Sample details: 5f5bad6ef616c9a7fe4b82653bd37e43 --

Hashes
MD5: 5f5bad6ef616c9a7fe4b82653bd37e43
SHA1: 35c9dcd58da7c625cce1c9a88a519f70fbb4dbc1
SHA256: cd65cc77f51138c942040c9a88bb5d10ae8c5cee41f4af8a604765d39a892a90
SSDEEP: 192:HW63lc3TJ6InMBi3wYqqbIz/0nZDyLzmx2CyyQRSJ/u:HWwIMBlsbI4nZp7/u
Details
File Type: HTML
Added: 2019-10-09 16:16:11
Yara Hits
YRP/possible_includes_base64_packed_functions | YRP/domain | YRP/url | YRP/contentis_base64 |
Source
https://www.vw-projects.com/tp51/download/cbeb20d2ffc1199e/YVFBhLrTUtDIVZAiZ396Py14lFA_OauHN0Vn1K5OTqCbOdqV5xOmAkEXlTi-CwGpsL4/Rg_JKBNS-092-D0624.doc/
Strings
		<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
  <title>thinkproject! - Sign In</title>
  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
</head>
<body>
<iframe id="opIFrame" src="https://accounts.thinkproject.com/sso/opiframeauth0" frameborder="0" width="0" height="0"></iframe>
<div id="tp-auth-login" class="auth0-lock auth0-lock-opened"></div>
<script src="https://accounts.thinkproject.com/sso/ext/js/lock.js"></script>
<script>
  // Decode utf8 characters properly
  const lsCookieName = 'com.auth0.auth';
  const config = JSON.parse(decodeURIComponent(escape(window.atob('eyJpY29uIjoiaHR0cHM6Ly93d3cudGhpbmtwcm9qZWN0LmNvbS90eXBvM2NvbmYvc2l0ZS90cC9SZXNvdXJjZXMvUHVibGljL0ltYWdlcy9sb2dvX3RoaW5rX3Byb2plY3Quc3ZnIiwiYXNzZXRzVXJsIjoiIiwiYXV0aDBEb21haW4iOiJpZC50aGlua3Byb2plY3QuY29tIiwiYXV0aDBUZW5hbnQiOiJ0aGlua3Byb2plY3QiLCJjbGllbnRDb25maWd1cmF0aW9uQmFzZVVybCI6Imh0dHBzOi8vY2RuLmV1LmF1dGgwLmNvbS8iLCJjYWxsYmFja09uTG9jYXRpb25IYXNoIjpmYWxzZSwiY2FsbGJhY2tVUkwiOiJodHRwczovL3d3dy52dy1wcm9qZWN0cy5jb20vdHA1MS9vaWRjL2NhbGxiYWNrIiwiY2RuIjoiaHR0cHM6Ly9jZG4uYXV0aDAuY29tLyIsImNsaWVudElEIjoiZzZjMnliSHhZWFdHd0xPNTd1Ulc5RjdOVUF5UzZmeXAiLCJkaWN0Ijp7InNpZ25pbiI6eyJ0aXRsZSI6InRoaW5rcHJvamVjdF9pbnN0YW5jZSJ9fSwiZXh0cmFQYXJhbXMiOnsicHJvdG9jb2wiOiJvYXV0aDIiLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIiwiYXVkaWVuY2UiOiJodHRwczovL2FwaS50aGlua3Byb2plY3QuY29tIiwidGVuYW50IjoidGhpbmtwcm9qZWN0IiwidHlwZSI6ImNvZGUiLCJjbGllbnRJRCI6Imc2YzJ5Ykh4WVhXR3dMTzU3dVJXOUY3TlVBeVM2ZnlwIiwicmVkaXJlY3RVUkkiOiJodHRwczovL3d3dy52dy1wcm9qZWN0cy5jb20vdHA1MS9vaWRjL2NhbGxiYWNrIiwiX2NzcmYiOiJYVU5hMzhZeS1SZ2dPNGVJbjA3UDFpaEFTZDRzUHpoS3NqNlkiLCJfaW50c3RhdGUiOiJkZXByZWNhdGVkIiwic3RhdGUiOiJnNkZvMlNCa1UwZzBlREpNZDI1alpWcFBaV2RFVjFadVlraHNWelpyUmxVMFVHeHdiYU4wYVdUWklFOWhXalpDTFRad2VYaGhibXhCZEVvNVIwRTBWRmgzTlhkNFdEQkxZM3A0bzJOcFpOa2daelpqTW5saVNIaFpXRmRIZDB4UE5UZDFVbGM1UmpkT1ZVRjVVelptZVhBIn0sImludGVybmFsT3B0aW9ucyI6eyJwcm90b2NvbCI6Im9hdXRoMiIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUiLCJhdWRpZW5jZSI6Imh0dHBzOi8vYXBpLnRoaW5rcHJvamVjdC5jb20iLCJ0ZW5hbnQiOiJ0aGlua3Byb2plY3QiLCJ0eXBlIjoiY29kZSIsImNsaWVudElEIjoiZzZjMnliSHhZWFdHd0xPNTd1Ulc5RjdOVUF5UzZmeXAiLCJyZWRpcmVjdFVSSSI6Imh0dHBzOi8vd3d3LnZ3LXByb2plY3RzLmNvbS90cDUxL29pZGMvY2FsbGJhY2siLCJfY3NyZiI6IlhVTmEzOFl5LVJnZ080ZUluMDdQMWloQVNkNHNQemhLc2o2WSIsIl9pbnRzdGF0ZSI6ImRlcHJlY2F0ZWQiLCJzdGF0ZSI6Imc2Rm8yU0JrVTBnMGVESk1kMjVqWlZwUFpXZEVWMVp1WWtoc1Z6WnJSbFUwVUd4d2JhTjBhV1RaSUU5aFdqWkNMVFp3ZVhoaGJteEJkRW81UjBFMFZGaDNOWGQ0V0RCTFkzcDRvMk5wWk5rZ1p6WmpNbmxpU0hoWldGZEhkMHhQTlRkMVVsYzVSamRPVlVGNVV6Wm1lWEEifSwid2lkZ2V0VXJsIjoiaHR0cHM6Ly9jZG4uYXV0aDAuY29tL3cyL2F1dGgwLXdpZGdldC01LjEubWluLmpzIiwiaXNUaGlyZFBhcnR5Q2xpZW50IjpmYWxzZSwiYXV0aG9yaXphdGlvblNlcnZlciI6eyJ1cmwiOiJodHRwczovL2lkLnRoaW5rcHJvamVjdC5jb20iLCJpc3N1ZXIiOiJodHRwczovL2lkLnRoaW5rcHJvamVjdC5jb20vIn0sImNvbG9ycyI6e319'))));
  const extraParams = config.extraParams || {};
  const connection = config.connection;
  const prompt = config.prompt;
  // const dict = config.dict;
  // availableLangs: { 'en':'en_US', ... }
  const availableLangs = JSON.parse('{"de":"de_DE","en":"en_US","es":"es_ES","nl":"nl_NL","pl":"pl_PL","fr":"fr_FR"}');
  const userLang = navigator.languages && navigator.languages[0] ||
    navigator.language ||
    navigator.userLanguage;
  const loginHint = extraParams.login_hint;
  const error = extraParams.error_description;
  let i18n;
  let language_long = extraParams.locale || userLang;
  let availableLangValues = Object.keys(availableLangs).map(function (e) {
    return availableLangs[e];
  language_long = language_long.replace('-', '_');
  if (availableLangs[language_long]) { // map 'en' to 'en_US'
    language_long = availableLangs[language_long];
  } else if (availableLangValues.indexOf(language_long) < 0) { // only allow those
    language_long = 'en';
    if (availableLangs[language_long]) { // map 'en' to 'en_US'
      language_long = availableLangs[language_long];
    } else if (availableLangValues.indexOf(language_long) < 0) {
      language_long = 'en_US';
  let language = language_long.slice(0, 2);
  removeAllAuth0CookiesAndLs();
  var lock = null;
  function createLock() {
    return new Auth0Lock(config.clientID, config.auth0Domain, {
      configurationBaseUrl: config.clientConfigurationBaseUrl,
      overrides: {
        __tenant: config.auth0Tenant,
        __token_issuer: config.auth0Domain
      },
      auth: {
        redirectUrl: config.callbackURL,
        responseType: (config.internalOptions || {}).response_type ||
        config.callbackOnLocationHash ? 'token' : 'code',
        params: config.internalOptions
      },
      signUpLink: 'https://welcome.thinkproject.com/default/portal/#/sign-up'.replace('$LANG', language),
      forgotPasswordLink: 'https://welcome.thinkproject.com/default/portal/#/password-request'.replace('$LANG', language),
      container: 'tp-auth-login',
      assetsUrl: config.assetsUrl,
      allowedConnections: connection ? [connection] : null,
      rememberLastLogin: !prompt,
      language: language,
      languageDictionary: {
        error: {
          login: {
            "auth_db_error_401": translate('auth_db_error_401')
          }
        }
      },
      theme: {
        logo: 'https://accounts.thinkproject.com/sso/images/logo-thinkproject.svg',
        primaryColor: '#adcd6a',
        labeledSubmitButton: false
      },
      prefill: loginHint ? { email: loginHint, username: loginHint } : null,
      closable: false
      // uncomment if you want small buttons for social providers
      // socialButtonStyle: 'small'
    });
  function checkAuthSession() {
    window.addEventListener('message', function (event) {
      let data = null;
      try {
        data = JSON.parse(event.data);
      }
      catch (error) {
        return false;
      }
      if (data && data.state === 'ready' && data.user === 'pending') {
        onCheckSessionSuccess();
      } else {
        removeAllAuth0CookiesAndLs();
      }
    }, false);
  function onCheckSessionSuccess() {
    window.location.href = config.callbackURL;
  function removeAllAuth0CookiesAndLs() {
    var cookies = document.cookie.split(';').map(Function.prototype.call, String.prototype.trim);
    cookies.forEach(function (cookie) {
      if (cookie.indexOf(lsCookieName) > -1) {
        var name = cookie.split('=')[0];
        document.cookie = [name, '=', '; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.', window.location.host.toString()].join('');
      }
    });
    Object.keys(localStorage).forEach(function (key) {
      if (key.indexOf(lsCookieName) > -1) {
        localStorage.removeItem(key);
        localStorage.setItem(key, '')
      }
    });
  function loadLANG(file, callback) {
    const xobj = new XMLHttpRequest();
    xobj.overrideMimeType("application/json");
    xobj.open('GET', file, true);
    xobj.onreadystatechange = function () {
      if (xobj.readyState === 4) {
        callback(xobj.responseText);
      }
    };
    xobj.send(null);
  function translate(str) {
    // console.log("LOGIN translate-try (" + str + ") => " + i18n[str]);
    return i18n[str] || str;
  function showLock(extError) {
    if (lock === null)
      lock = createLock();
    if (error || extError) {
      // console.log('#DESC: ', error, '#extError: ', extError);
      lock.show({
        flashMessage: {
          type: 'error',
          text: translate(error || extError)
        }
      });
    } else {
      lock.show();
  function init(dic) {
    i18n = dic;
    showLock();
    lock.on('authorization_error', function (err) {
      // console.log(err);
      showLock(err.error);
    });
    lock.on('show', function (err) {
      checkAuthSession();
    });
  loadLANG('https://accounts.thinkproject.com/sso/i18n/$LANG_LONG/translation.json'.replace('$LANG_LONG', language_long).replace('$LANG', language),
    function (response) {
      init(JSON.parse(response));
</script>
</body>
</html>