| Source: https://onedrive.live.com/redir?resid=453F9CD20B106AF9%21605&authkey=%21Ao7yYQnZ6CkxZJg&page=View&wd=target%28New%20Section%201.one%7C80ad529f-1552-420d-bb5a-d50e6a192b23%2FLen%20Pearson%20%28ID%5C%29%7Cdbbfcf9d-1ae4-48ed-865e-22967eb5e535%2F%29 |
SlashNext: Label: Fake Login Page type: Phishing & Social Engineering |
| Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll |
Jump to behavior |
| Source: unknown |
HTTPS traffic detected: 151.101.65.26:443 -> 192.168.2.3:49791 version: TLS 1.2 |
| Source: unknown |
HTTPS traffic detected: 151.101.65.26:443 -> 192.168.2.3:49790 version: TLS 1.2 |
| Source: unknown |
HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49815 version: TLS 1.2 |
| Source: unknown |
HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.3:49814 version: TLS 1.2 |
| Source: unknown |
HTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49869 version: TLS 1.2 |
| Source: unknown |
HTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.3:49870 version: TLS 1.2 |
| Source: unknown |
HTTPS traffic detected: 95.101.18.109:443 -> 192.168.2.3:49872 version: TLS 1.2 |
| Source: unknown |
HTTPS traffic detected: 95.101.18.109:443 -> 192.168.2.3:49871 version: TLS 1.2 |
| Source: unknown |
HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.3:49901 version: TLS 1.2 |
| Source: unknown |
HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.3:49900 version: TLS 1.2 |
| Source: |
Binary string: function wac_la(){this.h1b=-1;this.uTb=[];this.vG=new wac_fa;this.PDb=50}function wac_jaa(){try{if(wac_kaa)return window.performance.now()}catch(a){wac_kaa=!1}return-1} source: OneNote[1].js.3.dr |
| Source: |
Binary string: break;case 2:c=646039090;break;case 3:c=1825605114}c?(wac_Wj(c,"",b,8,0),wac_b(39978636,207,50,"Dialog action logged")):wac_b(51500119,207,15,"Dialog action ID not found for DialogButton value: ",a)}},SQb:function(a){if(wac__j()){var b={};b.WacSessionId=wac_.nf;b.ActionName=a;wac_b(35489762,207,50,JSON.stringify(b))}},WJd:function(){if(!wac_bh||!wac_bh.bXa||!wac_Jsa(this))return 16;wac_Ksa||(wac_Jsa(this).pDb("DialogMenuId","1245654357","844297214"),wac_Ksa=!0);var a=wac_hqa(wac_bh?wac_bh.bXa:null); source: OneNote[1].js.3.dr |
| Source: |
Binary string: else try{g=new wac_ca(h)}catch(y){}finally{g=null}var x=new wac_ba(l.getTime(),b,a,c,p,d,m,n,g);this.vG.EY(x)}finally{e||this.Lra--}wac_kaa&&(this.h1b+=wac_jaa()-k)}},ioc:function(a,b,c,d,e){if(!c&&1>=this.Lra){this.Lra++;try{this.zxa(a,b,10,1,!0,d,e,null)}finally{this.Lra--}}},fma:function(a,b){return b<=this.PDb},rPb:function(a){this.PDb=a},cpc:function(){this.uTb=[]},Qnc:function(a){this.uTb[a]=!0}};window.Diag.UULS=wac_aa.b9d=function(){}; source: OneNote[1].js.3.dr |
| Source: microsoft-office[1].htm.20.dr |
String found in binary or memory: <img src="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/10609c90/office.testdrive/images/social/Twitter.png" alt="Twitter Logo"> equals www.twitter.com (Twitter) |
| Source: microsoft-office[1].htm.20.dr |
String found in binary or memory: <img src="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/30de2af0/office.testdrive/images/social/LinkedIn.png" alt="LinkedIn Logo"> equals www.linkedin.com (Linkedin) |
| Source: surface[1].htm.20.dr |
String found in binary or memory: </li>--><li><a href="" class="c-hyperlink f-image " target="_self" aria-label=""><picture></picture><span></span></a></li><li><a href="https://www.microsoft.com/en-us/surface/newsletter-subscription" class="c-hyperlink f-image surfacenewsletter" target="_self" aria-label="Select this link to Sign up for Surface Newsletter"><picture><img src="https://c.s-microsoft.com/en-us/CMSImages/Panel_Footer_Icons_Newsletter.jpg?version=4a673150-485a-a3a8-5596-f6df6a353dd8" class="mscom-image" width="60" height="60" alt="" /></picture><span>Get the Surface newsletter</span></a></li><li><a href="https://support.microsoft.com/help/4040585" class="c-hyperlink f-image " target="_self" aria-label="Select this link to learn about the Surface Power Cord Recall"><picture><img src="https://c.s-microsoft.com/en-us/CMSImages/Panel_Footer_Icons_PowerCord.jpg?version=f86a5c2e-e348-a491-e374-d73f99701f78" class="mscom-image" width="60" height="60" alt="" /></picture><span>Power cord recall</span></a></li><li><a href="" class="c-hyperlink f-image " aria-label=""><picture></picture><span></span></a></li></ul></nav><hr class="c-divider" /></div></div></section><section role="region" aria-label="Footnotes: Disclaimers" data-vg="Surface_Home_Lg_Footnotes_VG" class="surface-section-footnotes"><div data-grid="container"><div data-grid="col-12"><p class="c-caption-2"><a aria-label="Return to footnote * referrer" href="javascript:void(0)" class="c-hyperlink supLink"><strong class="supFn">*</strong></a> Some accessories and software sold separately. See individual product pages for details.</p></div><span style="display:none;" id="ss-footnote-text">Footnote</span></div></section></div><section class="surface-lightbox-VideoPopup" data-pf="Surface_LightBox_Popup_Video_PageFragment"><div class="c-dialog f-lightbox" id="surface-lightbox-preview" aria-hidden="true"><div role="presentation" data-js-dialog-hide="data-js-dialog-hide" tabindex="-1"></div><div class="c-glyph glyph-cancel" data-js-dialog-hide="data-js-dialog-hide" aria-label="Close dialog" tabindex="0"></div><div role="dialog" aria-label="Lightbox" tabindex="-1"><div role="document" tabindex="1"><a target="_blank"><div itemscope="" id="videoPlayer" class="c-video" itemtype="http://schema.org/VideoObject" data-title="video player"><span aria-hidden="true" itemprop="name"></span><span aria-hidden="true" itemprop="description"></span><img src="" alt="" aria-hidden="true" it |
