Play interactive tourEdit tour

Windows Analysis Report
https://www.google.ml/url?fvg=1YI3fC8whlGPBCiMyiuQ&bhtBf=8EQhXbuMThqowIo0zyCX&sa=t&ndg=afydNw3nDHf9A6uq2MCH&url=amp%2Fiestpcanipaco.edu.pe%2F.r%2Fu1kOgE-SURELILYYWRhcnNoLm1hbGhvdHJhQGphdG8uY29t

Overview

General Information

Sample URL:	https://www.google.ml/url?fvg=1YI3fC8whlGPBCiMyiuQ&bhtBf=8EQhXbuMThqowIo0zyCX&sa=t&ndg=afydNw3nDHf9A6uq2MCH&url=amp%2Fiestpcanipaco.edu.pe%2F.r%2Fu1kOgE-SURELILYYWRhcnNoLm1hbGhvdHJhQGphdG8uY29t
Analysis ID:	1555915
Infos:

Detection

HTMLPhisher

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish54

HTML page contains obfuscated javascript

Detected hidden input values containing email addresses (often used in phishing pages)

Detected non-DNS traffic on DNS port

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

HTTP GET or POST without a user agent

Stores files to the Windows start menu directory

Classification

×

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish54

Source: Yara match	File source: 0.3.id.script.csv, type: HTML
Source: Yara match	File source: 0.13.i.script.csv, type: HTML
Source: Yara match	File source: 2.2.pages.csv, type: HTML
Source: Yara match	File source: 3.6.pages.csv, type: HTML
Source: Yara match	File source: 3.3.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 3.4.pages.csv, type: HTML

HTML page contains obfuscated javascript

Source: https://stoneinstallations.net.au/.li/YWRhcnNoLm1hbGhvdHJhQGphdG8uY29t

HTTP Parser: function _0x1a15(_0x3eca03,_0x27d701){var _0x5cb73e=_0x5cb7();return _0x1a15=function(_0x1a

Detected hidden input values containing email addresses (often used in phishing pages)

Source: https://butter.mnrov.eg-mart.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true

HTTP Parser: adarsh.malhotra@jato.com

HTML body contains low number of good links

Source: https://butter.mnrov.eg-mart.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://butter.mnrov.eg-mart.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0

HTTP Parser: Base64 decoded: 29528f2d-b195-44f5-9837-f1f8c24b686e05b0077e-1345-4aec-8d32-d5c75a253d05

HTML title does not match URL

Source: https://butter.mnrov.eg-mart.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true

HTTP Parser: Title: wNyq0AnSSTxrGeL_220U-gTv4498pEWavYrb4xOU does not match URL

Found iframes

Source: https://butter.mnrov.eg-mart.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true

HTTP Parser: Iframe src: https://butter2.mnrov.eg-mart.com/Me.htm?v=3

Source: https://butter.mnrov.eg-mart.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true

HTTP Parser: Iframe src: https://butter2.mnrov.eg-mart.com/Me.htm?v=3

HTML body contains password input

Source: https://butter.mnrov.eg-mart.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true

HTTP Parser: <input type="password" .../> found

HTML page is missing a favicon

Source: https://butter.mnrov.eg-mart.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0

HTTP Parser: No favicon

META author tag missing

Source: https://butter.mnrov.eg-mart.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://butter.mnrov.eg-mart.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://butter.mnrov.eg-mart.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://butter.mnrov.eg-mart.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found

META copyright tag missing

Source: https://butter.mnrov.eg-mart.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://butter.mnrov.eg-mart.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://butter.mnrov.eg-mart.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://butter.mnrov.eg-mart.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Compliance

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 2.23.209.183:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:60546 version: TLS 1.2

Networking

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.17:62144 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:60543 -> 162.159.36.2:53

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: www.google.ml to http://iestpcanipaco.edu.pe/.r/u1koge-surelilyywrhcnnolm1hbghvdhjhqgphdg8uy29t

HTTP GET or POST without a user agent

Source: global traffic

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

Connects to IPs without corresponding DNS lookups

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.183
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Downloads files from webservers via HTTP

Source: global traffic	HTTP traffic detected: GET /url?fvg=1YI3fC8whlGPBCiMyiuQ&bhtBf=8EQhXbuMThqowIo0zyCX&sa=t&ndg=afydNw3nDHf9A6uq2MCH&url=amp%2Fiestpcanipaco.edu.pe%2F.r%2Fu1kOgE-SURELILYYWRhcnNoLm1hbGhvdHJhQGphdG8uY29t HTTP/1.1Host: www.google.mlConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCNy9zQEIkcrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /amp/iestpcanipaco.edu.pe/.r/u1kOgE-SURELILYYWRhcnNoLm1hbGhvdHJhQGphdG8uY29t HTTP/1.1Host: www.google.mlConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCNy9zQEIkcrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=519=N8ELk7ZVmQYmVp1urYrfBKrYnXbCP4hJnRyfKq5RJ3skcmkoTSKTo1X_2JdjcK8Rh8AsTPwkdGjNdiGd1s_wIQXWouW_-pdZbQoP0AZDteluNKc5NN_UAKKr1Li4s2YDPf3Q6A-uPspgRM1f_vuE5GT0Uo_j6w6epWgo-D-gex_mPA4UmTKNrl8QSTWDV3Dq6MmO
Source: global traffic	HTTP traffic detected: GET /.r/u1kOgE-SURELILYYWRhcnNoLm1hbGhvdHJhQGphdG8uY29t HTTP/1.1Host: iestpcanipaco.edu.peConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /.li/YWRhcnNoLm1hbGhvdHJhQGphdG8uY29t HTTP/1.1Host: stoneinstallations.net.auConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://iestpcanipaco.edu.pe/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -300X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; StandardBias=0; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Agent-DeviceId: 01000A41090080B6X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAATKroDVehIwhR1af/NJXyEM/gWDmFHEyD/jvuxhb%2BEp%2BvftiDzLladduscq70ZpGhopdhEZ8qqmoHfIbPOSm0ugw3lhj3wJ9chhQzLUzuVkc/Fsc2Fy3cEeW6nFt1DjKEUSbAuArYcH8K2VpTtXi2iJT6WF5QLWupR1oI4/nrOgYjw%2B9EN2UiNbSRpRi%2BlbNvKOnMP/AM%2B7wbBEXXZQLov3CC4Z6plGqpD7kQ/JHTc5EilGf3jFWO9ofEF2EPhUhqWfv0vrT1fCOfdh9h%2BnJMHjCmEDgPxB8uuh7BhVOFIOqYB5jYNhlUhOn5cy9jVnPEnvlpoOXPtxV84wBnGKRN6cQZgAAEEMeUnIlB2TE3VtumdoQNiOwAcsxOc%2BmcKVnjr6oaUQi0jH9bs96gh3Ka0v32ifi%2BNPmwjbda6ag01cZBDKZcWXTkBsX9VkC%2ByHXGuLsydg8DQiqhXqnI3G349OWBC8kooxqSoutkMfdgJbIZGM7QEIdh6RdGdoCVvuYRFjQVVNA6EI9M6cjCV5W9Arls2oJA49QqtLh/j9b7n1O5EUr6gK5hMXcUlTcnC9D6sfqv/Kj7eBlKPB/cEbKmMyTvvJVmY3MiIBxQlJj8GGGs3WJT8dn2kTYJTLfLnvRmt4oGmbkC5ogTVfJDZZ%2BgAdHqYX4epC1VukkCXb6ENlwkragBhi7rDjcH8Knl8HS9HKLtstNq1VIDYAlFfJY82RQErcODUG2MwNCWBMjypA8Q/Sj25XHwPQeL5sjxdrt/bC%2BQKS1ue%2B8gZerkZd9w0t3UIOrbfPPisaYeCmTYIyBSPA1v3wE7Cw%2BYHFmhdhTZtPhs6ViJjBqlqqFz33iVi%2Bzc8LWEOTK0S405EH6MOlZFQwjQ9IKNd08VJaEnnyt2w8aa4Czv1KwFOLfxavvyixi9jMhzQaCosn3Q6itq5N7KfqOIpX/3toB%26p%3DX-BM-CBT: 1731598759User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 9ADB7F4B53A04B02BDC05661ECE4D0E4X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rszwPrLvACtc23F&MD=zB2GzbMC HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /.li/YWRhcnNoLm1hbGhvdHJhQGphdG8uY29t HTTP/1.1Host: stoneinstallations.net.auConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://stoneinstallations.net.au/.li/YWRhcnNoLm1hbGhvdHJhQGphdG8uY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=6u6m3cmrgdfibn4ppg36gukj32; preload=1; CR=7; z1=zzz; brw=wedrvfalse
Source: global traffic	HTTP traffic detected: GET /?c6tmIieee3BIGZZ4YWRhcnNoLm1hbGhvdHJhQGphdG8uY29thw7y8TM HTTP/1.1Host: butter.mnrov.eg-mart.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://stoneinstallations.net.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login HTTP/1.1Host: butter1.mnrov.eg-mart.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://stoneinstallations.net.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 HTTP/1.1Host: butter.mnrov.eg-mart.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://stoneinstallations.net.au/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fpc=As8-FCUdWYJOniJMOE9eVDI; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFehMDaCkEHJl95iOF4C7Xrda9-Or67sheJVn3EqkqYpyngYlw0bzdzpioEF9Q5o2bpLoZncUAvtbzveH4ataKofBSioXhkodH8o-RC8NzTHs9chMs6fGLfMCQ9lN3Qj63_TpVxqMlgeHA-OmWdSce9UEYylKKjmZuk1x2spTgANvMgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://butter.mnrov.eg-mart.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP/1.1Host: butter.mnrov.eg-mart.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://butter.mnrov.eg-mart.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fpc=As8-FCUdWYJOniJMOE9eVDI; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFehMDaCkEHJl95iOF4C7Xrda9-Or67sheJVn3EqkqYpyngYlw0bzdzpioEF9Q5o2bpLoZncUAvtbzveH4ataKofBSioXhkodH8o-RC8NzTHs9chMs6fGLfMCQ9lN3Qj63_TpVxqMlgeHA-OmWdSce9UEYylKKjmZuk1x2spTgANvMgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-JanPB47Zzx4=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeOgrWZOqrQ1uFsg9pHwAYLs57srf2d6Kdd__WOjYP9hSZswfxwnfgz3MfCVmDjmamp4lAtnhHdXZyQD8DNgUm_YOhIfeFzs65Pfop03rao2y7IEPZ8iZeP6MdwidpoY9qTKIXS1kzQOU-R5DFBU4bvSAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: butter.mnrov.eg-mart.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://butter.mnrov.eg-mart.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fpc=As8-FCUdWYJOniJMOE9eVDI; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFehMDaCkEHJl95iOF4C7Xrda9-Or67sheJVn3EqkqYpyngYlw0bzdzpioEF9Q5o2bpLoZncUAvtbzveH4ataKofBSioXhkodH8o-RC8NzTHs9chMs6fGLfMCQ9lN3Qj63_TpVxqMlgeHA-OmWdSce9UEYylKKjmZuk1x2spTgANvMgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-JanPB47Zzx4=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeOgrWZOqrQ1uFsg9pHwAYLs57srf2d6Kdd__WOjYP9hSZswfxwnfgz3MfCVmDjmamp4lAtnhHdXZyQD8DNgUm_YOhIfeFzs65Pfop03rao2y7IEPZ8iZeP6MdwidpoY9qTKIXS1kzQOU-R5DFBU4bvSAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://butter.mnrov.eg-mart.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: butter2.mnrov.eg-mart.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_IzDt-l0Cuie0gYRUoEk15w2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://butter.mnrov.eg-mart.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://butter.mnrov.eg-mart.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_IzDt-l0Cuie0gYRUoEk15w2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: butter2.mnrov.eg-mart.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uaid=cf4cea7dd6f64493aefbc2cfc9d84ae8; MSPRequ=id=N&lt=1731598780&co=1
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rszwPrLvACtc23F&MD=zB2GzbMC HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: butter.mnrov.eg-mart.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-JanPB47Zzx4=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeOgrWZOqrQ1uFsg9pHwAYLs57srf2d6Kdd__WOjYP9hSZswfxwnfgz3MfCVmDjmamp4lAtnhHdXZyQD8DNgUm_YOhIfeFzs65Pfop03rao2y7IEPZ8iZeP6MdwidpoY9qTKIXS1kzQOU-R5DFBU4bvSAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.ATQAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAA0AA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFeipCc4ldnS61jJLBkrluvKKjPhkbyjnm7FJb-rDg5hR4CxXPlbFma3FhlwQ5_7cbQA45yaCvZ_uF0aSaIVZoxJqjEdfJKv_MxBDaL_hD7Wd4gAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFezhwTsZEpQggFeYkQRv1HpP4yyZJelITyUo-TKUiV2Idv4ezzEHYhx7nupcdSPwX7TxLpCx_OLQeHgXCfyPIzpf5mISakq9mCP0OWEFaQuXfewqC6vxubsvbaZuxNsHot4mJJ63tSlE2AoLbZM1KjkxE7z5ezI6dGOLYx8VnXtEsgAA; esctx-iB8Pq6MyNGQ=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeMZ6diUzLG_ohrrKcqO5C8Wl88tOt2ObB-PTJZdX3Os-NF9Zdsl8i3vv09yhXFsZhb-VqoJJ6D81Nuf_kQQMqWso3cWSko8VzNqKbs76xIxuXBunFefHlEnpUx9WMhujsZppHiVglJ10YwcnUjEjJhyAA; fpc=As8-FCUdWYJOniJMOE9eVDK8Ae7AAQAAALoQyN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /jato.com/winauth/ssoprobe?client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&_=1731598791354 HTTP/1.1Host: autologon.microsoftazuread-sso.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_89db715e3340a2e8ecd8.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/instrumentation/dssostatus HTTP/1.1Host: butter.mnrov.eg-mart.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-JanPB47Zzx4=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeOgrWZOqrQ1uFsg9pHwAYLs57srf2d6Kdd__WOjYP9hSZswfxwnfgz3MfCVmDjmamp4lAtnhHdXZyQD8DNgUm_YOhIfeFzs65Pfop03rao2y7IEPZ8iZeP6MdwidpoY9qTKIXS1kzQOU-R5DFBU4bvSAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.ATQAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAA0AA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFeipCc4ldnS61jJLBkrluvKKjPhkbyjnm7FJb-rDg5hR4CxXPlbFma3FhlwQ5_7cbQA45yaCvZ_uF0aSaIVZoxJqjEdfJKv_MxBDaL_hD7Wd4gAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFezhwTsZEpQggFeYkQRv1HpP4yyZJelITyUo-TKUiV2Idv4ezzEHYhx7nupcdSPwX7TxLpCx_OLQeHgXCfyPIzpf5mISakq9mCP0OWEFaQuXfewqC6vxubsvbaZuxNsHot4mJJ63tSlE2AoLbZM1KjkxE7z5ezI6dGOLYx8VnXtEsgAA; esctx-iB8Pq6MyNGQ=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeMZ6diUzLG_ohrrKcqO5C8Wl88tOt2ObB-PTJZdX3Os-NF9Zdsl8i3vv09yhXFsZhb-VqoJJ6D81Nuf_kQQMqWso3cWSko8VzNqKbs76xIxuXBunFefHlEnpUx9WMhujsZppHiVglJ10YwcnUjEjJhyAA; fpc=As8-FCUdWYJOniJMOE9eVDK8Ae7AAQAAALoQyN4OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_89db715e3340a2e8ecd8.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-kvmpe46lae-jcs91vhnee67h2tbwkcjgakvyqk1j76s/logintenantbranding/0/illustration?ts=638633096749532030 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-kvmpe46lae-jcs91vhnee67h2tbwkcjgakvyqk1j76s/logintenantbranding/0/bannerlogo?ts=638633076084388030 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://butter.mnrov.eg-mart.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-kvmpe46lae-jcs91vhnee67h2tbwkcjgakvyqk1j76s/logintenantbranding/0/bannerlogo?ts=638633076084388030 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-kvmpe46lae-jcs91vhnee67h2tbwkcjgakvyqk1j76s/logintenantbranding/0/illustration?ts=638633096749532030 HTTP/1.1Host: aadcdn.msftauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Performs DNS lookups

Source: global traffic	DNS traffic detected: DNS query: www.google.ml
Source: global traffic	DNS traffic detected: DNS query: iestpcanipaco.edu.pe
Source: global traffic	DNS traffic detected: DNS query: stoneinstallations.net.au
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: butter.mnrov.eg-mart.com
Source: global traffic	DNS traffic detected: DNS query: butter1.mnrov.eg-mart.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: butter2.mnrov.eg-mart.com
Source: global traffic	DNS traffic detected: DNS query: autologon.microsoftazuread-sso.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauthimages.net

Posts data to webserver

Source: unknown

HTTP traffic detected: POST /common/GetCredentialType?mkt=en-US HTTP/1.1Host: butter.mnrov.eg-mart.comConnection: keep-aliveContent-Length: 1991sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"hpgrequestid: 1aba22a1-ac25-4d59-81a4-713653f54200sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36client-request-id: e4f51108-acbb-4b9c-b0ce-ee6009dc8e5bcanary: PAQABDgEAAADW6jl31mB3T7ugrWTT8pFerl-SgcwSXelm04RwmEABbAXiODw46VB0VZL5qXgJevw5J3XvxtLBKUZREiHNPaKdWaYXU7Wz2Xt30l_vWgE2rWvLwrUBUK4SZWfWsHL-CAsMqwV40uEjeou48pFVGDUX0fR5bC6uUYOi00Dg4hgWXEAcTMXnPgePvmohAJesl4f54WnmepNuxFTzTFjmhP9ONSRdx3QTC-vtUUiZl7eq8CAAContent-type: application/json; charset=UTF-8hpgid: 1104Accept: application/jsonhpgact: 1800sec-ch-ua-platform: "Windows"Origin: https://butter.mnrov.eg-mart.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://butter.mnrov.eg-mart.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fbutter1.mnrov.eg-mart.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638671955718237263.Mjk1MjhmMmQtYjE5NS00NGY1LTk4MzctZjFmOGMyNGI2ODZlMDViMDA3N2UtMTM0NS00YWVjLThkMzItZDVjNzVhMjUzZDA1&ui_locales=en-US&mkt=en-US&client-request-id=e4f51108-acbb-4b9c-b0ce-ee6009dc8e5b&state=t82KkN8qSrLC6URXxGdzdwPPGQUxDdOt5fnn77Wq5veWYrdD5gSLye_fXugX7AJv4pVjGGaVtiId25gWUs030S8Snr3gZnLbSN5zloepdfeyXTGHFWSy_eGGX39tvs6ekIfTwQckHIIpk2_MS0S8xCi-n_C4zK5mHoeSLQ4csVqknL3jgiLITpmCclwc0UP5vb_wyujPGMgfu5A7gZfAikeeqmGxZVMltiL0lAVKjWGhLI4Gi2BoZA4veN99aKaw20VhNhws6kXcS91LRbNWfA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-JanPB47Zzx4=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeOgrWZOqrQ1uFsg9pHwAYLs57srf2d6Kdd__WOjYP9hSZswfxwnfgz3MfCVmDjmamp4lAtnhHdXZyQD8DNgUm_YOhIfeFzs65Pfop03rao2y7IEPZ8iZeP6MdwidpoY9qTKIXS1kzQOU-R5DFBU4bvSAA; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.ATQAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAA0AA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFeipCc4ldnS61jJLBkrluvKKjPhkbyjnm7FJb-rDg5hR4CxXPlbFma3FhlwQ5_7cbQA45yaCvZ_uF0aSaIVZoxJqjEdfJKv_MxBDaL_hD7Wd4gAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFezhwTsZEpQggFeYkQRv1HpP4yyZJelITyUo-TKUiV2Idv4ezzEHYhx7nupcdSPwX7TxLpCx_OLQeHgXCfyPIzpf5mISakq9mCP0OWEFaQuXfewqC6vxubsvbaZuxNsHot4mJJ63tSlE2AoLbZM1KjkxE7z5ezI6dGOLYx8VnXtEsgAA; esctx-iB8Pq6MyNGQ=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeMZ6diUzLG_ohrrKcqO5C8Wl88tOt2ObB-PTJZdX3Os-NF9Zdsl8i3vv09yhXFsZhb-VqoJJ6D81Nuf_kQQMqWso3cWSko8VzNqKbs76xIxuXBunFefHlEnpUx9WMhujsZppHiVglJ10YwcnUjEjJhyAA; fpc=As8-FCUdWYJOniJMOE9eVDK8Ae7AAQAAALoQyN4OAAAA; brcap=0

Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable / 403 Forbidden)

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Thu, 14 Nov 2024 15:39:38 GMTContent-Length: 0Connection: closeCache-Control: privateNel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"Referrer-Policy: strict-origin-when-cross-originReport-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+frc"}]}Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyX-Ms-Ests-Server: 2.1.19343.4 - WEULR1 ProdSlicesX-Ms-Request-Id: afb8b147-52db-42fa-b75f-a462caa50c00X-Ms-Srs: 1.P

URLs found in memory or binary data

Source: chromecache_186.1.dr, chromecache_195.1.dr	String found in binary or memory: http://feross.org
Source: chromecache_205.1.dr, chromecache_178.1.dr, chromecache_182.1.dr, chromecache_187.1.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_205.1.dr, chromecache_178.1.dr, chromecache_182.1.dr, chromecache_187.1.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_181.1.dr, chromecache_170.1.dr	String found in binary or memory: https://butter.mnrov.eg-mart.com
Source: chromecache_180.1.dr, chromecache_172.1.dr, chromecache_186.1.dr, chromecache_174.1.dr, chromecache_205.1.dr, chromecache_206.1.dr, chromecache_178.1.dr, chromecache_182.1.dr, chromecache_187.1.dr, chromecache_176.1.dr, chromecache_195.1.dr, chromecache_190.1.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_181.1.dr, chromecache_170.1.dr	String found in binary or memory: https://login.windows-ppe.net

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 60552 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60546 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 60549 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60549
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60548
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60547
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60546
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60544
Source: unknown	Network traffic detected: HTTP traffic on port 60550 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60544 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60552
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60551
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60550
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60547 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60551 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60548 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62150
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62151
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62147
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62149

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 2.23.209.183:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:60546 version: TLS 1.2

System Summary

Classification label

Source: classification engine

Classification label: mal52.phis.win@24/67@28/10

Creates files inside the user directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Spawns processes

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1704,i,12455793612824541340,17080539977418563069,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.ml/url?fvg=1YI3fC8whlGPBCiMyiuQ&bhtBf=8EQhXbuMThqowIo0zyCX&sa=t&ndg=afydNw3nDHf9A6uq2MCH&url=amp%2Fiestpcanipaco.edu.pe%2F.r%2Fu1kOgE-SURELILYYWRhcnNoLm1hbGhvdHJhQGphdG8uY29t"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1704,i,12455793612824541340,17080539977418563069,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Windows shortcut file (LNK) contains relative path

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Boot Survival

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk			Jump to behavior