IOC Report
https://56.hanagibenewe.ru/Y7MD/

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 07:20:11 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 07:20:11 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 07:20:11 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 07:20:11 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 07:20:11 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
ASCII text, with very long lines (48316), with no line terminators
downloaded
Chrome Cache Entry: 101
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
downloaded
Chrome Cache Entry: 102
ASCII text, with very long lines (47520)
dropped
Chrome Cache Entry: 103
very short file (no magic)
dropped
Chrome Cache Entry: 104
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15755
downloaded
Chrome Cache Entry: 105
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 106
very short file (no magic)
downloaded
Chrome Cache Entry: 107
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
dropped
Chrome Cache Entry: 108
GIF image data, version 89a, 352 x 3
dropped
Chrome Cache Entry: 109
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769
dropped
Chrome Cache Entry: 110
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
downloaded
Chrome Cache Entry: 111
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 454821
downloaded
Chrome Cache Entry: 112
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 454821
dropped
Chrome Cache Entry: 113
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
downloaded
Chrome Cache Entry: 114
GIF image data, version 89a, 352 x 3
dropped
Chrome Cache Entry: 115
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 116
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 142534
dropped
Chrome Cache Entry: 117
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113424
downloaded
Chrome Cache Entry: 118
GIF image data, version 89a, 352 x 3
downloaded
Chrome Cache Entry: 119
HTML document, ASCII text, with very long lines (7481), with CRLF line terminators
downloaded
Chrome Cache Entry: 120
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15755
dropped
Chrome Cache Entry: 121
ASCII text, with very long lines (47520)
downloaded
Chrome Cache Entry: 122
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769
downloaded
Chrome Cache Entry: 123
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
dropped
Chrome Cache Entry: 124
GIF image data, version 89a, 352 x 3
downloaded
Chrome Cache Entry: 125
ASCII text, with very long lines (65447)
downloaded
Chrome Cache Entry: 126
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
dropped
Chrome Cache Entry: 127
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57678
dropped
Chrome Cache Entry: 128
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 142534
downloaded
Chrome Cache Entry: 85
ASCII text, with very long lines (48316), with no line terminators
dropped
Chrome Cache Entry: 86
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152
downloaded
Chrome Cache Entry: 87
PNG image data, 30 x 29, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 88
HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
downloaded
Chrome Cache Entry: 89
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152
dropped
Chrome Cache Entry: 90
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
downloaded
Chrome Cache Entry: 91
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986
downloaded
Chrome Cache Entry: 92
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
dropped
Chrome Cache Entry: 93
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986
dropped
Chrome Cache Entry: 94
ASCII text, with very long lines (65447)
dropped
Chrome Cache Entry: 95
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 96
HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
downloaded
Chrome Cache Entry: 97
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57678
downloaded
Chrome Cache Entry: 98
JSON data
dropped
Chrome Cache Entry: 99
PNG image data, 30 x 29, 8-bit/color RGB, non-interlaced
downloaded
There are 41 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1972,i,3349844353704011253,6770722091847730992,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://56.hanagibenewe.ru/Y7MD/"

URLs

Name
IP
Malicious
https://56.hanagibenewe.ru/Y7MD/
malicious
https://56.hanagibenewe.ru/Y7MD/
malicious
https://login.microsoftonline.com/
20.190.160.14
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
104.18.94.41
https://login.microsoftonline.com/common/GetCredentialType?mkt=en-US
20.190.160.14
https://login.microsoftonline.com
unknown
https://code.jquery.com/jquery-3.6.0.min.js
151.101.66.137
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/p7h9d/0x4AAAAAAA5D2nHjAPlCZ2mF/auto/fbE/normal/auto/
104.18.94.41
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
104.17.25.14
https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2
2.18.64.215
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=902caf840eaa7ce8&lang=auto
104.18.94.41
https://login.microsoftonline.com/favicon.ico
20.190.160.14
https://challenges.cloudflare.com/turnstile/v0/b/e0c90b6a3ed1/api.js
104.18.94.41
https://56.hanagibenewe.ru/favicon.ico
104.21.96.1
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1605127115:1737012352:4BXwnbtKrd766rOBoKJPowV747GdyIl9mVNQ9Ho_ywc/902caf840eaa7ce8/1F5Cxy3acQDSD_maJ2Q.C7xfmqEQ185sOhiXUEHS_w8-1737015619-1.1.1.1-Yyo.hmxqCBlzU9CQF9n2ytO._FxQAZNm3xME0QZrqZYaRcPGbk12itfJZ8VfdD4c
104.18.94.41
https://www.office.com/login
13.107.6.156
https://login.windows-ppe.net
unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/902caf840eaa7ce8/1737015620919/TS7ZMPQmxY7bcfQ
104.18.94.41
https://a.nel.cloudflare.com/report/v4?s=GtRgaigRntOdmFOFRSYz%2FKEAFeIqzMNTOUkCjVxFEFJgP5X9FTT7UqH0bLCOY1Zk%2B%2B8%2B%2BOqj7N02ZMr9stlxUDsYEr%2FZHi1ZjfRsLLPnhhlzsN%2FJQgMU1VlfQTd4gA%3D%3D
35.190.80.1
https://oyklhzam8qfhuphxxe6quntrnthjjp2djemp0sazasxbp2sqyq.gageodeg.ru/yeTaiyvoWfIoToESWgYLyIzyODLAMMBOZAAWVQZOPDTFIFVFPIOGGUZKZU
104.21.16.1
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/902caf840eaa7ce8/1737015620917/06803e07f083093b506a25e32cdcc8bb25dfdadec1b4ca42befeb10fcc321d4d/ZZbdEoB7MOUJd5H
104.18.94.41
There are 10 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
56.hanagibenewe.ru
104.21.96.1
 malicious
www.tm.ak.prd.aadg.trafficmanager.net
20.190.160.14
a.nel.cloudflare.com
35.190.80.1
e329293.dscd.akamaiedge.net
2.23.209.34
b-0004.b-msedge.net
13.107.6.156
s-part-0017.t-0009.t-msedge.net
13.107.246.45
s-part-0017.t-0009.fb-t-msedge.net
13.107.253.45
a1894.dscb.akamai.net
2.18.64.215
code.jquery.com
151.101.66.137
cdnjs.cloudflare.com
104.17.25.14
challenges.cloudflare.com
104.18.94.41
www.google.com
142.250.185.68
oyklhzam8qfhuphxxe6quntrnthjjp2djemp0sazasxbp2sqyq.gageodeg.ru
104.21.16.1
www.office.com
unknown
identity.nel.measure.office.net
unknown
aadcdn.msftauth.net
unknown
login.microsoftonline.com
unknown
There are 7 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
104.21.96.1
56.hanagibenewe.ru
United States
malicious
13.107.6.156
b-0004.b-msedge.net
United States
104.18.94.41
challenges.cloudflare.com
United States
192.168.2.5
unknown
unknown
20.190.160.14
www.tm.ak.prd.aadg.trafficmanager.net
United States
104.21.112.1
unknown
United States
151.101.66.137
code.jquery.com
United States
35.190.80.1
a.nel.cloudflare.com
United States
104.17.24.14
unknown
United States
142.250.185.68
www.google.com
United States
104.21.16.1
oyklhzam8qfhuphxxe6quntrnthjjp2djemp0sazasxbp2sqyq.gageodeg.ru
United States
104.18.95.41
unknown
United States
151.101.2.137
unknown
United States
239.255.255.250
unknown
Reserved
104.17.25.14
cdnjs.cloudflare.com
United States
2.18.64.215
a1894.dscb.akamai.net
European Union
There are 6 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://56.hanagibenewe.ru/Y7MD/
https://56.hanagibenewe.ru/Y7MD/
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638726124374492471.ZWI2MmE1ZGQtOWY4OC00YmI3LTk3YTgtNThhOWRjODllYzhmOTJmNzdmMWEtMDE0My00MmI3LWI5MzMtOTgzYzRiZDBkNTgz&ui_locales=en-US&mkt=en-US&client-request-id=bfef4c53-ba37-4e79-a3f1-3523065f2cbd&state=BxNrQKX-EXOyGf3juFnN0J9UdvvsSeV3zW5H59JafvTMXbt0zRhP-5DBevqBmveWpvKqysxZ4gVe2_Ql1Cx1rCqLXNzZLJ-gxAqLMwkx9SAWpfRq-06QDthTPxp__CMNGSsU3maMIxvO5TJMVQcsl4DNueIfZ23yrTxzFTCMGH54aQAASnElahc7OeNQN9Gu5XJoXGHZ_9Sludc2AA0Y2SwqLhDwbMOSF9jE9Nbs9OZO9sb0p8tbA1fqZy6BTLXYBS59RaA39Y6uYfiHyOHnWA&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true