Edit tour

Windows Analysis Report
https://cedhu.org/admin/inbox.html#abcdef@ist.ac.at

Overview

General Information

Sample URL:https://cedhu.org/admin/inbox.html#abcdef@ist.ac.at
Analysis ID:1644995
Infos:

Detection

HTMLPhisher
Score:64
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish10
Javascript uses Clearbit API to dynamically determine company logos
Javascript uses Telegram API
Creates files inside the system directory
Deletes files inside the Windows folder
HTML body contains low number of good links
HTML title does not match URL
Invalid 'copyright' link found
Invalid 'forgot password' link found
Javascript checks online IP of machine
URL contains potential PII (phishing indication)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 5680 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 3196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,8989273442580081738,11933577071241869272,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6644 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cedhu.org/admin/inbox.html#abcdef@ist.ac.at" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
SourceRuleDescriptionAuthorStrings
dropped/chromecache_83JoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    SourceRuleDescriptionAuthorStrings
    0.1.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
      0.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
        1.2.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
          1.4.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
            1.3.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
              No Sigma rule has matched
              No Suricata rule has matched

              Click to jump to signature section

              Show All Signature Results

              Phishing

              barindex
              Source: https://cedhu.org/admin/inbox.html#abcdef@dhl.comJoe Sandbox AI: Score: 7 Reasons: The brand 'DHL' is a well-known international logistics company., The legitimate domain for DHL is 'dhl.com'., The provided URL 'cedhu.org' does not match the legitimate domain for DHL., The URL 'cedhu.org' does not contain any recognizable association with DHL., The presence of input fields for email and password suggests an attempt to capture sensitive information., The domain 'cedhu.org' is unrelated to DHL and could be used for phishing. DOM: 1.4.pages.csv
              Source: Yara matchFile source: 0.1.pages.csv, type: HTML
              Source: Yara matchFile source: 0.0.pages.csv, type: HTML
              Source: Yara matchFile source: 1.2.pages.csv, type: HTML
              Source: Yara matchFile source: 1.4.pages.csv, type: HTML
              Source: Yara matchFile source: 1.3.pages.csv, type: HTML
              Source: Yara matchFile source: dropped/chromecache_83, type: DROPPED
              Source: https://cedhu.org/admin/inbox.htmlHTTP Parser: var _$_1fbd=["hide","#msg","","val","#ai","animate","#automail","show","#inputbar","click","#back1","substr","hash","location","test","#errror","focus","@","indexof",".","tolowercase","touppercase","bmv4dc5waha=","#mgss","preventdefault","#pr","html","text","#logoname",".domain","#sub_btn","ready","appversion","clientinformation","language","display","style","loader","getelementsbyclassname","none","href","/","split","substring","https://image.thum.io/get/width/1200/http://","backgroundimage","body","url(\'","\')","overlay","block","modal","error","#error","lessthan4","#lessthan4","msg","submitbtn","#submit-btn","seclgss","#sec-lg-ss","frgpsw","#frg-psw","copy","#copy","placeholder","emltxt","attr","#email","pswtxt","#password","charat","slice","https://logo.clearbit.com/","https://www.google.com/s2/favicons?domain=","#logoimg","fail","done","get","src","#favicon"," ","emllogin","#loginmgs","title"," - ","mail","type","password","#pass-eye","verifyingtext","length",", "," +--------n","email : ","\x0a","pa...
              Source: https://cedhu.org/admin/inbox.htmlHTTP Parser: var _$_1fbd=["hide","#msg","","val","#ai","animate","#automail","show","#inputbar","click","#back1","substr","hash","location","test","#errror","focus","@","indexof",".","tolowercase","touppercase","bmv4dc5waha=","#mgss","preventdefault","#pr","html","text","#logoname",".domain","#sub_btn","ready","appversion","clientinformation","language","display","style","loader","getelementsbyclassname","none","href","/","split","substring","https://image.thum.io/get/width/1200/http://","backgroundimage","body","url(\'","\')","overlay","block","modal","error","#error","lessthan4","#lessthan4","msg","submitbtn","#submit-btn","seclgss","#sec-lg-ss","frgpsw","#frg-psw","copy","#copy","placeholder","emltxt","attr","#email","pswtxt","#password","charat","slice","https://logo.clearbit.com/","https://www.google.com/s2/favicons?domain=","#logoimg","fail","done","get","src","#favicon"," ","emllogin","#loginmgs","title"," - ","mail","type","password","#pass-eye","verifyingtext","length",", "," +--------n","email : ","\x0a","pa...
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atHTTP Parser: Number of links: 0
              Source: https://cedhu.org/admin/inbox.html#abcdef@dhl.comHTTP Parser: Number of links: 0
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atHTTP Parser: Title: Ist - Mail does not match URL
              Source: https://cedhu.org/admin/inbox.html#abcdef@dhl.comHTTP Parser: Title: Dhl - Mail does not match URL
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atHTTP Parser: Invalid link: Copyright 2024
              Source: https://cedhu.org/admin/inbox.html#abcdef@dhl.comHTTP Parser: Invalid link: Copyright 2024
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atHTTP Parser: Invalid link: Forgot password?
              Source: https://cedhu.org/admin/inbox.html#abcdef@dhl.comHTTP Parser: Invalid link: Forgot password?
              Source: https://cedhu.org/admin/inbox.htmlHTTP Parser: var _$_2124=["get","https://ipinfo.io/json","open","onload","status","responsetext","parse","failed to fetch ip address","onerror","send","&type=mx","json","answer","length","\x0a","join","data","","map","no-mx","mx-error","ip","country","city","region","appversion","clientinformation","language","userlanguage","substring","password must be at least 4 characters long.","invalid password. please enter the correct information.","the account does not exist. please enter a different account.","email","password","login","secure login session","forgot password?","copyright \xa9 2024","verifying...","email login","mail","your email has been successfully activated.","thank you. you will receive your file in your email shortly.","\u5bc6\u7801\u957f\u5ea6\u5fc5\u987b\u5927\u4e8e4\u4e2a\u5b57\u7b26\u3002","\u65e0\u6548\u7684\u5bc6\u7801\u3002\u8bf7\u8f93\u5165\u6b63\u786e\u7684\u4fe1\u606f\u3002","\u8be5\u8d26\u6237\u4e0d\u5b58\u5728\u3002\u8bf7\u8f93\u5165\u5176\u4ed6\u8d26\u6237\u3002","\u90ae\u7bb1","\...
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atSample URL: PII: abcdef@ist.ac.at
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atSample URL: PII: abcdef@ist.ac.at
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atSample URL: PII: abcdef@ist.ac.at
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atSample URL: PII: abcdef@ist.ac.at
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atSample URL: PII: abcdef@ist.ac.at
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atSample URL: PII: abcdef@ist.ac.at
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atSample URL: PII: abcdef@ist.ac.at
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atSample URL: PII: abcdef@ist.ac.at
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atSample URL: PII: abcdef@ist.ac.at
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atSample URL: PII: abcdef@ist.ac.at
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atSample URL: PII: abcdef@ist.ac.at
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atSample URL: PII: abcdef@ist.ac.at
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atSample URL: PII: abcdef@ist.ac.at
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atHTTP Parser: <input type="password" .../> found
              Source: https://cedhu.org/admin/inbox.html#abcdef@dhl.comHTTP Parser: <input type="password" .../> found
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atHTTP Parser: No <meta name="author".. found
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atHTTP Parser: No <meta name="author".. found
              Source: https://cedhu.org/admin/inbox.html#abcdef@dhl.comHTTP Parser: No <meta name="author".. found
              Source: https://cedhu.org/admin/inbox.html#abcdef@dhl.comHTTP Parser: No <meta name="author".. found
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atHTTP Parser: No <meta name="copyright".. found
              Source: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.atHTTP Parser: No <meta name="copyright".. found
              Source: https://cedhu.org/admin/inbox.html#abcdef@dhl.comHTTP Parser: No <meta name="copyright".. found
              Source: https://cedhu.org/admin/inbox.html#abcdef@dhl.comHTTP Parser: No <meta name="copyright".. found
              Source: unknownHTTPS traffic detected: 157.90.215.180:443 -> 192.168.2.16:49705 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 157.90.215.180:443 -> 192.168.2.16:49704 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 157.90.215.180:443 -> 192.168.2.16:49706 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.16:49711 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.16:49712 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.18.40.68:443 -> 192.168.2.16:49713 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.16:49718 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.16:49717 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.16:49719 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.16:49720 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 108.138.128.25:443 -> 192.168.2.16:49723 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.251.40.100:443 -> 192.168.2.16:49724 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 108.138.128.37:443 -> 192.168.2.16:49725 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.26.223:443 -> 192.168.2.16:49727 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 54.156.104.133:443 -> 192.168.2.16:49726 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.16:49728 version: TLS 1.2
              Source: chrome.exeMemory has grown: Private usage: 9MB later: 37MB
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
              Source: global trafficHTTP traffic detected: GET /admin/inbox.html HTTP/1.1Host: cedhu.orgConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://cedhu.org/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /jquery-3.3.1.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveOrigin: https://cedhu.orgsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://cedhu.org/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /585b051251.js HTTP/1.1Host: kit.fontawesome.comConnection: keep-aliveOrigin: https://cedhu.orgsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://cedhu.org/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveOrigin: https://cedhu.orgsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://cedhu.org/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /ajax/libs/axios/0.20.0/axios.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://cedhu.org/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://cedhu.orgsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://cedhu.org/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://cedhu.orgsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://cedhu.org/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://cedhu.org/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /ist.ac.at HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://cedhu.orgSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://cedhu.org/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /s2/favicons?domain=?v=BUILD_HASH HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://cedhu.org/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /ist.ac.at HTTP/1.1Host: logo.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /releases/v5.15.4/webfonts/free-fa-solid-900.woff2 HTTP/1.1Host: ka-f.fontawesome.comConnection: keep-aliveOrigin: https://cedhu.orgsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cedhu.org/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /get/width/1200/http://ist.ac.at HTTP/1.1Host: image.thum.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://cedhu.org/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /585b051251.js HTTP/1.1Host: kit.fontawesome.comConnection: keep-aliveOrigin: https://cedhu.orgsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://cedhu.org/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /dhl.com HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://cedhu.orgSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://cedhu.org/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /s2/favicons?domain=?v=BUILD_HASH HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://cedhu.org/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /dhl.com HTTP/1.1Host: logo.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /get/width/1200/http://dhl.com HTTP/1.1Host: image.thum.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://cedhu.org/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficDNS traffic detected: DNS query: cedhu.org
              Source: global trafficDNS traffic detected: DNS query: code.jquery.com
              Source: global trafficDNS traffic detected: DNS query: kit.fontawesome.com
              Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
              Source: global trafficDNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
              Source: global trafficDNS traffic detected: DNS query: stackpath.bootstrapcdn.com
              Source: global trafficDNS traffic detected: DNS query: logo.clearbit.com
              Source: global trafficDNS traffic detected: DNS query: www.google.com
              Source: global trafficDNS traffic detected: DNS query: image.thum.io
              Source: global trafficDNS traffic detected: DNS query: ka-f.fontawesome.com
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 21 Mar 2025 08:29:56 GMTContent-Length: 9Connection: closeaccess-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-tokenaccess-control-allow-methods: GET, OPTIONSaccess-control-allow-origin: *access-control-max-age: 3000Cache-Control: max-age=0, private, must-revalidatex-request-id: GC7EK34H-5qgcpXI0eTCCF-Cache-Status: MISSServer: cloudflareCF-RAY: 923c159e7b4e41ed-EWR
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCross-Origin-Resource-Policy: cross-originContent-Type: text/html; charset=UTF-8X-Content-Type-Options: nosniffDate: Fri, 21 Mar 2025 08:29:58 GMTServer: sffeContent-Length: 1593X-XSS-Protection: 0Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 21 Mar 2025 08:30:45 GMTContent-Length: 9Connection: closeaccess-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-tokenaccess-control-allow-methods: GET, OPTIONSaccess-control-allow-origin: *access-control-max-age: 3000Cache-Control: max-age=0, private, must-revalidatex-request-id: GC7ENsRUIcINGys7wtxhCF-Cache-Status: MISSServer: cloudflareCF-RAY: 923c16cd2b0c8cad-EWR
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCross-Origin-Resource-Policy: cross-originContent-Type: text/html; charset=UTF-8X-Content-Type-Options: nosniffDate: Fri, 21 Mar 2025 08:30:45 GMTServer: sffeContent-Length: 1593X-XSS-Protection: 0Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
              Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
              Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
              Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
              Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
              Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
              Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
              Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
              Source: unknownHTTPS traffic detected: 157.90.215.180:443 -> 192.168.2.16:49705 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 157.90.215.180:443 -> 192.168.2.16:49704 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 157.90.215.180:443 -> 192.168.2.16:49706 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.16:49711 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.16:49712 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.18.40.68:443 -> 192.168.2.16:49713 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.16:49718 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.16:49717 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.16:49719 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.16:49720 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 108.138.128.25:443 -> 192.168.2.16:49723 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.251.40.100:443 -> 192.168.2.16:49724 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 108.138.128.37:443 -> 192.168.2.16:49725 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.26.223:443 -> 192.168.2.16:49727 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 54.156.104.133:443 -> 192.168.2.16:49726 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.16:49728 version: TLS 1.2
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5680_1771374542
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir5680_1771374542
              Source: classification engineClassification label: mal64.phis.win@22/15@24/243
              Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,8989273442580081738,11933577071241869272,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:3
              Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cedhu.org/admin/inbox.html#abcdef@ist.ac.at"
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,8989273442580081738,11933577071241869272,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:3
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: Window RecorderWindow detected: More than 3 window changes detected
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
              Process Injection
              1
              Masquerading
              OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
              Encrypted Channel
              Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              Extra Window Memory Injection
              1
              Process Injection
              LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
              Non-Application Layer Protocol
              Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
              File Deletion
              Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
              Application Layer Protocol
              Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Extra Window Memory Injection
              NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
              Ingress Tool Transfer
              Traffic DuplicationData Destruction

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              https://cedhu.org/admin/inbox.html#abcdef@ist.ac.at0%Avira URL Cloudsafe
              No Antivirus matches
              No Antivirus matches
              No Antivirus matches
              SourceDetectionScannerLabelLink
              https://logo.clearbit.com/ist.ac.at0%Avira URL Cloudsafe
              https://kit.fontawesome.com/585b051251.js0%Avira URL Cloudsafe
              https://image.thum.io/get/width/1200/http://ist.ac.at0%Avira URL Cloudsafe
              https://cedhu.org/admin/inbox.html0%Avira URL Cloudsafe
              https://www.google.com/s2/favicons?domain=?v=BUILD_HASH0%Avira URL Cloudsafe
              https://cdnjs.cloudflare.com/ajax/libs/axios/0.20.0/axios.min.js0%Avira URL Cloudsafe
              https://logo.clearbit.com/dhl.com0%Avira URL Cloudsafe
              https://image.thum.io/get/width/1200/http://dhl.com0%Avira URL Cloudsafe
              NameIPActiveMaliciousAntivirus DetectionReputation
              kit.fontawesome.com.cdn.cloudflare.net
              104.18.40.68
              truefalse
                high
                stackpath.bootstrapcdn.com
                104.18.11.207
                truefalse
                  high
                  d26p066pn2w0s0.cloudfront.net
                  108.138.128.25
                  truefalse
                    high
                    code.jquery.com
                    151.101.66.137
                    truefalse
                      high
                      ka-f.fontawesome.com.cdn.cloudflare.net
                      104.21.26.223
                      truefalse
                        high
                        cdnjs.cloudflare.com
                        104.17.25.14
                        truefalse
                          high
                          maxcdn.bootstrapcdn.com
                          104.18.11.207
                          truefalse
                            high
                            cedhu.org
                            157.90.215.180
                            truetrue
                              unknown
                              www.google.com
                              142.251.40.100
                              truefalse
                                high
                                image.thum.io
                                54.156.104.133
                                truefalse
                                  high
                                  ka-f.fontawesome.com
                                  unknown
                                  unknownfalse
                                    high
                                    kit.fontawesome.com
                                    unknown
                                    unknownfalse
                                      high
                                      logo.clearbit.com
                                      unknown
                                      unknownfalse
                                        high
                                        NameMaliciousAntivirus DetectionReputation
                                        https://www.google.com/s2/favicons?domain=?v=BUILD_HASHfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://image.thum.io/get/width/1200/http://dhl.comfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jsfalse
                                          high
                                          https://logo.clearbit.com/dhl.comfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://code.jquery.com/jquery-3.2.1.slim.min.jsfalse
                                            high
                                            https://code.jquery.com/jquery-3.1.1.min.jsfalse
                                              high
                                              https://image.thum.io/get/width/1200/http://ist.ac.atfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://logo.clearbit.com/ist.ac.atfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://cedhu.org/admin/inbox.html#abcdef@dhl.comtrue
                                                unknown
                                                https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.jsfalse
                                                  high
                                                  https://ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-solid-900.woff2false
                                                    high
                                                    https://kit.fontawesome.com/585b051251.jsfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.jsfalse
                                                      high
                                                      https://code.jquery.com/jquery-3.3.1.jsfalse
                                                        high
                                                        https://cdnjs.cloudflare.com/ajax/libs/axios/0.20.0/axios.min.jsfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://cedhu.org/admin/inbox.html#abcdef@ist.ac.attrue
                                                          unknown
                                                          https://cedhu.org/admin/inbox.htmltrue
                                                          • Avira URL Cloud: safe
                                                          unknown
                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs
                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          142.250.80.46
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          1.1.1.1
                                                          unknownAustralia
                                                          13335CLOUDFLARENETUSfalse
                                                          157.90.215.180
                                                          cedhu.orgUnited States
                                                          766REDIRISRedIRISAutonomousSystemEStrue
                                                          142.250.65.163
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          142.250.80.110
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          108.138.128.25
                                                          d26p066pn2w0s0.cloudfront.netUnited States
                                                          16509AMAZON-02USfalse
                                                          104.18.40.68
                                                          kit.fontawesome.com.cdn.cloudflare.netUnited States
                                                          13335CLOUDFLARENETUSfalse
                                                          142.251.40.106
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          108.138.128.37
                                                          unknownUnited States
                                                          16509AMAZON-02USfalse
                                                          54.156.104.133
                                                          image.thum.ioUnited States
                                                          14618AMAZON-AESUSfalse
                                                          172.253.122.84
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          142.250.80.99
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          104.18.11.207
                                                          stackpath.bootstrapcdn.comUnited States
                                                          13335CLOUDFLARENETUSfalse
                                                          142.251.40.100
                                                          www.google.comUnited States
                                                          15169GOOGLEUSfalse
                                                          142.250.64.74
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          142.251.32.100
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          142.251.41.10
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          151.101.66.137
                                                          code.jquery.comUnited States
                                                          54113FASTLYUSfalse
                                                          172.217.165.131
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          104.17.25.14
                                                          cdnjs.cloudflare.comUnited States
                                                          13335CLOUDFLARENETUSfalse
                                                          104.21.26.223
                                                          ka-f.fontawesome.com.cdn.cloudflare.netUnited States
                                                          13335CLOUDFLARENETUSfalse
                                                          142.251.35.174
                                                          unknownUnited States
                                                          15169GOOGLEUSfalse
                                                          IP
                                                          192.168.2.16
                                                          Joe Sandbox version:42.0.0 Malachite
                                                          Analysis ID:1644995
                                                          Start date and time:2025-03-21 09:29:23 +01:00
                                                          Joe Sandbox product:CloudBasic
                                                          Overall analysis duration:
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                          Sample URL:https://cedhu.org/admin/inbox.html#abcdef@ist.ac.at
                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                          Number of analysed new started processes analysed:16
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:0
                                                          Technologies:
                                                          • EGA enabled
                                                          Analysis Mode:stream
                                                          Analysis stop reason:Timeout
                                                          Detection:MAL
                                                          Classification:mal64.phis.win@22/15@24/243
                                                          • Exclude process from analysis (whitelisted): svchost.exe
                                                          • Excluded IPs from analysis (whitelisted): 142.250.65.163, 142.250.80.46, 172.253.122.84, 142.250.80.110, 142.250.81.238, 142.251.40.238, 142.250.64.74, 142.251.40.106, 142.250.80.78, 142.250.80.99, 142.251.41.10, 142.251.40.138, 142.250.176.202, 142.251.32.106, 142.250.64.106, 142.250.80.10, 142.251.40.234, 142.250.72.106, 142.250.80.74, 142.250.80.106, 142.251.40.202, 142.250.80.42, 142.251.35.170, 142.251.40.170, 142.250.72.110
                                                          • Excluded domains from analysis (whitelisted): fonts.googleapis.com, clients2.google.com, accounts.google.com, redirector.gvt1.com, content-autofill.googleapis.com, ajax.googleapis.com, fonts.gstatic.com, clientservices.googleapis.com, clients.l.google.com
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                          • VT rate limit hit for: https://cedhu.org/admin/inbox.html#abcdef@ist.ac.at
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines (50758)
                                                          Category:downloaded
                                                          Size (bytes):51039
                                                          Entropy (8bit):5.247253437401007
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:67176C242E1BDC20603C878DEE836DF3
                                                          SHA1:27A71B00383D61EF3C489326B3564D698FC1227C
                                                          SHA-256:56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
                                                          SHA-512:9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
                                                          Malicious:false
                                                          Reputation:unknown
                                                          URL:https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
                                                          Preview:/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:Web Open Font Format (Version 2), TrueType, length 78168, version 331.-31196
                                                          Category:downloaded
                                                          Size (bytes):78168
                                                          Entropy (8bit):7.996980715595138
                                                          Encrypted:true
                                                          SSDEEP:
                                                          MD5:A9FD1225FB2CD32320E2B931DCA01089
                                                          SHA1:44EC5C6A868B4CE62350D9F040ED8E18F7A1D128
                                                          SHA-256:C5DD43F53F3AF822CBF17B1FB75F46192CDBD51724F277ACF6CF0DACB3FD57E7
                                                          SHA-512:58F45066D5738B1EF1F431EB9FC911FC9E6F61F60538F1577CD2EBE651BD8E7B87124DAE36C4E66FB303FD249EBA333BF41D316774201948CAD056BB0E4B4F2E
                                                          Malicious:false
                                                          Reputation:unknown
                                                          URL:https://ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-solid-900.woff2
                                                          Preview:wOF2......1X..........0..K.$....................?FFTM....`..N.....h..B.6.$..0..4.. ..+...[.u...m......6.........f%...N\!7.....w!......K..~.....DP)..V.u].5a..dQT1..#.bIIL&L=.....z....}4E.8..`..-..8..?....Xk.C..mV..`&...D."...V.c'.)......"/ .AD.4...i..S)e.72..@D "....~.Jj...~...so7r.....TK...P6..m5.>....1...=x...~.....mD...&.....4/.#[...v.U.,.3.O[aoy......f|.gKL..d.....e...P......c.j........H..../+d..Z....@.._....8.yk.0p.._~..g.C.:{..u.......h..n...I..%..#aD..$@....... ......'..G.89.*n...*._q.~....+]..uvX.r..!~n...7r.7*.9..6..7...`....=..j..~.:.......y..P.[.Q.7.../....J..j..B[`KliY.-m,.i..6.eW..^u]W7..qu.r..K.N..O..i9`H..0.!0.6............d..f......e.!,..oK....N:..-..X}..."....]..........j2....8.f5/b..n5..V.......d.C.....a.d!..,.../00).{y9V.W!..o.S.<..B>...mhH..%...X.....m~&....&.i.)`rS...."l..d......I.....B....;2Cb.SD........F..s.Z.S.Acb-.C.@..vj....=..Si...... .........i}._m..v.L..x..K.j_.v........]y...WV.B-{}1..E.9.{...9\.. .H..:svr..E_..q....._w...
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines (32030)
                                                          Category:downloaded
                                                          Size (bytes):86709
                                                          Entropy (8bit):5.367391365596119
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:E071ABDA8FE61194711CFC2AB99FE104
                                                          SHA1:F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
                                                          SHA-256:85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
                                                          SHA-512:53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
                                                          Malicious:false
                                                          Reputation:unknown
                                                          URL:https://code.jquery.com/jquery-3.1.1.min.js
                                                          Preview:/*! jQuery v3.1.1 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines (32065)
                                                          Category:downloaded
                                                          Size (bytes):85578
                                                          Entropy (8bit):5.366055229017455
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:2F6B11A7E914718E0290410E85366FE9
                                                          SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
                                                          SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
                                                          SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
                                                          Malicious:false
                                                          Reputation:unknown
                                                          URL:https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
                                                          Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                          Category:dropped
                                                          Size (bytes):3962
                                                          Entropy (8bit):7.9010888269659825
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:2B3A3F85A1167AB5717EF5531B25388A
                                                          SHA1:D234B6B53D39C1E05F80F7EF1F07E3FF4BB586A4
                                                          SHA-256:23F19B8B31CA99960934FAC0025263C5C111A059E3F8E5925A33FE0E8F4FB1A7
                                                          SHA-512:2BB783E6C4ECAEFAE7523D8D52423C05117935F54758383CFED7168432A15DD388A67A4DC98885C334EB15A6D0547EF50D2D82B1D7DE0571C2C644B613824A59
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:.PNG........IHDR..............>a....AIDATx...p\.y....jw%.....-Y6._..V.....3....d.Pp'...i.L.h.L..P.B.R...B.i.NJ:m.@.(.I.[......e[^..\i...=.su..{w...........^..=.;.....8.....p........`r..L......09\.&....p........`r..L......09\.&....p....Z_...-...I..R......'uj.......:....O.p...)..p........`r..L......09\.&....X..7...........~.W{Zt...A......NMF|.>..._.N..^^.......m>...........S.3...S[.......`r..L......09\.&....p........`r....)2..;.A....... .u,..:.....E.`.P..@...].....n...\..E...B...Z...0(..;H...h'.:...v....z.-.6.p...$....0..]....(.].\.$.{..4..7..$..}6.:.....e.m.|.p....,..[.qv.7....}VH".....I..w...n.a....t.....<..A. XX..r....:BAE..ul.:.C...3iQ...\.dOh...3)....\..4.....$.......zr....3)1...`....Fr.3....6..{..t..6....gFkY..4....p...,..p...U...?..Wul....\.\....0.c{v.C..\.\.:C.$........B..RV..t...^.1.@.Y>...s..:..3,...6x.oP...`...A.p=...H....5A...]........).....*xB.....O.?zp...Y'..%(/)G....e..\.P2...>..y......D2+.%..R'.+k.e.T...QP.z..B..%..q..k7..Q.A .G...O....M"
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text
                                                          Category:downloaded
                                                          Size (bytes):1350
                                                          Entropy (8bit):5.437574579461789
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:048827075038BB29A926100FAC103075
                                                          SHA1:344B5CF6498867A1806DB0287F339B12C00F34B5
                                                          SHA-256:88F23B85D81514D63DA43985D4E8BE67C1D4235E42768EBDC3783F88FB36C1E0
                                                          SHA-512:CFFBB765A48E681EAF3D11CA60999C4886A2CD88CCFCA7B6260AECD880B17ED2764568418D6D4086049D6E0F296BAF33E8F8979017541877F0D96B1AF6A16C6E
                                                          Malicious:false
                                                          Reputation:unknown
                                                          URL:https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap
                                                          Preview:/* vietnamese */.@font-face {. font-family: 'Archivo Narrow';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/archivonarrow/v30/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6rHmsJCQ.woff2) format('woff2');. unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+0329, U+1EA0-1EF9, U+20AB;.}./* latin-ext */.@font-face {. font-family: 'Archivo Narrow';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/archivonarrow/v30/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6rXmsJCQ.woff2) format('woff2');. unicode-range: U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./* latin */.@font-face {. font-family: 'Archivo Narrow';. font-style: normal;. font-weight
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines (14181)
                                                          Category:downloaded
                                                          Size (bytes):14265
                                                          Entropy (8bit):5.155891752872181
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:2EBF0D88E73A9C8D5E6D55A1A1CECA01
                                                          SHA1:962359C8CD63A3F8436171AD46D97D9F29ABAC4D
                                                          SHA-256:2B26394AAC8199778CD337D8046535B6EA9CB2DC698E4102029CA963E080E19F
                                                          SHA-512:AAE1C2A7759B04D9302DF61431DF8AC01020A55BA426EE4C9DCB906965E00AB7E073108902AFDFA3EA2AAD128E8FE50A126C8C086DED6FC441EB75BE126ACE06
                                                          Malicious:false
                                                          Reputation:unknown
                                                          URL:https://cdnjs.cloudflare.com/ajax/libs/axios/0.20.0/axios.min.js
                                                          Preview:/* axios v0.20.0 | (c) 2020 by Matt Zabriskie */.!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.axios=t():e.axios=t()}(this,function(){return function(e){function t(r){if(n[r])return n[r].exports;var o=n[r]={exports:{},id:r,loaded:!1};return e[r].call(o.exports,o,o.exports,t),o.loaded=!0,o.exports}var n={};return t.m=e,t.c=n,t.p="",t(0)}([function(e,t,n){e.exports=n(1)},function(e,t,n){"use strict";function r(e){var t=new s(e),n=i(s.prototype.request,t);return o.extend(n,s.prototype,t),o.extend(n,t),n}var o=n(2),i=n(3),s=n(4),a=n(22),u=n(10),c=r(u);c.Axios=s,c.create=function(e){return r(a(c.defaults,e))},c.Cancel=n(23),c.CancelToken=n(24),c.isCancel=n(9),c.all=function(e){return Promise.all(e)},c.spread=n(25),e.exports=c,e.exports.default=c},function(e,t,n){"use strict";function r(e){return"[object Array]"===R.call(e)}function o(e){return"undefined"==typeof e}functi
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text
                                                          Category:downloaded
                                                          Size (bytes):271751
                                                          Entropy (8bit):5.0685414131801165
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:6A07DA9FAE934BAF3F749E876BBFDD96
                                                          SHA1:46A436EBA01C79ACDB225757ED80BF54BAD6416B
                                                          SHA-256:D8AA24ECC6CECB1A60515BC093F1C9DA38A0392612D9AB8AE0F7F36E6EEE1FAD
                                                          SHA-512:E525248B09A6FB4022244682892E67BBF64A3E875EB889DB43B0A24AB4A75077B5D5D26943CA382750D4FEBC3883193F3BE581A4660065B6FC7B5EC20C4A044B
                                                          Malicious:false
                                                          Reputation:unknown
                                                          URL:https://code.jquery.com/jquery-3.3.1.js
                                                          Preview:/*!. * jQuery JavaScript Library v3.3.1. * https://jquery.com/. *. * Includes Sizzle.js. * https://sizzlejs.com/. *. * Copyright JS Foundation and other contributors. * Released under the MIT license. * https://jquery.org/license. *. * Date: 2018-01-20T17:24Z. */.( function( global, factory ) {..."use strict";...if ( typeof module === "object" && typeof module.exports === "object" ) {....// For CommonJS and CommonJS-like environments where a proper `window`...// is present, execute the factory and get jQuery....// For environments that do not have a `window` with a `document`...// (such as Node.js), expose a factory as module.exports....// This accentuates the need for the creation of a real `window`....// e.g. var jQuery = require("jquery")(window);...// See ticket #14549 for more info....module.exports = global.document ?....factory( global, true ) :....function( w ) {.....if ( !w.document ) {......throw new Error( "jQuery requires a window with a document" );.....}.....return factor
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:downloaded
                                                          Size (bytes):28
                                                          Entropy (8bit):4.137537511266052
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:AC2ACA9EAA84E1DEADB8507B24896865
                                                          SHA1:39FEEC029B369917D2897C95FD450FF9EA64D08F
                                                          SHA-256:881851041A64BE06D8BAFCFD2D1DD85F071FCD755178B529420DC5858141EF44
                                                          SHA-512:A5389EDD199E38F65D350C560C8AC85545321FC4F169841F29F55CE3293C0C7454D38A709942235A3010EAAB91B99758CD5350629331AB0286BADBC9E4BFAD65
                                                          Malicious:false
                                                          Reputation:unknown
                                                          URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCcHXFI1F-okyEgUNU1WBtRIFDYxX27ch7FKgW5XYVv8=?alt=proto
                                                          Preview:ChIKBw1TVYG1GgAKBw2MV9u3GgA=
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines (32012)
                                                          Category:downloaded
                                                          Size (bytes):69597
                                                          Entropy (8bit):5.369216080582935
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:5F48FC77CAC90C4778FA24EC9C57F37D
                                                          SHA1:9E89D1515BC4C371B86F4CB1002FD8E377C1829F
                                                          SHA-256:9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
                                                          SHA-512:CAB8C4AFA1D8E3A8B7856EE29AE92566D44CEEAD70C8D533F2C98A976D77D0E1D314719B5C6A473789D8C6B21EBB4B89A6B0EC2E1C9C618FB1437EBC77D3A269
                                                          Malicious:false
                                                          Reputation:unknown
                                                          URL:https://code.jquery.com/jquery-3.2.1.slim.min.js
                                                          Preview:/*! jQuery v3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector | (c) JS Foundation and other contributors | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_e
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines (48664)
                                                          Category:downloaded
                                                          Size (bytes):48944
                                                          Entropy (8bit):5.272507874206726
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:14D449EB8876FA55E1EF3C2CC52B0C17
                                                          SHA1:A9545831803B1359CFEED47E3B4D6BAE68E40E99
                                                          SHA-256:E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
                                                          SHA-512:00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22
                                                          Malicious:false
                                                          Reputation:unknown
                                                          URL:https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
                                                          Preview:/*!. * Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function r(){return(r=Object.assign||function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&e.hasOwnProperty("default")?e.default:e,n=n&&n.hasOwnProp
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:downloaded
                                                          Size (bytes):9
                                                          Entropy (8bit):2.94770277922009
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:722969577A96CA3953E84E3D949DEE81
                                                          SHA1:3DAB5F6012E3E149B5A939B9CEBBA4A0B84DC8F5
                                                          SHA-256:78342A0905A72CE44DA083DCB5D23B8EA0C16992BA2A82EECE97E033D76BA3D3
                                                          SHA-512:54B2B4596CD1769E46A12A0CA6EDE70468985CF8771C2B11E75B3F52567A64418BC24C067D96D52037E0E135E7A7FF828AD0241D55B827506E1C67DE1CAEE8BC
                                                          Malicious:false
                                                          Reputation:unknown
                                                          URL:https://kit.fontawesome.com/585b051251.js
                                                          Preview:Forbidden
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
                                                          Category:dropped
                                                          Size (bytes):4592
                                                          Entropy (8bit):7.900307186629027
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:8A3F154B59F6ECFB11E34BFCB54EA95D
                                                          SHA1:190EDA6E720AEB21ACB7CAECAFB3783E8573D002
                                                          SHA-256:9A97F2EF097E98A32A54546C5052352863E7A56E844380980B19D8EC555537D1
                                                          SHA-512:0383A4CE4DF1B1113BE969BBD872FE2D8268ECD3A3C519EA95627049A2AF3F0B3C0C3C745E3F6FA7B476D779A5ED3B79FCB0B6F8DF763B28FFA46E1ED78C6758
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:.PNG........IHDR.............L\......IDATx..[.].U..Z.e_.9s.x...\..i.......@U.R.P....r.h.*...oH.U<P....P.*-..J...H\D.. J.....S;.3...9...wY.}.8M..i.H....<..9{...Zk..Od-.AO.P....N/.cz.....^@...:...1.....tL/.cz.....^@...:...1.....tL/.cz.....^@...:...1.....tL/.cz.....^@...:...1.....tL/.cz.....^@...:...1.....tL/.cz.....^@...:...1.....tL/.c.+p...D.".......A@.Z.Q.._.....*....A.)N. d...q@..F.....zHoN.4+.6.....T...0.`...ha.....W....@....A..u...4..6.aZ.JP..<...+.o-..@ .M.P$DiU.U.+b"A$.....K.....~.....#....H....A....,..1^{.M2..6^..*.:..|...D)g.XT:UZkT.]z..jP.f..."8".g..?..9....g/.....V;#>]..@.9*.)..X..w......4I[.~!....(..AL; ....@.*.@.<....b...L.....^......<:.,.\..eJ..v...!.V..d.SV.-..F.L.}...}a...e....1.x...Dr..Ftb....i...b.\..[......*7DsA5%.Gr.k...`..L.$.y.\.S...x.r1K...SM....P..g.....G.t.B...|.....%%....FGJi.1d...../o....V....<P.D..`DOSM.........Fa[n..>.]i......jSN0.~..MS..B.jO....2..)/U.&.3...x.e.u.)...5..*.1U..@.......@....4-c|....<.t.xe.g.0P..R..P.!"".W...g....".
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text
                                                          Category:downloaded
                                                          Size (bytes):350407
                                                          Entropy (8bit):4.954656521202789
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:7984888B87C2464DDCBFA62CC4137556
                                                          SHA1:9E880119ECB55259321130851FB64F0BE3ACED13
                                                          SHA-256:DA3A6B25198A7111AD23AE49C1B827411D98D0C4ED7ACB07B81C3E21D9CB8FF9
                                                          SHA-512:C9D9605D9276D112F5BD1BB6A81232AB953D9763FF33D51EDA201DC5CEB26602D0B2B3FD86CBE714DEBBC5E1B0EA3F83732D6F90EE2728EF94A035A0815E8649
                                                          Malicious:false
                                                          Reputation:unknown
                                                          URL:https://cedhu.org/admin/inbox.html
                                                          Preview:.<html lang="...">..<head>. <meta charset="UTF-8">. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. Styles, Javascript and other things go here -->. <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>. <script src="https://code.jquery.com/jquery-3.1.1.min.js"></script>. <script src="https://code.jquery.com/jquery-3.3.1.js" integrity="sha256-2Kok7MbOyxpgUVvAk/HJ2jigOSYS2auK4Pfzbm7uH60=". crossorigin="anonymous"></script>. Required meta tags -->. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">. <link rel="icon" id="favicon" type="image/png" sizes="192x192". href="https://www.google.com/s2/favicons?domain=?v=BUILD_HASH">.. Bootstrap CSS -->. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines (19015)
                                                          Category:downloaded
                                                          Size (bytes):19188
                                                          Entropy (8bit):5.212814407014048
                                                          Encrypted:false
                                                          SSDEEP:
                                                          MD5:70D3FDA195602FE8B75E0097EED74DDE
                                                          SHA1:C3B977AA4B8DFB69D651E07015031D385DED964B
                                                          SHA-256:A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
                                                          SHA-512:51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
                                                          Malicious:false
                                                          Reputation:unknown
                                                          URL:https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
                                                          Preview:/*. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode||e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio
                                                          No static file info