Windows Analysis Report
https://56.hanagibenewe.ru/Y7MD/

Overview

General Information

Sample URL:	https://56.hanagibenewe.ru/Y7MD/
Analysis ID:	1592548
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

AI detected suspicious Javascript

AI detected suspicious URL

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

AV Detection

Antivirus detection for URL or domain

Source: https://oyklhzam8qfhuphxxe6quntrnthjjp2djemp0sazasxbp2sqyq.gageodeg.ru/yeTaiyvoWfIoToESWgYLyIzyODLAMMBOZAAWVQZOPDTFIFVFPIOGGUZKZU

Avira URL Cloud: Label: malware

Phishing

AI detected suspicious Javascript

Source: 0.1.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://56.hanagibenewe.ru/Y7MD/... This script exhibits several high-risk behaviors, including detecting the presence of web automation tools, disabling common browser debugging and developer tools, and redirecting the user to a suspicious login page. These behaviors are highly indicative of malicious intent, such as attempting to bypass security measures and potentially steal user credentials.
Source: 0.0.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://56.hanagibenewe.ru/Y7MD/... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The script attempts to redirect the user to a suspicious domain and collects user credentials via XHR requests, which are clear indicators of malicious intent. Additionally, the script includes various anti-debugging and anti-detection mechanisms, further increasing the risk score.
Source: 0.2.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://56.hanagibenewe.ru/Y7MD/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and suspicious domain interactions. It uses the `turnstile.render()` function to render a form, and then the `tVbeRAyAuW()` function handles the form submission. This function collects user data, including the page link, and sends it to a suspicious domain (`OykLHzAM8qFHuPHxxE6QuntrNtHjjp2DjEmp0sazaSXBp2SQyq.gageodeg.ru`). If the response from this domain is '0', it then sends the form data to another suspicious domain (`../fjC2poqjpadwEYaWx9rH8ParefE8zp`). The script also includes obfuscated code and attempts to redirect the user to the `login.microsoftonline.com` domain, which is likely a phishing attempt. Overall, this script exhibits highly suspicious and malicious behavior, warranting a high-risk score.

AI detected suspicious URL

Source: URL

Joe Sandbox AI: AI detected IP in URL: https://56.hanagibenewe.ru

HTML body contains low number of good links

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0

HTTP Parser: Base64 decoded: eb62a5dd-9f88-4bb7-97a8-58a9dc89ec8f92f77f1a-0143-42b7-b933-983c4bd0d583

HTML title does not match URL

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://56.hanagibenewe.ru/Y7MD/	HTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No favicon

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49752 version: TLS 1.0

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: login.microsoftonline.com to https://www.office.com/login#
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: www.office.com to https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3a%2f%2fwww.office.com%2flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3a%2f%2fwww.office.com%2fv2%2fofficehome.all&response_mode=form_post&nonce=638726124374492471.zwi2mme1zgqtowy4oc00ymi3ltk3ytgtnthhowrjodllyzhmotjmnzdmmwetmde0my00mmi3lwi5mzmtotgzyzrizdbkntgz&ui_locales=en-us&mkt=en-us&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=bxnrqkx-exoygf3jufnn0j9udvvssev3zw5h59jafvtmxbt0zrhp-5dbevqbmvewpvkqysxz4gve2_ql1cx1rcqlxnzzlj-gxaqlmwkx9sawpfrq-06qdthtpxp__cmngssu3mamixvo5tjmvqcsl4dnueifz23yrtxzftcmgh54aqaasnelahc7oenqn9gu5xjoxghz_9sludc2aa0y2swqlhdwbmosf9je9nbs9ozo9sb0p8tba1fqzy6btlxybs59raa39y6uyfihyohnwa&x-client-sku=id_net8_0&x-client-ver=7.5.1.0

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49752 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /Y7MD/ HTTP/1.1Host: 56.hanagibenewe.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://56.hanagibenewe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://56.hanagibenewe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://56.hanagibenewe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e0c90b6a3ed1/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://56.hanagibenewe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e0c90b6a3ed1/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/p7h9d/0x4AAAAAAA5D2nHjAPlCZ2mF/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://56.hanagibenewe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=902caf840eaa7ce8&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/p7h9d/0x4AAAAAAA5D2nHjAPlCZ2mF/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/p7h9d/0x4AAAAAAA5D2nHjAPlCZ2mF/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 56.hanagibenewe.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://56.hanagibenewe.ru/Y7MD/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJOTm1BYnFIRjRMOEFWb3VZUklzbHc9PSIsInZhbHVlIjoiemF2elZveUJPbUpLNThJZEVhNkFuWjB2cWJjMm1wNXBvVEJVV21nZlFpVDdmUncrWWJKcHZ1UHlLbnR0SGdvTHpJcFQxcnprb20reTZYZ1E4aThTVXk5VlJaM3VUeVJhMmRGV2ZDc1JrWmE1elp5R2tCQkhnbFhHbUxWUFVJTEMiLCJtYWMiOiJiNDE0MmMyNjNkODQ3NDcyZDdkMjZmMWJkMzE3YTA1NGEwZDJhMzcyYzY2NTkxZmIyM2QyMDkxMWZjMzYyNjdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV2WlBCMnRNRkljcXBtR3Z5RnRqZVE9PSIsInZhbHVlIjoiZXZGSnY1a3llVTAvRGM0NjRCUVIxamQ1bUJXc2w0NVhGYmZUVW1DTzdpUkowSW1GUVd6V2VkQm9JMEVCQ25JRlhNSmpVbTRGcU1WbG9CUVVkdjVGY0VWMlVNbllVaE1BZTNUTnVJUEhUQlpWbG56K090ZGVNWkpoUnBKenFqaVMiLCJtYWMiOiJjYmNiOWMxMWE3MjNmNWJmMzRkYjlkMjYyYzZkZDI5MTkxOGQzOGEyYjlmNmU1NjFjZDMwOGRiMmI2NGQ0MmQwIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=902caf840eaa7ce8&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1605127115:1737012352:4BXwnbtKrd766rOBoKJPowV747GdyIl9mVNQ9Ho_ywc/902caf840eaa7ce8/1F5Cxy3acQDSD_maJ2Q.C7xfmqEQ185sOhiXUEHS_w8-1737015619-1.1.1.1-Yyo.hmxqCBlzU9CQF9n2ytO._FxQAZNm3xME0QZrqZYaRcPGbk12itfJZ8VfdD4c HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/902caf840eaa7ce8/1737015620917/06803e07f083093b506a25e32cdcc8bb25dfdadec1b4ca42befeb10fcc321d4d/ZZbdEoB7MOUJd5H HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/p7h9d/0x4AAAAAAA5D2nHjAPlCZ2mF/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/902caf840eaa7ce8/1737015620919/TS7ZMPQmxY7bcfQ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/p7h9d/0x4AAAAAAA5D2nHjAPlCZ2mF/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/902caf840eaa7ce8/1737015620919/TS7ZMPQmxY7bcfQ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1605127115:1737012352:4BXwnbtKrd766rOBoKJPowV747GdyIl9mVNQ9Ho_ywc/902caf840eaa7ce8/1F5Cxy3acQDSD_maJ2Q.C7xfmqEQ185sOhiXUEHS_w8-1737015619-1.1.1.1-Yyo.hmxqCBlzU9CQF9n2ytO._FxQAZNm3xME0QZrqZYaRcPGbk12itfJZ8VfdD4c HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1605127115:1737012352:4BXwnbtKrd766rOBoKJPowV747GdyIl9mVNQ9Ho_ywc/902caf840eaa7ce8/1F5Cxy3acQDSD_maJ2Q.C7xfmqEQ185sOhiXUEHS_w8-1737015619-1.1.1.1-Yyo.hmxqCBlzU9CQF9n2ytO._FxQAZNm3xME0QZrqZYaRcPGbk12itfJZ8VfdD4c HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /yeTaiyvoWfIoToESWgYLyIzyODLAMMBOZAAWVQZOPDTFIFVFPIOGGUZKZU HTTP/1.1Host: oyklhzam8qfhuphxxe6quntrnthjjp2djemp0sazasxbp2sqyq.gageodeg.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://56.hanagibenewe.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://56.hanagibenewe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /yeTaiyvoWfIoToESWgYLyIzyODLAMMBOZAAWVQZOPDTFIFVFPIOGGUZKZU HTTP/1.1Host: oyklhzam8qfhuphxxe6quntrnthjjp2djemp0sazasxbp2sqyq.gageodeg.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://56.hanagibenewe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login HTTP/1.1Host: www.office.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://56.hanagibenewe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://56.hanagibenewe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fpc=Ah2mxvmYW6hHh5mjBN3488I; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE673V9FfGFcdE0ly37y6_4pjfgWRpDJs2Tc9R6KZfQaPT6aoNkYBEoxbIpdtShAgVKQhji_ukJid1GpTRxvGmRVZKlg74F0OIrRz0NjSkcpvbVS6jIVLLqdf_BGNO8XMA4iTpcoZf6Uf73_LHiEhHuAV0iMLlSNXlPq_YbEK5ItIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fpc=Ah2mxvmYW6hHh5mjBN3488I; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE673V9FfGFcdE0ly37y6_4pjfgWRpDJs2Tc9R6KZfQaPT6aoNkYBEoxbIpdtShAgVKQhji_ukJid1GpTRxvGmRVZKlg74F0OIrRz0NjSkcpvbVS6jIVLLqdf_BGNO8XMA4iTpcoZf6Uf73_LHiEhHuAV0iMLlSNXlPq_YbEK5ItIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-U6EDcUQ9DgQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEkS-Q0uQ4TjjVzMVNFwWbKIJL9BPWyss2XE1eiaga3SrvlhTF1Mvmx5jfgJiKC80jVaxyNtbYOWMWteacDNbTh1lsWzCjMabjresuFK7iDYKApGpQ4S-vaUW58U-s3RxJTt5RP01gql4Tfa0_KujZcSAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fpc=Ah2mxvmYW6hHh5mjBN3488I; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE673V9FfGFcdE0ly37y6_4pjfgWRpDJs2Tc9R6KZfQaPT6aoNkYBEoxbIpdtShAgVKQhji_ukJid1GpTRxvGmRVZKlg74F0OIrRz0NjSkcpvbVS6jIVLLqdf_BGNO8XMA4iTpcoZf6Uf73_LHiEhHuAV0iMLlSNXlPq_YbEK5ItIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-U6EDcUQ9DgQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEkS-Q0uQ4TjjVzMVNFwWbKIJL9BPWyss2XE1eiaga3SrvlhTF1Mvmx5jfgJiKC80jVaxyNtbYOWMWteacDNbTh1lsWzCjMabjresuFK7iDYKApGpQ4S-vaUW58U-s3RxJTt5RP01gql4Tfa0_KujZcSAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 56.hanagibenewe.ru
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: oyklhzam8qfhuphxxe6quntrnthjjp2djemp0sazasxbp2sqyq.gageodeg.ru
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: www.office.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1605127115:1737012352:4BXwnbtKrd766rOBoKJPowV747GdyIl9mVNQ9Ho_ywc/902caf840eaa7ce8/1F5Cxy3acQDSD_maJ2Q.C7xfmqEQ185sOhiXUEHS_w8-1737015619-1.1.1.1-Yyo.hmxqCBlzU9CQF9n2ytO._FxQAZNm3xME0QZrqZYaRcPGbk12itfJZ8VfdD4c HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 3204sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedCF-Chl-RetryAttempt: 0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: 1F5Cxy3acQDSD_maJ2Q.C7xfmqEQ185sOhiXUEHS_w8-1737015619-1.1.1.1-Yyo.hmxqCBlzU9CQF9n2ytO._FxQAZNm3xME0QZrqZYaRcPGbk12itfJZ8VfdD4csec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/p7h9d/0x4AAAAAAA5D2nHjAPlCZ2mF/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:20:20 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GtRgaigRntOdmFOFRSYz%2FKEAFeIqzMNTOUkCjVxFEFJgP5X9FTT7UqH0bLCOY1Zk%2B%2B8%2B%2BOqj7N02ZMr9stlxUDsYEr%2FZHi1ZjfRsLLPnhhlzsN%2FJQgMU1VlfQTd4gA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=5048&min_rtt=5005&rtt_var=1487&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2237&delivery_rate=542269&cwnd=228&unsent_bytes=0&cid=d01d45ba3f4da604&ts=154&x=0"CF-Cache-Status: MISSServer: cloudflareCF-RAY: 902caf8afd0ac32e-EWRserver-timing: cfL4;desc="?proto=TCP&rtt=1476&min_rtt=1475&rtt_var=557&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1898&delivery_rate=1959731&cwnd=178&unsent_bytes=0&cid=fade22bf33827ac2&ts=3902&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsX-Content-Type-Options: nosniffP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 95ee8bcc-1631-4a79-a238-d48ee0feaf00x-ms-ests-server: 2.1.19870.3 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originContent-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-K-g14_FQms7AXCo0Y_q_ZA' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-AllX-XSS-Protection: 0Date: Thu, 16 Jan 2025 08:20:39 GMTConnection: closeContent-Length: 0

Source: chromecache_96.2.dr, chromecache_88.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_96.2.dr, chromecache_88.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: classification engine

Classification label: mal56.win@20/74@36/16

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1972,i,3349844353704011253,6770722091847730992,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://56.hanagibenewe.ru/Y7MD/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1972,i,3349844353704011253,6770722091847730992,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.6.156	b-0004.b-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.94.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
20.190.160.14	www.tm.ak.prd.aadg.trafficmanager.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.21.112.1	unknown	United States	13335	CLOUDFLARENETUS	false
104.21.96.1	56.hanagibenewe.ru	United States	13335	CLOUDFLARENETUS	true
151.101.66.137	code.jquery.com	United States	54113	FASTLYUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.17.24.14	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.185.68	www.google.com	United States	15169	GOOGLEUS	false
104.21.16.1	oyklhzam8qfhuphxxe6quntrnthjjp2djemp0sazasxbp2sqyq.gageodeg.ru	United States	13335	CLOUDFLARENETUS	false
104.18.95.41	unknown	United States	13335	CLOUDFLARENETUS	false
151.101.2.137	unknown	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
2.18.64.215	a1894.dscb.akamai.net	European Union	6057	AdministracionNacionaldeTelecomunicacionesUY	false

Private

IP
192.168.2.5

Contacted Domains

Name	IP	Active
www.tm.ak.prd.aadg.trafficmanager.net	20.190.160.14	true
a.nel.cloudflare.com	35.190.80.1	true
e329293.dscd.akamaiedge.net	2.23.209.34	true
b-0004.b-msedge.net	13.107.6.156	true
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true
s-part-0017.t-0009.fb-t-msedge.net	13.107.253.45	true
a1894.dscb.akamai.net	2.18.64.215	true
code.jquery.com	151.101.66.137	true
cdnjs.cloudflare.com	104.17.25.14	true
challenges.cloudflare.com	104.18.94.41	true
56.hanagibenewe.ru	104.21.96.1	true
www.google.com	142.250.185.68	true
oyklhzam8qfhuphxxe6quntrnthjjp2djemp0sazasxbp2sqyq.gageodeg.ru	104.21.16.1	true
www.office.com	unknown	unknown
identity.nel.measure.office.net	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
login.microsoftonline.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://56.hanagibenewe.ru/Y7MD/	true		unknown
https://login.microsoftonline.com/	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1	false		high
https://login.microsoftonline.com/common/GetCredentialType?mkt=en-US	false		high
https://code.jquery.com/jquery-3.6.0.min.js	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/p7h9d/0x4AAAAAAA5D2nHjAPlCZ2mF/auto/fbE/normal/auto/	false		high
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	false		high
https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=902caf840eaa7ce8&lang=auto	false		high
https://login.microsoftonline.com/favicon.ico	false		high
https://challenges.cloudflare.com/turnstile/v0/b/e0c90b6a3ed1/api.js	false		high
https://56.hanagibenewe.ru/favicon.ico	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1605127115:1737012352:4BXwnbtKrd766rOBoKJPowV747GdyIl9mVNQ9Ho_ywc/902caf840eaa7ce8/1F5Cxy3acQDSD_maJ2Q.C7xfmqEQ185sOhiXUEHS_w8-1737015619-1.1.1.1-Yyo.hmxqCBlzU9CQF9n2ytO._FxQAZNm3xME0QZrqZYaRcPGbk12itfJZ8VfdD4c	false		high
https://www.office.com/login	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/902caf840eaa7ce8/1737015620919/TS7ZMPQmxY7bcfQ	false		high
https://a.nel.cloudflare.com/report/v4?s=GtRgaigRntOdmFOFRSYz%2FKEAFeIqzMNTOUkCjVxFEFJgP5X9FTT7UqH0bLCOY1Zk%2B%2B8%2B%2BOqj7N02ZMr9stlxUDsYEr%2FZHi1ZjfRsLLPnhhlzsN%2FJQgMU1VlfQTd4gA%3D%3D	false		high
https://oyklhzam8qfhuphxxe6quntrnthjjp2djemp0sazasxbp2sqyq.gageodeg.ru/yeTaiyvoWfIoToESWgYLyIzyODLAMMBOZAAWVQZOPDTFIFVFPIOGGUZKZU	false	Avira URL Cloud: malware	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/902caf840eaa7ce8/1737015620917/06803e07f083093b506a25e32cdcc8bb25dfdadec1b4ca42befeb10fcc321d4d/ZZbdEoB7MOUJd5H	false		high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 07:20:11 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	D001A5958070C2C37F795AE8C8BF30ED	2FF66BB57980FED939933F71021256A6E145E980	FAAB1121391955AA0CBA85B6B577E58B8523C6C2EACF80DCAE9852E3F2E84DDF
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 07:20:11 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	2FAAE1985ACF7D080D96EB15F68B7E57	1782A4E0B0A89FD32B7E3830150287AF40C2B41C	F2AB8C49F08E726020ACAEF9FE5A8B0AA5161425D450A6411BA5448EFB6B9C34
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	BBEE61FED9135426E9E9B7F3057E8272	A9E486F173CE78489DCA10F4A4FB60D3368960D3	A9834D39F9A23EA9F1336BCE56406F8BB025E0A47A2C81CF012895D67CDB5231
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 07:20:11 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	2A7C1EB395BA673D483E56D0B8FA953C	9BE44AE24E616472E17934944653FD83A7B887C7	8C9899BD3CE9ED92357B5FFC195716B27F177F0C9D8EA08B24C93926249ECEFB
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 07:20:11 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	1DAF6C4B2DE66387C5891B001D7F9239	435E9F1F3B1725A268C3DDFC8ABE7CC8B87CECAF	A5E305F3EFE1EEE7B66D99CBFC9A81A58267B2FEEEBC09E7054268C45CEDF36D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 07:20:11 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	3E715BD3CDD360E3E5F1E02FF8EC8E91	4D7187613CA43426DBDEE0ADD58AB518D9B22CCF	ADB9E613519951DD51716887C92DA39DDBCFEE4938A2D83C6EF03C8D20E44521
Chrome Cache Entry: 100	ASCII text, with very long lines (48316), with no line terminators	2CA03AD87885AB983541092B87ADB299	1A17F60BF776A8C468A185C1E8E985C41A50DC27	8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
Chrome Cache Entry: 101	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 102	ASCII text, with very long lines (47520)	7C92EC9D1395055CE0405A32607C7291	4EF0060484503E7A3D005254484D5A7FACF42F27	A0DDAE0FB79C4A4A66D8613157A0703771FA9BE1A75790FCCF5EEEBAA329788B
Chrome Cache Entry: 103	very short file (no magic)	C4CA4238A0B923820DCC509A6F75849B	356A192B7913B04C54574D18C28D46E6395428AB	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
Chrome Cache Entry: 104	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15755	28CE5BF8BACB96D1C2CFA0092145C6EE	303A4629C4467AF2C551EC9E6353464C8C25827D	6B89EEC14865DB53FE20FB3C70B0853362E21669DACE19C06172F673B2EDC5CD
Chrome Cache Entry: 105	ASCII text, with no line terminators	9872BE83FA60DA999B65A3BD481731D3	B59A8688C6A0D5311C6410A0D91537084E148F2D	5DEE42A8D755847C0813D4E5F033F51197B20DD3C6C2EE4FBE31FD27B2F593D3
Chrome Cache Entry: 106	very short file (no magic)	C4CA4238A0B923820DCC509A6F75849B	356A192B7913B04C54574D18C28D46E6395428AB	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
Chrome Cache Entry: 107	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 108	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 109	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769	171A4DD9400708B88724B57D62B24A6A	9C6F1303B8F02FCE18D20EC9CADA11D38D0C4B37	EA00750636C11DBD4FA3ACB1B3CDCBAE3EFA43F6B6C3753444B6D6A242AE9336
Chrome Cache Entry: 110	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 111	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 454821	9CDA699A84CA8729FAF194B8EFDDF6C0	804F83F5225243951178A1F785AF2B897B87ACA5	A7C6A8173409765CFCAA6925CBF2CA7732ECC5B353FC8274746FA4BF4A1CABC4
Chrome Cache Entry: 112	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 454821	9CDA699A84CA8729FAF194B8EFDDF6C0	804F83F5225243951178A1F785AF2B897B87ACA5	A7C6A8173409765CFCAA6925CBF2CA7732ECC5B353FC8274746FA4BF4A1CABC4
Chrome Cache Entry: 113	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 114	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 115	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 116	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 142534	E16AC075AC754DBD1CF969508220E30D	69A91FF7A1C044231D6D28B4DD4C6AD3D34F2A50	E8AC3DCEF9E67CC776542A40C71B719D41668DF41D294C1A49A5AD23C5A5B5EC
Chrome Cache Entry: 117	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113424	3BA4D76A17ADD0A6C34EE696F28C8541	5E8A4B8334539A7EAB798A7799F6E232016CB263	17D6FF63DD857A72F37292B5906B40DC087EA27D7B1DEFCFA6DD1BA82AEA0B59
Chrome Cache Entry: 118	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 119	HTML document, ASCII text, with very long lines (7481), with CRLF line terminators	E1278563EA1D5DB3A85EC7294C600025	DA1A116379164B5996C694CA42031BFF6B5CCCCE	057FC0D387EEF85A59D5F9E189EE64F8A2E0866BC63C689769F1D627085B6C41
Chrome Cache Entry: 120	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15755	28CE5BF8BACB96D1C2CFA0092145C6EE	303A4629C4467AF2C551EC9E6353464C8C25827D	6B89EEC14865DB53FE20FB3C70B0853362E21669DACE19C06172F673B2EDC5CD
Chrome Cache Entry: 121	ASCII text, with very long lines (47520)	7C92EC9D1395055CE0405A32607C7291	4EF0060484503E7A3D005254484D5A7FACF42F27	A0DDAE0FB79C4A4A66D8613157A0703771FA9BE1A75790FCCF5EEEBAA329788B
Chrome Cache Entry: 122	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769	171A4DD9400708B88724B57D62B24A6A	9C6F1303B8F02FCE18D20EC9CADA11D38D0C4B37	EA00750636C11DBD4FA3ACB1B3CDCBAE3EFA43F6B6C3753444B6D6A242AE9336
Chrome Cache Entry: 123	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 124	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 125	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 126	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 127	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57678	FC8A7FB6FB26ADEB81D76A33DA13B815	ADEF9857A4FC698836B613252AE8B1FC0EC199DE	A3D6351A6E93FC23C2A3ABFFCBDC847D42B8781DBFFBCCEEF4FEF72E0D5D4A14
Chrome Cache Entry: 128	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 142534	E16AC075AC754DBD1CF969508220E30D	69A91FF7A1C044231D6D28B4DD4C6AD3D34F2A50	E8AC3DCEF9E67CC776542A40C71B719D41668DF41D294C1A49A5AD23C5A5B5EC
Chrome Cache Entry: 85	ASCII text, with very long lines (48316), with no line terminators	2CA03AD87885AB983541092B87ADB299	1A17F60BF776A8C468A185C1E8E985C41A50DC27	8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
Chrome Cache Entry: 86	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152	C1E82BF71ADD622AD0F3BF8572F634FC	6CA863D4CAB96669202548D301693B3F5F80B0D5	BA48AF15D297DB450DC4870242482145ADDB2D18375A4871C490429E2DC5464A
Chrome Cache Entry: 87	PNG image data, 30 x 29, 8-bit/color RGB, non-interlaced	1E93C5E32B8B31ACA07028A86C2FF838	95DB9BE8EE82119F66D7BAC319C5E08223F67A09	360925864BE6D54249FBB95D1946DF2F763E71695EF1D49FAFBB4C2FDFC7CC63
Chrome Cache Entry: 88	HTML document, ASCII text, with very long lines (3450), with CRLF line terminators	CB06E9A552B197D5C0EA600B431A3407	04E167433F2F1038C78F387F8A166BB6542C2008	1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
Chrome Cache Entry: 89	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152	C1E82BF71ADD622AD0F3BF8572F634FC	6CA863D4CAB96669202548D301693B3F5F80B0D5	BA48AF15D297DB450DC4870242482145ADDB2D18375A4871C490429E2DC5464A
Chrome Cache Entry: 90	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 91	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986	7570EB58C2BCE45B24EA431EB15D27B5	0DE0A6616E6BF7B045CFC456E4E3DF6760617CFA	5AEE6747482DFC52A669CAED6BE1B9319536AC9514C2D7354B879F093ABB212A
Chrome Cache Entry: 92	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 93	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986	7570EB58C2BCE45B24EA431EB15D27B5	0DE0A6616E6BF7B045CFC456E4E3DF6760617CFA	5AEE6747482DFC52A669CAED6BE1B9319536AC9514C2D7354B879F093ABB212A
Chrome Cache Entry: 94	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 95	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 96	HTML document, ASCII text, with very long lines (3450), with CRLF line terminators	CB06E9A552B197D5C0EA600B431A3407	04E167433F2F1038C78F387F8A166BB6542C2008	1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
Chrome Cache Entry: 97	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57678	FC8A7FB6FB26ADEB81D76A33DA13B815	ADEF9857A4FC698836B613252AE8B1FC0EC199DE	A3D6351A6E93FC23C2A3ABFFCBDC847D42B8781DBFFBCCEEF4FEF72E0D5D4A14
Chrome Cache Entry: 98	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 99	PNG image data, 30 x 29, 8-bit/color RGB, non-interlaced	1E93C5E32B8B31ACA07028A86C2FF838	95DB9BE8EE82119F66D7BAC319C5E08223F67A09	360925864BE6D54249FBB95D1946DF2F763E71695EF1D49FAFBB4C2FDFC7CC63

AV Detection

Antivirus detection for URL or domain

Source: https://oyklhzam8qfhuphxxe6quntrnthjjp2djemp0sazasxbp2sqyq.gageodeg.ru/yeTaiyvoWfIoToESWgYLyIzyODLAMMBOZAAWVQZOPDTFIFVFPIOGGUZKZU

Avira URL Cloud: Label: malware

Phishing

AI detected suspicious Javascript

Source: 0.1.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://56.hanagibenewe.ru/Y7MD/... This script exhibits several high-risk behaviors, including detecting the presence of web automation tools, disabling common browser debugging and developer tools, and redirecting the user to a suspicious login page. These behaviors are highly indicative of malicious intent, such as attempting to bypass security measures and potentially steal user credentials.
Source: 0.0.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://56.hanagibenewe.ru/Y7MD/... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The script attempts to redirect the user to a suspicious domain and collects user credentials via XHR requests, which are clear indicators of malicious intent. Additionally, the script includes various anti-debugging and anti-detection mechanisms, further increasing the risk score.
Source: 0.2.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://56.hanagibenewe.ru/Y7MD/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and suspicious domain interactions. It uses the `turnstile.render()` function to render a form, and then the `tVbeRAyAuW()` function handles the form submission. This function collects user data, including the page link, and sends it to a suspicious domain (`OykLHzAM8qFHuPHxxE6QuntrNtHjjp2DjEmp0sazaSXBp2SQyq.gageodeg.ru`). If the response from this domain is '0', it then sends the form data to another suspicious domain (`../fjC2poqjpadwEYaWx9rH8ParefE8zp`). The script also includes obfuscated code and attempts to redirect the user to the `login.microsoftonline.com` domain, which is likely a phishing attempt. Overall, this script exhibits highly suspicious and malicious behavior, warranting a high-risk score.

AI detected suspicious URL

Source: URL

Joe Sandbox AI: AI detected IP in URL: https://56.hanagibenewe.ru

HTML body contains low number of good links

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

HTTP Parser: Base64 decoded: eb62a5dd-9f88-4bb7-97a8-58a9dc89ec8f92f77f1a-0143-42b7-b933-983c4bd0d583

HTML title does not match URL

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://56.hanagibenewe.ru/Y7MD/	HTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No favicon

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49752 version: TLS 1.0

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: login.microsoftonline.com to https://www.office.com/login#
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: www.office.com to https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3a%2f%2fwww.office.com%2flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3a%2f%2fwww.office.com%2fv2%2fofficehome.all&response_mode=form_post&nonce=638726124374492471.zwi2mme1zgqtowy4oc00ymi3ltk3ytgtnthhowrjodllyzhmotjmnzdmmwetmde0my00mmi3lwi5mzmtotgzyzrizdbkntgz&ui_locales=en-us&mkt=en-us&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=bxnrqkx-exoygf3jufnn0j9udvvssev3zw5h59jafvtmxbt0zrhp-5dbevqbmvewpvkqysxz4gve2_ql1cx1rcqlxnzzlj-gxaqlmwkx9sawpfrq-06qdthtpxp__cmngssu3mamixvo5tjmvqcsl4dnueifz23yrtxzftcmgh54aqaasnelahc7oenqn9gu5xjoxghz_9sludc2aa0y2swqlhdwbmosf9je9nbs9ozo9sb0p8tba1fqzy6btlxybs59raa39y6uyfihyohnwa&x-client-sku=id_net8_0&x-client-ver=7.5.1.0

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49752 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /Y7MD/ HTTP/1.1Host: 56.hanagibenewe.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://56.hanagibenewe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://56.hanagibenewe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://56.hanagibenewe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e0c90b6a3ed1/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://56.hanagibenewe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/e0c90b6a3ed1/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/p7h9d/0x4AAAAAAA5D2nHjAPlCZ2mF/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://56.hanagibenewe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=902caf840eaa7ce8&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/p7h9d/0x4AAAAAAA5D2nHjAPlCZ2mF/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/p7h9d/0x4AAAAAAA5D2nHjAPlCZ2mF/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 56.hanagibenewe.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://56.hanagibenewe.ru/Y7MD/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InJOTm1BYnFIRjRMOEFWb3VZUklzbHc9PSIsInZhbHVlIjoiemF2elZveUJPbUpLNThJZEVhNkFuWjB2cWJjMm1wNXBvVEJVV21nZlFpVDdmUncrWWJKcHZ1UHlLbnR0SGdvTHpJcFQxcnprb20reTZYZ1E4aThTVXk5VlJaM3VUeVJhMmRGV2ZDc1JrWmE1elp5R2tCQkhnbFhHbUxWUFVJTEMiLCJtYWMiOiJiNDE0MmMyNjNkODQ3NDcyZDdkMjZmMWJkMzE3YTA1NGEwZDJhMzcyYzY2NTkxZmIyM2QyMDkxMWZjMzYyNjdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlV2WlBCMnRNRkljcXBtR3Z5RnRqZVE9PSIsInZhbHVlIjoiZXZGSnY1a3llVTAvRGM0NjRCUVIxamQ1bUJXc2w0NVhGYmZUVW1DTzdpUkowSW1GUVd6V2VkQm9JMEVCQ25JRlhNSmpVbTRGcU1WbG9CUVVkdjVGY0VWMlVNbllVaE1BZTNUTnVJUEhUQlpWbG56K090ZGVNWkpoUnBKenFqaVMiLCJtYWMiOiJjYmNiOWMxMWE3MjNmNWJmMzRkYjlkMjYyYzZkZDI5MTkxOGQzOGEyYjlmNmU1NjFjZDMwOGRiMmI2NGQ0MmQwIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=902caf840eaa7ce8&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1605127115:1737012352:4BXwnbtKrd766rOBoKJPowV747GdyIl9mVNQ9Ho_ywc/902caf840eaa7ce8/1F5Cxy3acQDSD_maJ2Q.C7xfmqEQ185sOhiXUEHS_w8-1737015619-1.1.1.1-Yyo.hmxqCBlzU9CQF9n2ytO._FxQAZNm3xME0QZrqZYaRcPGbk12itfJZ8VfdD4c HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/902caf840eaa7ce8/1737015620917/06803e07f083093b506a25e32cdcc8bb25dfdadec1b4ca42befeb10fcc321d4d/ZZbdEoB7MOUJd5H HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/p7h9d/0x4AAAAAAA5D2nHjAPlCZ2mF/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/902caf840eaa7ce8/1737015620919/TS7ZMPQmxY7bcfQ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/p7h9d/0x4AAAAAAA5D2nHjAPlCZ2mF/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/902caf840eaa7ce8/1737015620919/TS7ZMPQmxY7bcfQ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1605127115:1737012352:4BXwnbtKrd766rOBoKJPowV747GdyIl9mVNQ9Ho_ywc/902caf840eaa7ce8/1F5Cxy3acQDSD_maJ2Q.C7xfmqEQ185sOhiXUEHS_w8-1737015619-1.1.1.1-Yyo.hmxqCBlzU9CQF9n2ytO._FxQAZNm3xME0QZrqZYaRcPGbk12itfJZ8VfdD4c HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1605127115:1737012352:4BXwnbtKrd766rOBoKJPowV747GdyIl9mVNQ9Ho_ywc/902caf840eaa7ce8/1F5Cxy3acQDSD_maJ2Q.C7xfmqEQ185sOhiXUEHS_w8-1737015619-1.1.1.1-Yyo.hmxqCBlzU9CQF9n2ytO._FxQAZNm3xME0QZrqZYaRcPGbk12itfJZ8VfdD4c HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /yeTaiyvoWfIoToESWgYLyIzyODLAMMBOZAAWVQZOPDTFIFVFPIOGGUZKZU HTTP/1.1Host: oyklhzam8qfhuphxxe6quntrnthjjp2djemp0sazasxbp2sqyq.gageodeg.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://56.hanagibenewe.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://56.hanagibenewe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /yeTaiyvoWfIoToESWgYLyIzyODLAMMBOZAAWVQZOPDTFIFVFPIOGGUZKZU HTTP/1.1Host: oyklhzam8qfhuphxxe6quntrnthjjp2djemp0sazasxbp2sqyq.gageodeg.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://56.hanagibenewe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login HTTP/1.1Host: www.office.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://56.hanagibenewe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://56.hanagibenewe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fpc=Ah2mxvmYW6hHh5mjBN3488I; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE673V9FfGFcdE0ly37y6_4pjfgWRpDJs2Tc9R6KZfQaPT6aoNkYBEoxbIpdtShAgVKQhji_ukJid1GpTRxvGmRVZKlg74F0OIrRz0NjSkcpvbVS6jIVLLqdf_BGNO8XMA4iTpcoZf6Uf73_LHiEhHuAV0iMLlSNXlPq_YbEK5ItIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fpc=Ah2mxvmYW6hHh5mjBN3488I; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE673V9FfGFcdE0ly37y6_4pjfgWRpDJs2Tc9R6KZfQaPT6aoNkYBEoxbIpdtShAgVKQhji_ukJid1GpTRxvGmRVZKlg74F0OIrRz0NjSkcpvbVS6jIVLLqdf_BGNO8XMA4iTpcoZf6Uf73_LHiEhHuAV0iMLlSNXlPq_YbEK5ItIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-U6EDcUQ9DgQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEkS-Q0uQ4TjjVzMVNFwWbKIJL9BPWyss2XE1eiaga3SrvlhTF1Mvmx5jfgJiKC80jVaxyNtbYOWMWteacDNbTh1lsWzCjMabjresuFK7iDYKApGpQ4S-vaUW58U-s3RxJTt5RP01gql4Tfa0_KujZcSAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fpc=Ah2mxvmYW6hHh5mjBN3488I; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE673V9FfGFcdE0ly37y6_4pjfgWRpDJs2Tc9R6KZfQaPT6aoNkYBEoxbIpdtShAgVKQhji_ukJid1GpTRxvGmRVZKlg74F0OIrRz0NjSkcpvbVS6jIVLLqdf_BGNO8XMA4iTpcoZf6Uf73_LHiEhHuAV0iMLlSNXlPq_YbEK5ItIgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; esctx-U6EDcUQ9DgQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEkS-Q0uQ4TjjVzMVNFwWbKIJL9BPWyss2XE1eiaga3SrvlhTF1Mvmx5jfgJiKC80jVaxyNtbYOWMWteacDNbTh1lsWzCjMabjresuFK7iDYKApGpQ4S-vaUW58U-s3RxJTt5RP01gql4Tfa0_KujZcSAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 56.hanagibenewe.ru
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: oyklhzam8qfhuphxxe6quntrnthjjp2djemp0sazasxbp2sqyq.gageodeg.ru
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: www.office.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 08:20:20 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GtRgaigRntOdmFOFRSYz%2FKEAFeIqzMNTOUkCjVxFEFJgP5X9FTT7UqH0bLCOY1Zk%2B%2B8%2B%2BOqj7N02ZMr9stlxUDsYEr%2FZHi1ZjfRsLLPnhhlzsN%2FJQgMU1VlfQTd4gA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=5048&min_rtt=5005&rtt_var=1487&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2237&delivery_rate=542269&cwnd=228&unsent_bytes=0&cid=d01d45ba3f4da604&ts=154&x=0"CF-Cache-Status: MISSServer: cloudflareCF-RAY: 902caf8afd0ac32e-EWRserver-timing: cfL4;desc="?proto=TCP&rtt=1476&min_rtt=1475&rtt_var=557&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1898&delivery_rate=1959731&cwnd=178&unsent_bytes=0&cid=fade22bf33827ac2&ts=3902&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsX-Content-Type-Options: nosniffP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 95ee8bcc-1631-4a79-a238-d48ee0feaf00x-ms-ests-server: 2.1.19870.3 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originContent-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-K-g14_FQms7AXCo0Y_q_ZA' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-AllX-XSS-Protection: 0Date: Thu, 16 Jan 2025 08:20:39 GMTConnection: closeContent-Length: 0

Source: chromecache_96.2.dr, chromecache_88.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_96.2.dr, chromecache_88.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: classification engine

Classification label: mal56.win@20/74@36/16

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1972,i,3349844353704011253,6770722091847730992,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://56.hanagibenewe.ru/Y7MD/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1972,i,3349844353704011253,6770722091847730992,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1592548
Product:	CloudBasic
Start time:	09:19:15
Start date:	16.01.2025
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://56.hanagibenewe.ru/Y7MD/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://56.hanagibenewe.ru/Y7MD/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://56.hanagibenewe.ru/Y7MD/