Loading ...

Play interactive tourEdit tour

Windows Analysis Report https://hodgapsroa.com/#/

Overview

General Information

Sample URL:https://hodgapsroa.com/#/
Analysis ID:483879
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish10
Phishing site detected (based on image similarity)
HTML body contains low number of good links
No HTML title found
Submit button contains javascript call

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5956 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://hodgapsroa.com/#/' MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 2696 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,4505052504395026729,3895825373738786777,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1740 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: https://hodgapsroa.com/#/SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
Phishing site detected (based on favicon image match)Show sources
Source: https://hodgapsroa.com/#/Matcher: Template: microsoft matched with high similarity
Yara detected HtmlPhish10Show sources
Source: Yara matchFile source: 22654.0.pages.csv, type: HTML
Phishing site detected (based on image similarity)Show sources
Source: https://hodgapsroa.com/#/Matcher: Found strong image similarity, brand: Microsoft image: 22654.0.img.2.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: https://hodgapsroa.com/#/HTTP Parser: Number of links: 0
Source: https://hodgapsroa.com/#/HTTP Parser: Number of links: 0
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1588239541&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d7281d010-55d5-3147-50e5-3fa78ec74036&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=7299327A97542A7D&bk=1588239549&uiflavor=web&lic=1&mkt=EN-US&lc=1033&uaid=6f76061369744447a69041d439afacaaHTTP Parser: Number of links: 0
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1588239541&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d7281d010-55d5-3147-50e5-3fa78ec74036&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=7299327A97542A7D&bk=1588239549&uiflavor=web&lic=1&mkt=EN-US&lc=1033&uaid=6f76061369744447a69041d439afacaaHTTP Parser: Number of links: 0
Source: https://hodgapsroa.com/#/HTTP Parser: HTML title missing
Source: https://hodgapsroa.com/#/HTTP Parser: HTML title missing
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1588239541&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d7281d010-55d5-3147-50e5-3fa78ec74036&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=7299327A97542A7D&bk=1588239549&uiflavor=web&lic=1&mkt=EN-US&lc=1033&uaid=6f76061369744447a69041d439afacaaHTTP Parser: HTML title missing
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1588239541&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d7281d010-55d5-3147-50e5-3fa78ec74036&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=7299327A97542A7D&bk=1588239549&uiflavor=web&lic=1&mkt=EN-US&lc=1033&uaid=6f76061369744447a69041d439afacaaHTTP Parser: HTML title missing
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1588239541&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d7281d010-55d5-3147-50e5-3fa78ec74036&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=7299327A97542A7D&bk=1588239549&uiflavor=web&lic=1&mkt=EN-US&lc=1033&uaid=6f76061369744447a69041d439afacaaHTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1588239541&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d7281d010-55d5-3147-50e5-3fa78ec74036&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=7299327A97542A7D&bk=1588239549&uiflavor=web&lic=1&mkt=EN-US&lc=1033&uaid=6f76061369744447a69041d439afacaaHTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1588239541&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d7281d010-55d5-3147-50e5-3fa78ec74036&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=7299327A97542A7D&bk=1588239549&uiflavor=web&lic=1&mkt=EN-US&lc=1033&uaid=6f76061369744447a69041d439afacaaHTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1588239541&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d7281d010-55d5-3147-50e5-3fa78ec74036&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=7299327A97542A7D&bk=1588239549&uiflavor=web&lic=1&mkt=EN-US&lc=1033&uaid=6f76061369744447a69041d439afacaaHTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1588239541&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d7281d010-55d5-3147-50e5-3fa78ec74036&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=7299327A97542A7D&bk=1588239549&uiflavor=web&lic=1&mkt=EN-US&lc=1033&uaid=6f76061369744447a69041d439afacaaHTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1588239541&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d7281d010-55d5-3147-50e5-3fa78ec74036&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=7299327A97542A7D&bk=1588239549&uiflavor=web&lic=1&mkt=EN-US&lc=1033&uaid=6f76061369744447a69041d439afacaaHTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://hodgapsroa.com/#/HTTP Parser: No <meta name="author".. found
Source: https://hodgapsroa.com/#/HTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1588239541&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d7281d010-55d5-3147-50e5-3fa78ec74036&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=7299327A97542A7D&bk=1588239549&uiflavor=web&lic=1&mkt=EN-US&lc=1033&uaid=6f76061369744447a69041d439afacaaHTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1588239541&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d7281d010-55d5-3147-50e5-3fa78ec74036&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=7299327A97542A7D&bk=1588239549&uiflavor=web&lic=1&mkt=EN-US&lc=1033&uaid=6f76061369744447a69041d439afacaaHTTP Parser: No <meta name="author".. found
Source: https://hodgapsroa.com/#/HTTP Parser: No <meta name="copyright".. found
Source: https://hodgapsroa.com/#/HTTP Parser: No <meta name="copyright".. found
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1588239541&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d7281d010-55d5-3147-50e5-3fa78ec74036&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=7299327A97542A7D&bk=1588239549&uiflavor=web&lic=1&mkt=EN-US&lc=1033&uaid=6f76061369744447a69041d439afacaaHTTP Parser: No <meta name="copyright".. found
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1588239541&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d7281d010-55d5-3147-50e5-3fa78ec74036&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=7299327A97542A7D&bk=1588239549&uiflavor=web&lic=1&mkt=EN-US&lc=1033&uaid=6f76061369744447a69041d439afacaaHTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: unknownHTTPS traffic detected: 104.219.248.67:443 -> 192.168.2.3:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.219.248.67:443 -> 192.168.2.3:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.219.248.67:443 -> 192.168.2.3:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49818 version: TLS 1.2
Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49819 version: TLS 1.2
Source: unknownDNS traffic detected: queries for: hodgapsroa.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: hodgapsroa.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/css/Converged_v22057.css HTTP/1.1Host: jufysiajgi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hodgapsroa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/css/animate.min.css HTTP/1.1Host: jufysiajgi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hodgapsroa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/css/Converged_v33059.css HTTP/1.1Host: jufysiajgi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hodgapsroa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/js/helpers.js?ver=12839297292 HTTP/1.1Host: jufysiajgi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hodgapsroa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/js/app.js?ver=21313 HTTP/1.1Host: jufysiajgi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hodgapsroa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/images/info.svg HTTP/1.1Host: jufysiajgi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hodgapsroa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/images/microsoft_logo.svg HTTP/1.1Host: jufysiajgi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hodgapsroa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: jufysiajgi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hodgapsroa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/images/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg HTTP/1.1Host: jufysiajgi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hodgapsroa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/images/ellipsis_white.svg HTTP/1.1Host: jufysiajgi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hodgapsroa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/images/ellipsis_grey.svg HTTP/1.1Host: jufysiajgi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hodgapsroa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/images/0.jpg HTTP/1.1Host: jufysiajgi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hodgapsroa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/images/0-small.jpg HTTP/1.1Host: jufysiajgi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hodgapsroa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/favicon.ico HTTP/1.1Host: jufysiajgi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hodgapsroa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/images/info.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: jufysiajgi.com
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/favicon.ico HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: jufysiajgi.com
Source: global trafficHTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/images/microsoft_logo.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: jufysiajgi.com
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: jufysiajgi.com
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/images/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: jufysiajgi.com
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/images/ellipsis_white.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: jufysiajgi.com
Source: global trafficHTTP traffic detected: GET /offikthingzz/media/images/ellipsis_grey.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: jufysiajgi.com
Source: global trafficHTTP traffic detected: GET /converged_ux_v2_94I0sEqY0Jv8LdLTslehNA2.css?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /lightweightsignuppackage_cJXxPLRToG0ngSKFZSDoOA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveOrigin: https://signup.live.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /oneds_Xr2D7Nex80v7A-8bxF8jgQ2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
Source: global trafficHTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
Source: global trafficHTTP traffic detected: GET /images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: acctcdn.msauth.net
Source: manifest.json0.1.dr, 3280eddd-88b3-4402-85a7-8187015a4189.tmp.2.dr, 7798b4a7-9728-412e-b35f-1d583793ccaa.tmp.2.dr, abf73212-9cb4-4ad4-b80d-3686bc51f370.tmp.2.drString found in binary or memory: https://accounts.google.com
Source: Network Action Predictor.1.drString found in binary or memory: https://acctcdn.msauth.net/
Source: 59f8bbf14d4853fd_0.1.drString found in binary or memory: https://acctcdn.msauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js
Source: Favicons.1.drString found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2
Source: Favicons.1.drString found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=29
Source: 4278acc4333443e6_0.1.drString found in binary or memory: https://acctcdn.msauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1
Source: 4f3329f3f8204488_0.1.drString found in binary or memory: https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1
Source: 7fe4ac91e4089c5a_0.1.drString found in binary or memory: https://acctcdn.msauth.net/lightweightsignuppackage_cJXxPLRToG0ngSKFZSDoOA2.js?v=1
Source: 8fdad95f34dd1d59_0.1.drString found in binary or memory: https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2.js?v=1
Source: 7e4cea594f77c74d_0.1.drString found in binary or memory: https://acctcdn.msauth.net/oneds_Xr2D7Nex80v7A-8bxF8jgQ2.js?v=1
Source: manifest.json0.1.dr, 3280eddd-88b3-4402-85a7-8187015a4189.tmp.2.dr, 7798b4a7-9728-412e-b35f-1d583793ccaa.tmp.2.dr, abf73212-9cb4-4ad4-b80d-3686bc51f370.tmp.2.drString found in binary or memory: https://apis.google.com
Source: 3280eddd-88b3-4402-85a7-8187015a4189.tmp.2.dr, 7798b4a7-9728-412e-b35f-1d583793ccaa.tmp.2.dr, abf73212-9cb4-4ad4-b80d-3686bc51f370.tmp.2.drString found in binary or memory: https://clients2.google.com
Source: manifest.json0.1.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 3280eddd-88b3-4402-85a7-8187015a4189.tmp.2.dr, 7798b4a7-9728-412e-b35f-1d583793ccaa.tmp.2.dr, abf73212-9cb4-4ad4-b80d-3686bc51f370.tmp.2.drString found in binary or memory: https://clients2.googleusercontent.com
Source: abf73212-9cb4-4ad4-b80d-3686bc51f370.tmp.2.drString found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json0.1.drString found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.2.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: 3280eddd-88b3-4402-85a7-8187015a4189.tmp.2.dr, 9c1ab03e-04b3-4b87-8185-2001be05ea31.tmp.2.dr, 7798b4a7-9728-412e-b35f-1d583793ccaa.tmp.2.dr, fd2ca17f-bf4c-4def-83a9-6178b78d74be.tmp.2.dr, 9a48b301-6828-4fc5-9cd5-091ca159ed7f.tmp.2.dr, abf73212-9cb4-4ad4-b80d-3686bc51f370.tmp.2.drString found in binary or memory: https://dns.google
Source: manifest.json0.1.drString found in binary or memory: https://feedback.googleusercontent.com
Source: 3280eddd-88b3-4402-85a7-8187015a4189.tmp.2.dr, 7798b4a7-9728-412e-b35f-1d583793ccaa.tmp.2.drString found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.1.drString found in binary or memory: https://fonts.googleapis.com;
Source: 3280eddd-88b3-4402-85a7-8187015a4189.tmp.2.dr, 7798b4a7-9728-412e-b35f-1d583793ccaa.tmp.2.dr, abf73212-9cb4-4ad4-b80d-3686bc51f370.tmp.2.drString found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.1.drString found in binary or memory: https://fonts.gstatic.com;
Source: Current Session.1.drString found in binary or memory: https://fpt.live.com
Source: Current Session.1.drString found in binary or memory: https://fpt.live.com/?session_id=6f76061369744447a69041d439afacaa&CustomerId=33e01921-4d64-4f8c-a055
Source: manifest.json0.1.drString found in binary or memory: https://hangouts.google.com/
Source: 84c2aae08e1066e9_0.1.drString found in binary or memory: https://hodgapsroa.com/
Source: Favicons.1.dr, Current Session.1.drString found in binary or memory: https://hodgapsroa.com/#/
Source: History Provider Cache.1.drString found in binary or memory: https://hodgapsroa.com/#/2
Source: Current Session.1.drString found in binary or memory: https://hodgapsroa.com/#/;
Source: History.1.drString found in binary or memory: https://hodgapsroa.com/#/Sign
Source: History-journal.1.drString found in binary or memory: https://hodgapsroa.com/#/a
Source: Favicons.1.drString found in binary or memory: https://jufysiajgi.com/offikthingzz/media/favicon.ico
Source: 84c2aae08e1066e9_0.1.drString found in binary or memory: https://jufysiajgi.com/offikthingzz/media/js/app.js?ver=21313
Source: 4b310db9cc03ef7d_0.1.drString found in binary or memory: https://jufysiajgi.com/offikthingzz/media/js/helpers.js?ver=12839297292
Source: 7e4cea594f77c74d_0.1.dr, 8fdad95f34dd1d59_0.1.drString found in binary or memory: https://live.com/
Source: 4278acc4333443e6_0.1.drString found in binary or memory: https://live.com/2
Source: 7fe4ac91e4089c5a_0.1.drString found in binary or memory: https://live.com/f
Source: 59f8bbf14d4853fd_0.1.drString found in binary or memory: https://live.com/rc
Source: 3280eddd-88b3-4402-85a7-8187015a4189.tmp.2.dr, 7798b4a7-9728-412e-b35f-1d583793ccaa.tmp.2.dr, abf73212-9cb4-4ad4-b80d-3686bc51f370.tmp.2.drString found in binary or memory: https://ogs.google.com
Source: manifest.json.1.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 3280eddd-88b3-4402-85a7-8187015a4189.tmp.2.dr, 7798b4a7-9728-412e-b35f-1d583793ccaa.tmp.2.dr, abf73212-9cb4-4ad4-b80d-3686bc51f370.tmp.2.drString found in binary or memory: https://play.google.com
Source: abf73212-9cb4-4ad4-b80d-3686bc51f370.tmp.2.drString found in binary or memory: https://r4---sn-5hnekn7z.gvt1.com
Source: abf73212-9cb4-4ad4-b80d-3686bc51f370.tmp.2.drString found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.1.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: Current Session.1.drString found in binary or memory: https://signup.live.com
Source: Network Action Predictor.1.drString found in binary or memory: https://signup.live.com/
Source: Current Session.1.drString found in binary or memory: https://signup.live.com/signup#
Source: History.1.drString found in binary or memory: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1588239541&rver=7.0.6737.0&wp=MBI_SSL&wrepl
Source: 3280eddd-88b3-4402-85a7-8187015a4189.tmp.2.dr, 7798b4a7-9728-412e-b35f-1d583793ccaa.tmp.2.dr, abf73212-9cb4-4ad4-b80d-3686bc51f370.tmp.2.drString found in binary or memory: https://ssl.gstatic.com
Source: messages.json83.1.drString found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json83.1.drString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: manifest.json0.1.dr, 3280eddd-88b3-4402-85a7-8187015a4189.tmp.2.dr, 7798b4a7-9728-412e-b35f-1d583793ccaa.tmp.2.dr, abf73212-9cb4-4ad4-b80d-3686bc51f370.tmp.2.drString found in binary or memory: https://www.google.com
Source: manifest.json.1.drString found in binary or memory: https://www.google.com/
Source: manifest.json0.1.drString found in binary or memory: https://www.google.com;
Source: 3280eddd-88b3-4402-85a7-8187015a4189.tmp.2.dr, 7798b4a7-9728-412e-b35f-1d583793ccaa.tmp.2.dr, abf73212-9cb4-4ad4-b80d-3686bc51f370.tmp.2.drString found in binary or memory: https://www.googleapis.com
Source: manifest.json.1.drString found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.1.drString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.1.drString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.1.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.1.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.1.drString found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.1.drString found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.1.drString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.1.drString found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.1.drString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.1.drString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.1.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.1.drString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 3280eddd-88b3-4402-85a7-8187015a4189.tmp.2.dr, 7798b4a7-9728-412e-b35f-1d583793ccaa.tmp.2.dr, abf73212-9cb4-4ad4-b80d-3686bc51f370.tmp.2.drString found in binary or memory: https://www.gstatic.com
Source: manifest.json0.1.drString found in binary or memory: https://www.gstatic.com;
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknownHTTPS traffic detected: 104.219.248.67:443 -> 192.168.2.3:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.219.248.67:443 -> 192.168.2.3:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.219.248.67:443 -> 192.168.2.3:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49818 version: TLS 1.2
Source: unknownHTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49819 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\ed56c691-24d8-4d83-8774-c3096127a6c6.tmpJump to behavior
Source: classification engineClassification label: mal68.phis.win@34/226@11/11
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://hodgapsroa.com/#/'
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,4505052504395026729,3895825373738786777,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1740 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,4505052504395026729,3895825373738786777,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1740 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61427571-1744.pmaJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsScripting1Path InterceptionProcess Injection1Masquerading3OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Scripting1Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol4Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferIngress Tool Transfer1SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files