Source: https://wonderwaterbeads.com/Stephanie/Drive | SlashNext: Label: Fake Login Page type: Phishing & Social Engineering |
Source: https://wonderwaterbeads.com/Stephanie/Drive | UrlScan: Label: phishing brand: sharepoint microsoft | Perma Link |
Source: Yara match | File source: 226546.pages.csv, type: HTML |
Source: Yara match | File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ppq8mv6lfjzaqwrntj9kw0pl[1].htm, type: DROPPED |
Source: https://wonderwaterbeads.com/Stephanie/Drive | HTTP Parser: Number of links: 0 |
Source: https://wonderwaterbeads.com/Stephanie/Drive | HTTP Parser: Number of links: 0 |
Source: https://wonderwaterbeads.com/Stephanie/Drive | HTTP Parser: Title: Sharing Link Validation does not match URL |
Source: https://wonderwaterbeads.com/Stephanie/Drive | HTTP Parser: Title: Sharing Link Validation does not match URL |
Source: https://wonderwaterbeads.com/Stephanie/Drive | HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true)) |
Source: https://wonderwaterbeads.com/Stephanie/Drive | HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true)) |
Source: https://wonderwaterbeads.com/Stephanie/Drive | HTTP Parser: Form action: securepassword.php?KKCKHJ16063980609940d6f529812b1f93d04f86ad5fbc629940d6f529812b1f93d04f86ad5fbc629940d6f529812b1f93d04f86ad5fbc629940d6f529812b1f93d04f86ad5fbc629940d6f529812b1f93d04f86ad5fbc62 |
Source: https://wonderwaterbeads.com/Stephanie/Drive | HTTP Parser: Form action: securepassword.php?KKCKHJ16063980609940d6f529812b1f93d04f86ad5fbc629940d6f529812b1f93d04f86ad5fbc629940d6f529812b1f93d04f86ad5fbc629940d6f529812b1f93d04f86ad5fbc629940d6f529812b1f93d04f86ad5fbc62 |
Source: https://wonderwaterbeads.com/Stephanie/Drive | HTTP Parser: No <meta name="author".. found |
Source: https://wonderwaterbeads.com/Stephanie/Drive | HTTP Parser: No <meta name="author".. found |
Source: https://wonderwaterbeads.com/Stephanie/Drive | HTTP Parser: No <meta name="copyright".. found |
Source: https://wonderwaterbeads.com/Stephanie/Drive | HTTP Parser: No <meta name="copyright".. found |
Source: iexplore.exe, 00000001.00000002.388042140.000001E3ECF83000.00000002.00000001.sdmp, explorer.exe, 00000006.00000000.287594950.000000000E2B3000.00000002.00000001.sdmp | String found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook) |
Source: iexplore.exe, 00000001.00000002.388042140.000001E3ECF83000.00000002.00000001.sdmp, explorer.exe, 00000006.00000000.287594950.000000000E2B3000.00000002.00000001.sdmp | String found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace) |
Source: iexplore.exe, 00000001.00000002.388042140.000001E3ECF83000.00000002.00000001.sdmp, explorer.exe, 00000006.00000000.287594950.000000000E2B3000.00000002.00000001.sdmp | String found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler) |
Source: iexplore.exe, 00000001.00000002.388042140.000001E3ECF83000.00000002.00000001.sdmp, explorer.exe, 00000006.00000000.287594950.000000000E2B3000.00000002.00000001.sdmp | String found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook) |
Source: iexplore.exe, 00000001.00000002.388042140.000001E3ECF83000.00000002.00000001.sdmp, explorer.exe, 00000006.00000000.287594950.000000000E2B3000.00000002.00000001.sdmp | String found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler) |
Source: msapplication.xml0.1.dr | String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x31c1fecc,0x01d6c445</date><accdate>0x31c1fecc,0x01d6c445</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook) |
Source: msapplication.xml0.1.dr | String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x31c1fecc,0x01d6c445</date><accdate>0x31c1fecc,0x01d6c445</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook) |
Source: iexplore.exe, 00000001.00000002.397583631.000001E3EFF30000.00000004.00000040.sdmp | String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x31d77405,0x01d6c445</date><accdate>0x31d77405,0x01d6c445</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube) |
Source: iexplore.exe, 00000001.00000002.397031842.000001E3EF915000.00000004.00000001.sdmp | String found in binary or memory: URLhttp://www.facebook.com/ equals www.facebook.com (Facebook) |
Source: iexplore.exe, 00000001.00000002.397031842.000001E3EF915000.00000004.00000001.sdmp | String found in binary or memory: URLhttp://www.twitter.com/ equals www.twitter.com (Twitter) |
Source: iexplore.exe, 00000001.00000002.397031842.000001E3EF915000.00000004.00000001.sdmp | String found in binary or memory: URLhttp://www.youtube.com/ equals www.youtube.com (Youtube) |
Source: iexplore.exe, 00000001.00000002.397031842.000001E3EF915000.00000004.00000001.sdmp | String found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook) |
Source: iexplore.exe, 00000001.00000002.398221164.000001E3F0430000.00000004.00000001.sdmp | String found in binary or memory: http://www.facebook.com/square70x70logo equals www.facebook.com (Facebook) |
Source: iexplore.exe, 00000001.00000002.397031842.000001E3EF915000.00000004.00000001.sdmp | String found in binary or memory: http://www.twitter.com/ equals www.twitter.com (Twitter) |
Source: iexplore.exe, 00000001.00000002.398221164.000001E3F0430000.00000004.00000001.sdmp | String found in binary or memory: http://www.youtube.com/ equals www.youtube.com (Youtube) |
Source: wac_s_office-2f03ce8e[1].js.2.dr | String found in binary or memory: r=!0)}t&&t.code==_&&(n=c("Sharing.SharingBlockedLinkGenerationError")),ne();var D=new d.InlineError(me,n,r);D.render(),me.show(),H.hideLoading(),H.enableMenuTabs()}}function se(e,o){if(!ke){var a={shareStartDate:t,itemCount:H.getItemCount(),role:i,signInRequired:n,numContacts:r};H.onShareSuccessCallback(e,o,a)}}var le,de,ce,ue,he,fe,pe,me,ge,ve,ye,we,be,Ce,Se,ke,_e,Ie,xe,De,Pe=FilesConfig.isUserInGfRamp&&O&&O.folder&&!O.isBundle,Ee=FilesConfig.isUserInGfRamp,Te=!1,Le=!1,Ae=M||Q,Fe=M&&M.selectionCount||Q&&Q.length,Ne=this;Ne.render=function(t){Qos.start(T),Se=t,sutra(e,"$Sutra.SkyDrive.ShareDialogEmailPane"),e.html(x),de=jQuery(".sd_email_content",e),le=jQuery(".sd_loading",e),fe=jQuery(".sd_email_share",e),ce=jQuery(".sd_header",e),he=jQuery(".sd_facebook_upsell_line",e),ue=jQuery(".sd_subheader_text",e),pe=jQuery(".sd_cancel",e),pe.val(c("Sharing.Close")),ee(c("Loading")),FilesConfig.fbDirectMessageEnabled?B.fetchNetworks(function(e){_e=B.findTargetNetwork(e,"FB"),B.areRequiredNetworkOffersPresent(_e,f)&&(Ie=!0),W(Ie)},function(){W()},g):W(),Qos.end()},Ne.getUserMessage=function(){var e=Ce&&Ce.val();return e&&e!=P?e:""},Ne.dispose=function(){ke=!0,clearTimeout(xe),clearTimeout(De),V()}}var t,i,n,r,o,a,s,l=wLive.Core,d=wLive.Controls,c=l.AleHelpers.getPCString,u=l.AleHelpers.getSkyString,h="disabled",f=["ContactAgg","StatusPublish"],p=2e3,m=6e4,g=3e3,v=100,y=FilesConfig.emailPaneMaxMessageLength,w=0,b=3006,C=3009,S=3020,k=3101,_=9006,I=20,x='<h2 class="sd_header"></h2><h3 class="sd_subheader"><span class="sd_subheader_text"></span> <span class="sd_facebook_upsell_line"></span></h3><form><div class="sd_email_content"><div><div class="sd_email_to_label"></div><div class="sd_contact_picker"></div><div class="sd_contact_sync_success"></div><div class="c_clr"></div></div><textarea class="sd_email_message"></textarea><div class="sd_email_char_cntr"></div><div class="sd_email_statement"><a href="#" id="sd_email_statement" /></div><div class="sd_email_perms"><select id="sd_email_roles" name="sd_email_roles"><option id="sd_email_view" value="v" selected="selected"></option><option id="sd_email_coowner" value="c"></option></select><div class="sd_email_can_edit"><select id="sd_email_can_edit" name="sd_email_can_edit"><option id="sd_email_can_edit_n" value="n" selected="selected"></option><option id="sd_email_can_edit_y" value="y"></option></select></div></div><div class="sd_email_signin_req"><select id="sd_email_signin_req" name="sd_email_signin_r |