1Host: 53northaviations.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/picker_verify_fluent_authenticator_b59c16ca9bf156438a8a96d45e33db64.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6ca72b66-8609-4328-9f2e-521097041961%2Foffice1.png HTTP/1.1Host: cdn.glitch.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6ca72b66-8609-4328-9f2e-521097041961%2Foffice1.png HTTP/1.1Host: cdn.glitch.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6ca72b66-8609-4328-9f2e-521097041961%2Foffice1.png HTTP/1.1Host: cdn.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZrrosLDHdpGBAor&MD=vLhttoZU HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7D HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$expand=questions($expand=choices) HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$select=id,customCssFileName,customCSSInLineHeaderToggle,footerText HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-CorrelationId: 6e78364d-d516-4466-836e-47dd6ae0e1f1X-UserSessionId: dc2661d5-daba-4a31-ab97-5def3438f483x-ms-form-request-ring: formsprogccsec-ch-ua-mobile: ?0Authorization: OData-MaxVersion: 4.0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: application/jsonContextParams: {"First Name":"Chez "}__RequestVerificationToken: OpVrihiuUYK5-XLc37I2pO7RsXbrdrNP2iI6oWu3LYCmBwr1toUhNMIEwJoMVQl-6qwuCnmYTOWvgQ_P7XSofmpsFmEPmVgpK0OAZKvgchU1x-ms-form-request-source: ms-formwebsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /Pages/ResponsePage.aspx/GetResourceStrings HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/f8c813f9-acbb-4b18-bb10-10729643538d/users/1b5da865-0b25-4d96-82dc-8362c1f0a3f3/light/runtimeForms('-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u')?$select=id,customCssFileName,customCSSInLineHeaderToggle,footerText HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/privacy?ownerTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&currentUserTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&isAnonymous=true HTTP/1.1Host: customervoice.microsoft.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"X-CorrelationId: b478bba9-d387-4510-b635-31723018a544X-UserSessionId: dc2661d5-daba-4a31-ab97-5def3438f483x-ms-form-request-ring: formsprogccsec-ch-ua-mobile: ?0Authorization: OData-MaxVersion: 4.0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: application/jsonContextParams: {"First Name":"Chez "}__RequestVerificationToken: OpVrihiuUYK5-XLc37I2pO7RsXbrdrNP2iI6oWu3LYCmBwr1toUhNMIEwJoMVQl-6qwuCnmYTOWvgQ_P7XSofmpsFmEPmVgpK0OAZKvgchU1x-ms-form-request-source: ms-formwebsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://customervoice.microsoft.us/Pages/ResponsePage.aspx?id=-RPI-LusGEu7EBBylkNTjWWoXRslC5ZNgtyDYsHwo_NUQTZXV1E4UEdXQUhWNkpXUjlTWDVHQjJBNC4u&ctx=%7B%22First%20Name%22%3A%22Chez%20%22%7DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1
Source: global traffic	HTTP traffic detected: GET /formapi/api/privacy?ownerTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&currentUserTenantId=f8c813f9-acbb-4b18-bb10-10729643538d&isAnonymous=true HTTP/1.1Host: customervoice.microsoft.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __RequestVerificationToken=N5kFBx2eumFPME1GhQNEVajS7kl9GDtWVS9bjGI9Gy8iGfSxgSvinVlcbDF5WsUuQAg8XneIVXeD-g0ZDwnZegr4o9ehu61SBzsADw9uk-o1

Source: unknown

DNS traffic detected: queries for: gcv.microsoft.us

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 14:18:25 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 14Connection: closeServer: cloudflareCF-RAY: 86b83fd25ad22d24-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 14:18:28 GMTContent-Type: text/htmlContent-Length: 27242Connection: closeServer: cloudflareCF-RAY: 86b83fe56be9059e-IAD
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 14:18:29 GMTContent-Type: text/htmlContent-Length: 27242Connection: closeServer: cloudflareCF-RAY: 86b83ff0cc823b95-IAD

Source: chromecache_161.1.dr	String found in binary or memory: http://amsul.ca
Source: chromecache_161.1.dr	String found in binary or memory: http://amsul.github.io/pickadate.js
Source: chromecache_161.1.dr	String found in binary or memory: http://amsul.github.io/pickadate.js/date.htm
Source: chromecache_166.1.dr	String found in binary or memory: http://api.jqueryui.com/category/ui-core/
Source: chromecache_209.1.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_209.1.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_166.1.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_166.1.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_172.1.dr, chromecache_227.1.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_149.1.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_217.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.cachegroup-nerve.min.js
Source: chromecache_219.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.1ds.323a60b.js.ma
Source: chromecache_169.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.638.3250f1d.js.ma
Source: chromecache_171.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.cvheadertheme.ce2
Source: chromecache_206.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.cvtitlerender.65b
Source: chromecache_155.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.postsubmit.b7eca1
Source: chromecache_187.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.quiz.6dc4e0a.js.m
Source: chromecache_174.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.utel.c1af5df.js.m
Source: chromecache_150.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.chunk.vendors.e0d6b00.j
Source: chromecache_166.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/response-page-pro.min.js.map/72d2a4ad6536
Source: chromecache_151.1.dr	String found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/telemetry-worker.1.js.map/2fc1de80443abf8
Source: chromecache_214.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
Source: chromecache_143.1.dr, chromecache_200.1.dr	String found in binary or memory: https://cloudflare-ipfs.com/ipfs/QmX4WG9i6svNo7QbAwn7yb2Tk6a5rFAhM5XvSGusSr18f8
Source: chromecache_159.1.dr	String found in binary or memory: https://developers.cloudflare.com/r2/data-access/public-buckets/
Source: chromecache_222.1.dr	String found in binary or memory: https://eu.starton-ipfs.com/ipfs//bafkreibb3ns2kx3hqnpsq4g5yizug65kyll3jxnubjzp2jcwt56kwwdo3a
Source: chromecache_149.1.dr	String found in binary or memory: https://fb.me/react-polyfills
Source: chromecache_143.1.dr, chromecache_200.1.dr	String found in binary or memory: https://gcv.microsoft.us/JWWGOUYU5N
Source: chromecache_226.1.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_194.1.dr, chromecache_152.1.dr, chromecache_163.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_194.1.dr	String found in binary or memory: https://getbootstrap.com/docs/3.4/customize/)
Source: chromecache_161.1.dr	String found in binary or memory: https://github.com/SoapBox/linkifyjs
Source: chromecache_152.1.dr, chromecache_163.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_194.1.dr, chromecache_226.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_152.1.dr, chromecache_226.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_169.1.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_169.1.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_169.1.dr	String found in binary or memory: https://js.foundation/
Source: chromecache_200.1.dr	String found in binary or memory: https://lists.gcc.osi.office365.us/Images/f8c813f9-acbb-4b18-bb10-10729643538d/1b5da865-0b25-4d96-82
Source: chromecache_143.1.dr, chromecache_200.1.dr	String found in binary or memory: https://pub-67b1238eb6e243dc93f415a9f97faade.r2.dev/df-invest.html
Source: chromecache_166.1.dr	String found in binary or memory: https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
Source: chromecache_149.1.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: chromecache_169.1.dr	String found in binary or memory: https://sizzlejs.com/
Source: chromecache_149.1.dr	String found in binary or memory: https://underscorejs.org
Source: chromecache_159.1.dr	String found in binary or memory: https://www.cloudflare.com/favicon.ico

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.151.70:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49804 version: TLS 1.2

Source: classification engine

Classification label: mal88.phis.troj.win@19/165@50/18

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcv.microsoft.us/kgRWagmalJ
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1972,i,9016777741866051104,18441761001042926646,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4364 --field-trial-handle=1972,i,9016777741866051104,18441761001042926646,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1972,i,9016777741866051104,18441761001042926646,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4364 --field-trial-handle=1972,i,9016777741866051104,18441761001042926646,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Data Obfuscation

Yara detected Html Dropper

Source: Yara match

File source: 1.2.pages.csv, type: HTML

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: chromecache_194.1.dr

Binary or memory string: '}.ms-Icon--ConnectVirtualMachine::before{content:'

ID:	1417063
Product:	CloudBasic
Start time:	15:16:53
Start date:	28.03.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:17:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	DD866B9BB78275578FF0665B53B598B7	377C56BEDEB918EB501797D0E0445992FD0A7CDD	26780EFD9855746F791628EB1FA5C79075EADE48067DD75E39955A467865B742
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:17:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	6C04A026078ADAD5F247BC8BBC13F585	E6BB58B3F404CD3D182BD02B753BE927C1ECD85F	377C341102A48AC123CAB2000C2F07D9D13D27987AB3A8D26B7BFAA03DC4B9AB
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	BB2C2F2B7D818F0513BD638E62E208A0	D18A69BF653EDCA934586CE14DCB026416282C49	5B6D3D691E30FBAE6F9D70092817C01890C8E02681AA2BB8B6C49499C6E0185B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:17:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	747FD3C15B79E5393797779B06CABA9E	7426562248F177FCDA0E5F6C8F136134454DA08D	09F714C2C007363EBA4C6C8DF1A6BDD0702201FABE33697CA30993F649627B48
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:17:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	8502143443F0E4805D5DC349FF26F50C	9EA57A78B38BB471AF53B4EDD6F00752F8F50196	7B50274B93117A2DF5AD23FD77A3C4B5CBC3BDBE98927CA9B6CA423B32A17B41
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 13:17:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	FB0319FF664F953C23098F905B66E67A	FA8E97455F884F4B4AFB4D39D038088E65F69675	41C50FC2C8092556F0231861B4169AD7EF4E7F2F8E5BC50C580CF2149BD13C73
Chrome Cache Entry: 140	HTML document, ASCII text, with very long lines (379), with CRLF line terminators	0F7CCE9368A5285559D7EF3E641F18A4	0E25DA9ABEC63112710CAEB14123215D24A84876	BC1832CD33B67E74FE000BDBCADB002EB3B6D47F403CD56972545898474EAF0F
Chrome Cache Entry: 141	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 222x125, components 3	EBF3D590FAEEE30CDF81929303672548	30BB5C412260A896CFE7E66FB33878452C3ACEC4	868D4ADAD4D4283F069E47683B80FF579F3B00941739820B74CAF999991FCA6E
Chrome Cache Entry: 142	PNG image data, 330 x 330, 8-bit/color RGBA, non-interlaced	BEB949471F269B1663C6F471F03B2212	C10F57DE17B1089D51803F0CF0100736187C5E00	FF0F6F5354A28803CF4BCD84DFA637D100482B78B2B34DF098220F3D43D20C19
Chrome Cache Entry: 143	JSON data	36E785EAB8C0489434AD4391C962B03B	A99D3AE16972DBCDB95B56DD858E258EA01A63F1	2F48A1A0FEDEDC88FA71774F4F7D6C05A3E082F5892143BAB490C2E4BE9B6A95
Chrome Cache Entry: 144	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 572x233, components 3	E71534E10B1241216874F6C9FAEAD237	55E373F4F85AEC2E48AF6A225D4FD67B42DFBAFD	D38383C47693B251562296E1B8366AF11454BFCA4CCEA558895C946F180DD003
Chrome Cache Entry: 145	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	EE2B357FA5FBA69AF238168E3A1A27E1	B5DD4606BEDBF1D705A01F833802248E03D01518	0FD813BAE48835570858A2508D9C29900B8A4CDDEBFF4A250E79AD12F8ACBDCB
Chrome Cache Entry: 146	data	09839191CB928B52C19B2C8DDC334496	047B2D718CF19253AA84F93F2724C4D46975DAAC	AC6DD6EAD207FA53517ED47194A6276FA610DCD5328BCA8FD7FDDA3913078BB2
Chrome Cache Entry: 147	PNG image data, 228 x 66, 8-bit/color RGBA, non-interlaced	0D84B997C50F7F9015C532A44E945A83	DF610B8C49FB0CA12E50E5306582CD4007FFF6F6	B1996199151427B4600EAEC6389A0259A582E954C45B2B6B8220A4B2C0E02134
Chrome Cache Entry: 148	PGP Secret Sub-key -	F84B5DFC9F1BD6ED5609249218CFCEC4	AF58D1BEB706013D96F48E737922B7495A982286	A60DA8F7D18337EFABA7BA7BA9539BB7945126D5884E6A4CC6740E5F5BE2E770
Chrome Cache Entry: 149	ASCII text, with very long lines (47421), with CRLF line terminators	6E9386843C22345A256F324692D627F2	FEF7FADB3A27032695AAB726682A340D583BFC51	D40E9F33813211AA5DFABEEBF4A1571D488E56878954DE4D513A25B3525B3988
Chrome Cache Entry: 150	ASCII text, with very long lines (65536), with no line terminators	4D5CEEE45615E16FF9E5B59F07F06782	0117F6F4AAE69E34983830D95B99D240778EE2F0	6FADE40437BEBEE439457D5683A1F6EAD708562697E7AD2F0C7A2148BC73F34E
Chrome Cache Entry: 151	ASCII text, with very long lines (58457)	62D1545FCE12E0397582E4D900A89EFD	D4B3BE160044C01E25B12F76973760386CEE2CA2	8C677EE4A629FA0473A019BBA10B46E8BE2FD926705E2649BC743BD97839C57C
Chrome Cache Entry: 152	ASCII text, with very long lines (59765)	02D223393E00C273EFDCB1ADE8F4F8B1	0CC93B8421D89C24A889642428B363CB831DE78A	79C599DD760CEC0C1621A1AF49D9A2A49DA5D45E1B37D4575BACE0A5E0226582
Chrome Cache Entry: 153	PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced	A3CDFEAF028CF60D90337CE4BB1B632F	44F084707B89B3A999B9A58C06E872AC6CA909D3	2F128C34E99F47C352178964FC87AF68352B7395984D68313BBA7A5B2647ABAA
Chrome Cache Entry: 154	data	016B18D09E27D8561290AF7301561A3C	7FC5F0B8F573442EF81B2A7546C589233D96B13A	C5DDEECA8754567C987A450E6BBE9EBE8FF8613BFC9F785A05BF28A296192E9B
Chrome Cache Entry: 155	ASCII text, with very long lines (65536), with no line terminators	DA69DB81907CC110600C8989D38BB9D5	1CA81D11BCF858BC2774FD6C5414D83F06618406	1D95A437A2BF9545D8B862A9C7CF8E8B9A38D6520258BCBED8BE63EB54455689
Chrome Cache Entry: 156	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 572x233, components 3	E71534E10B1241216874F6C9FAEAD237	55E373F4F85AEC2E48AF6A225D4FD67B42DFBAFD	D38383C47693B251562296E1B8366AF11454BFCA4CCEA558895C946F180DD003
Chrome Cache Entry: 157	data	4F45DC3201463BB062173588E102A2FE	8D09935D789072DF35D8F8B429742C51CA5BC1EB	35A94C8ECAB821439BDFCE6BFBD02B6B1F15E99ABA019B4FC313F21DC9145B09
Chrome Cache Entry: 158	JSON data	2544E12C996BF24471362B93F0DA41F3	A86BF135AB32EFD7D71F9D608A6ADF970446E945	5066B03C47885E634492DD13D9D4CD86EBB62D4B6603FA5DD249E0DA603B4F76
Chrome Cache Entry: 159	HTML document, ASCII text, with very long lines (611)	DF3D48946E8D3F5A83608308EDBB4B86	47B9C40C97ABF2658DF96B1C06109324E15E1A00	570A6631252B8A52DF4DE0E953AE77DBDF524DFC3637CDA2840494A0D2B49499
Chrome Cache Entry: 160	ASCII text	E04281E26EEB40D6C01E701FB6EEB353	8923251E3FB6ECB4740019B26C1B8ADEA5186097	21DB65A55F67835F2870DDC233437BAAC2D7B4DDB40A72FD24569F7CAB586ED8
Chrome Cache Entry: 161	Unicode text, UTF-8 text, with very long lines (19569), with CRLF line terminators	162890ADA98A5DEF6640BBE57DA52EB9	06A3D551F9718164171E7517F18577B73F13B390	DA599489D3F86D69769A1D310A5E59838D7E72EAD0BCFE94851D0084318FCDC2
Chrome Cache Entry: 162	ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]	697B33A6E6EC12E257F44778EC25B0F9	B58831A271CE34177BEA1470851820263FC26FF7	34723CBA5D633DC6A62876E7297BF68F8F629F4F94182117391E3BFF21E18078
Chrome Cache Entry: 163	ASCII text, with very long lines (65326)	816AF0EDDD3B4822C2756227C7E7B7EE	C470239D4C7DB36D56DC3A74A080C62218C6EDC4	5B0FBE5B7AD705F6A937C4998AD02F73D8F0D976FE231B74AEF0EC996990C93A
Chrome Cache Entry: 164	data	C48A92D5D1E727FF29B9DF4D651FEA8C	4D22F0EF5D5ADA0852EDBDB9EA67B30B54A272CC	8D47B5030362EC850CC44FE926F282123FD1DC7BD127DE0AFB18A174BD4B8739
Chrome Cache Entry: 165	data	0FD2D67356EB843E2463E4F7BC011913	AAF090FEFFDE9DDDA379C43457B7F9577F69EC7B	38011DABD5F0ED75E6D983893E558C29DBDCA3BB6AA075761A8BDC49134B86EC
Chrome Cache Entry: 166	Unicode text, UTF-8 text, with very long lines (40515)	0C6F020C2EAAA68CA998AA158720EDFD	C5582182A53E63DD95F2B3AA2BE10D37F86078A7	A61962B6B38FBF8A4806E6F476F800520C2D0D184983D226511D180E173FBDEF
Chrome Cache Entry: 167	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 222x125, components 3	EBF3D590FAEEE30CDF81929303672548	30BB5C412260A896CFE7E66FB33878452C3ACEC4	868D4ADAD4D4283F069E47683B80FF579F3B00941739820B74CAF999991FCA6E
Chrome Cache Entry: 168	data	CA794DE96DDA66C6776B4E14BBD439CF	A12599484DD389D1668F743DF2C6D690F041B120	793177E88CCB99E772F5A0B4A2DB52CE411779BA0D151EEB544C2675157756CD
Chrome Cache Entry: 169	Unicode text, UTF-8 text, with very long lines (60976)	2F5D48A71CBEE9ABABF1C9B78B8FD892	65141885EE4988A9006E2D8583DBE2EB7DA2AC84	629F4CC6CEA0E185B7315CDAAF59192A34C2F4AC122396C3CCAAC6A2B6A9E0E0
Chrome Cache Entry: 170	JSON data	AF469AC6ABAAF7DA1ACC59F7292E6671	75ACAD50ED8287D26D5EA2C7380B09B6095DA453	AC8EA734A33366EF42F62398D95B4A9D912043522CF945405FD691F7AA342FED
Chrome Cache Entry: 171	ASCII text, with very long lines (23932)	955B3780D94E04954A81D2BACA687D35	B3F3234B6BEB96B1B5E1AD69FA22CE398220D715	9382E22FD7683906612A6416A12ECB81B1318B03CBB3A3E009A5A49687155B81
Chrome Cache Entry: 172	ASCII text, with very long lines (21084)	84415B7368FD6FC764CBE86039CE0626	62F238E73348C77EB9E865426A7D1B7DE23CBB2D	C776195AD46333C6C9A9FE3C74502FFEA9A02FAF122388EA3567922CC65A3060
Chrome Cache Entry: 173	data	7816510CF913E1F343AF6849D2E1C629	3145EB12A1AD07A438CDA89253FA2BB018E8C9A7	8CE91F9B5CBAA33F5067A257847B0711F5C2C34524F3FCA311174AB50119DCC2
Chrome Cache Entry: 174	ASCII text, with very long lines (29782)	C84F161AC3232BC00553A19A9043D7A2	7487D80415B1E1EBE3B1454CE6B8EAC1701E4550	E0362CF9EE3665EA471A69CF31D723630899D6CF8F0A907655B32578C690262D
Chrome Cache Entry: 175	OpenPGP Secret Key	29C1ED03737AE0C8DF91CFD072483822	A7C2F54D4896AB7FF882F406CDB10B5AFEEF3635	883C8E08CF1ECCFBD568037474D838957D5E05ACE12BA4EFBA4ADCC9EF64AA80
Chrome Cache Entry: 176	PNG image data, 190 x 187, 8-bit/color RGBA, non-interlaced	6843A244E12FAB158AA189680B5E7049	0E1C691F87CC4FA35C88344974F2829C40176B70	3A9B144D6482B78AFC4E0A940A1D3C22240F14FA535B808CF4DAB9635339569F
Chrome Cache Entry: 177	PNG image data, 864 x 1024, 8-bit/color RGBA, non-interlaced	ADA6A19789E5C72533C9872541BA42A6	5192839B8888EEAD65DB3CCEE7FD68E86E7CCB53	0C1EBF2BBC55550D5F3C379F178F308A1D45E4E885A623A118D3689B1BE6C704
Chrome Cache Entry: 178	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 572x233, components 3	E71534E10B1241216874F6C9FAEAD237	55E373F4F85AEC2E48AF6A225D4FD67B42DFBAFD	D38383C47693B251562296E1B8366AF11454BFCA4CCEA558895C946F180DD003
Chrome Cache Entry: 179	data	7B975AA40CE87BBD39F0967A82488BB5	6A8B4BC5D7EAAFA0FEC32EB52EAA3966BAD73794	B98C32D9C1C8B3FBE1D4698784D24604DFC84B57376F92AF34174C10B21065C2
Chrome Cache Entry: 180	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250	21B761F2B1FD37F587D7222023B09276	F7A416C8907424F9A9644753E3A93D4D63AE640E	72D4161C18A46D85C5566273567F791976431EFEF49510A0E3DD76FEC92D9393
Chrome Cache Entry: 181	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	EE2B357FA5FBA69AF238168E3A1A27E1	B5DD4606BEDBF1D705A01F833802248E03D01518	0FD813BAE48835570858A2508D9C29900B8A4CDDEBFF4A250E79AD12F8ACBDCB
Chrome Cache Entry: 182	ASCII text, with very long lines (32030)	E071ABDA8FE61194711CFC2AB99FE104	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
Chrome Cache Entry: 183	data	F5ACCE619AE3E9DF6186A85B9AB57ABB	04638B81150A6F14895C81D9CCEB496D75609511	085DD584192976E4546051C6B854714ACE50BB2A3F5A962975CD9DF8AB5B84B2
Chrome Cache Entry: 184	data	5CDA4CFC415C6A92D80CDEFBD134E4C5	C5822624EE2D4382DA7ABDC2F85904BD1CBCC93D	7E6F3A772533205D83D8DCB50129CAB443F6E0EB943F2FA41F1810B970BCA991
Chrome Cache Entry: 185	JSON data	2544E12C996BF24471362B93F0DA41F3	A86BF135AB32EFD7D71F9D608A6ADF970446E945	5066B03C47885E634492DD13D9D4CD86EBB62D4B6603FA5DD249E0DA603B4F76
Chrome Cache Entry: 186	PNG image data, 187 x 188, 8-bit/color RGBA, non-interlaced	A5CDADD60382E9AE6228121542EB1C2A	CEC15F6470D0237569E931D7D11752B41AC5D8A3	71E729939E175F4AE9D3FCC645D6B7389EC341A47A84950E047197331FDC22F1
Chrome Cache Entry: 187	ASCII text, with very long lines (2530)	1D91B187A32745D330A2077FDADD872B	055D7BB0CF69E295C06346221B784359FA9199E2	2453F3D239A982DCF75B5DFA55261BC8BF77D04591F331847784AC4982E62F7E
Chrome Cache Entry: 188	PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced	A3CDFEAF028CF60D90337CE4BB1B632F	44F084707B89B3A999B9A58C06E872AC6CA909D3	2F128C34E99F47C352178964FC87AF68352B7395984D68313BBA7A5B2647ABAA
Chrome Cache Entry: 189	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 190	data	C2B8A4396EDC04973844C1A6E7073A65	D773588C2FF75EDA183FB51A60B048C6B5E1E9F8	B3CCB1B37BE27FE743BFF3F402216E9B6807B4BABF78754D192EB5F7D3796C8B
Chrome Cache Entry: 191	PNG image data, 228 x 66, 8-bit/color RGBA, non-interlaced	0D84B997C50F7F9015C532A44E945A83	DF610B8C49FB0CA12E50E5306582CD4007FFF6F6	B1996199151427B4600EAEC6389A0259A582E954C45B2B6B8220A4B2C0E02134
Chrome Cache Entry: 192	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250	21B761F2B1FD37F587D7222023B09276	F7A416C8907424F9A9644753E3A93D4D63AE640E	72D4161C18A46D85C5566273567F791976431EFEF49510A0E3DD76FEC92D9393
Chrome Cache Entry: 193	ASCII text, with very long lines (32065)	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
Chrome Cache Entry: 194	Unicode text, UTF-8 text, with very long lines (64954), with CRLF line terminators	416B512C6FF81B7E3BD675E455905146	9F96EE2E55FDBED40B31BE7C24A97008A044404B	C400728CA705268C42BAFCADB6FD5E3AEA844F950E145C6F7E835D08E4C22259
Chrome Cache Entry: 195	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 196	PNG image data, 330 x 330, 8-bit/color RGBA, non-interlaced	BEB949471F269B1663C6F471F03B2212	C10F57DE17B1089D51803F0CF0100736187C5E00	FF0F6F5354A28803CF4BCD84DFA637D100482B78B2B34DF098220F3D43D20C19
Chrome Cache Entry: 197	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 2905	5C7ACF60A2ACAA5C54BF2B2EC6D484D8	F1837FD5DB6DAD498148D7D77438DE693114B042	EE21196A4F5EF64135B7998E58F1E7210608674E3FDF97B328C1C237E3B184DB
Chrome Cache Entry: 198	JSON data	AF469AC6ABAAF7DA1ACC59F7292E6671	75ACAD50ED8287D26D5EA2C7380B09B6095DA453	AC8EA734A33366EF42F62398D95B4A9D912043522CF945405FD691F7AA342FED
Chrome Cache Entry: 199	data	FFD7CAB01E3C52062A8C761A6B2A64BF	3E440AD9FCEC6C952B7CD161310BA5285BA01CB6	F5E2C66F15C7FB7EAD8602EB8B36E61DCA6A6D122268B8B12095C76986E61906
Chrome Cache Entry: 200	JSON data	9F55861B9708E3CF188D3E5F7BF794B1	15AB48D729C9BCEE6E6FACD0D72893349549234B	1769634A0DB9D0C9411EC0974DBF7F42BDE8C4AD538BCFEDFBB03DB48F89EF57
Chrome Cache Entry: 201	Dyalog APL aplcore version 68.-91	76D8B96F1A77C10755714804C0BFC2A6	1ECDA0EDC3070220A33729EBE8C595C1CC1E3F73	CCBA9B402F5E87CB2BD8C84700B7ECF1F120843C7546EA68BB6917199B81A4DE
Chrome Cache Entry: 202	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 2905	5C7ACF60A2ACAA5C54BF2B2EC6D484D8	F1837FD5DB6DAD498148D7D77438DE693114B042	EE21196A4F5EF64135B7998E58F1E7210608674E3FDF97B328C1C237E3B184DB
Chrome Cache Entry: 203	data	463B9E7BBB15A1CA197268683FD5DEEC	FED6B088377A5363D8EAF9D4C16957FCB747353C	ABA8F21342524DBAD8B3FB72018548487788FCCEAE1D653F9138747CFC2E2D87
Chrome Cache Entry: 204	ASCII text, with very long lines (47992), with no line terminators	CF3402D7483B127DED4069D651EA4A22	BDE186152457CACF9C35477B5BDDA5BCB56B1F45	EAB5D90A71736F267AF39FDF32CAA8C71673FD06703279B01E0F92B0D7BE0BFC
Chrome Cache Entry: 205	data	1DC8B43C82B2611AE2DF8749DCA035DD	B12EAA4D52A40B5555C68BAFDF6B45E7D6F1551C	20169EBF7FD72495EC1778E8F8EF55BEDA8DB8FA7331DF47CE8E3656CEA5AC56
Chrome Cache Entry: 206	ASCII text, with very long lines (14182)	39FE53EB9274BE422813B6756D3951E8	5E7E1AA6347DD66A7B52BB3AC94EC50BB0BEC9E5	E91EBC90763C7B778FC6FD26FC0524D9D8584DE71A1A6E2ABB6D54492D3472D8
Chrome Cache Entry: 207	ASCII text, with no line terminators	4C42AB4890733A2B01B1B3269C4855E7	5B68BFE664DCBC629042EA45C23954EEF1A9F698	F69E8FC1414A82F108CFA0725E5211AF1865A9CEA342A5F01E6B2B5ABE47E010
Chrome Cache Entry: 208	data	D5FF6DB209A133BC1C0B1C23C29B87BA	A23F4E5E143E5DB9793839767489E29807A1DBEF	8D8F4F6FC05796DBE410C9022BF0F4182A27BF269E637CE4FEF4590E3980CCE9
Chrome Cache Entry: 209	troff or preprocessor input, ASCII text, with very long lines (372)	C495654869785BC3DF60216616814AD1	0140952C64E3F2B74EF64E050F2FE86EAB6624C8	36E0A7E08BEE65774168528938072C536437669C1B7458AC77976EC788E4439C
Chrome Cache Entry: 210	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, progressive, precision 8, 1920x1080, components 3	3ED3B2FB3E64AFC87CF38EE4BB74A415	488783638E3D903C1B890876AF57264036B85D22	39E9110E7481C09A6C3DD85AC244848BE1517E17BC109852C12B062BA8F0C881
Chrome Cache Entry: 211	ASCII text, with very long lines (32012)	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
Chrome Cache Entry: 212	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390	9D372E951D45A26EDE2DC8B417AAE4F8	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
Chrome Cache Entry: 213	PNG image data, 864 x 1024, 8-bit/color RGBA, non-interlaced	ADA6A19789E5C72533C9872541BA42A6	5192839B8888EEAD65DB3CCEE7FD68E86E7CCB53	0C1EBF2BBC55550D5F3C379F178F308A1D45E4E885A623A118D3689B1BE6C704
Chrome Cache Entry: 214	ASCII text, with CRLF line terminators	E125FE08F1BD3212226389DA8C2ADE08	179903C6181F741BFCC3C032396A6B565F8132EA	980E8229914EFC74177F484E4CAAD5F928440AF14FAD8D02D363A2DAA543FAE9
Chrome Cache Entry: 215	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, progressive, precision 8, 1920x1080, components 3	3ED3B2FB3E64AFC87CF38EE4BB74A415	488783638E3D903C1B890876AF57264036B85D22	39E9110E7481C09A6C3DD85AC244848BE1517E17BC109852C12B062BA8F0C881
Chrome Cache Entry: 216	ASCII text, with no line terminators	D0FBDA9855D118740F1105334305C126	BC3023B36063A7681DB24681472B54FA11F0D4EC	A469AB4CA4E55BF547566E9EBFA1B809C933207E9D558156BC0C4252B17533FE
Chrome Cache Entry: 217	ASCII text, with very long lines (63096)	2F2B6883DF506FA11029D1E46167C453	B0F9C2613CC01C3EE9B10F12E298CC815D149A05	9FFB74A4DFB18D0DD5132133F104C008A15540DA87EF94A41F7B4C542D7F03C5
Chrome Cache Entry: 218	PNG image data, 187 x 188, 8-bit/color RGBA, non-interlaced	A5CDADD60382E9AE6228121542EB1C2A	CEC15F6470D0237569E931D7D11752B41AC5D8A3	71E729939E175F4AE9D3FCC645D6B7389EC341A47A84950E047197331FDC22F1
Chrome Cache Entry: 219	ASCII text, with very long lines (47337)	0627D9EF086A17447095E99090FD9AFA	584B355FA3F176BF0658A87C6267D0B95F3CA34A	B2A2FBED29B3EE7A0BE695ADC0A7C45C7EFAE9F958030D77E0944A9C9C7672D2
Chrome Cache Entry: 220	PNG image data, 190 x 187, 8-bit/color RGBA, non-interlaced	6843A244E12FAB158AA189680B5E7049	0E1C691F87CC4FA35C88344974F2829C40176B70	3A9B144D6482B78AFC4E0A940A1D3C22240F14FA535B808CF4DAB9635339569F
Chrome Cache Entry: 221	ASCII text, with very long lines (65451)	DC5E7F18C8D36AC1D3D4753A87C98D0A	C8E1C8B386DC5B7A9184C763C88D19A346EB3342	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
Chrome Cache Entry: 222	HTML document, ASCII text, with no line terminators	B7DA9BECAAD018BB82DA650F0B6CBBE7	0657515184A66356174B1917790B1631FBF5DAC9	930BDDB8BA5B406304CDA2997FF84DD791CD8B8D841DFBD5A68ED45C5FA099B3
Chrome Cache Entry: 223	HTML document, ASCII text, with very long lines (1371), with CRLF line terminators	954D6880555ECDCE37E4ABBB32A637A0	FF8AA85C9C417F976729A793D6B4FC78870FDA13	06D3A43B529D6F559F1BB93F923F31F0B5ECF54E4B5AC02CC4DCACF81B0942B7
Chrome Cache Entry: 224	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390	9D372E951D45A26EDE2DC8B417AAE4F8	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
Chrome Cache Entry: 225	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 572x233, components 3	E71534E10B1241216874F6C9FAEAD237	55E373F4F85AEC2E48AF6A225D4FD67B42DFBAFD	D38383C47693B251562296E1B8366AF11454BFCA4CCEA558895C946F180DD003
Chrome Cache Entry: 226	ASCII text, with very long lines (48664)	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
Chrome Cache Entry: 227	ASCII text, with very long lines (19015)	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
Chrome Cache Entry: 228	data	AECC42485644A61AD67C8469DA204163	14F21CCE8A126B452F5A8AC797ACACA452988649	CA9E2CDDB3FF0CF982C876654388A256EE08971E9591686C534242F5262FA5E2

Windows Analysis Report
https://gcv.microsoft.us/kgRWagmalJ

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://gcv.microsoft.us/kgRWagmalJ

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://gcv.microsoft.us/kgRWagmalJ