Edit tour

Windows Analysis Report
https://sharefile8.pages.dev/b08+zb2ylref0qax

Overview

General Information

Sample URL:	https://sharefile8.pages.dev/b08+zb2ylref0qax
Analysis ID:	1502061
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Phishing site detected (based on logo match)

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5264 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=2416,i,17885033267764913659,14688378653275137102,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sharefile8.pages.dev/b08+zb2ylref0qax" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Source: https://sharefile8.pages.dev/b08+zb2ylref0qax?0dc76ab0dd308d6a261c143750b9eaf0m0haoys3=U2FsdGVkX1%2Bx%2BrtNATtHUgjMr7p8GXN0rISAjyQFtyvb7gycmSolKTr8OWrm593XWOHvyBWWh83TJoGR3fKvvWNGJjlYwTygUb6YSz%2BXkTzgkTMPojiEE%2Be2lvvzp%2Fx6%2FAyKC9BsHbP4NUOf10F5S1yqjllntRTpNu4hfJ1FBrx39J0xCJBkEkAaGpOFeAgvlMpsmlmMx8JBmlzTfIvB5Qp11o%2BWEmcE6KKosPe3fphrdXRngY7XgyPMg3OzvmB5%2Bj7tNILE20ZQpqoYadHVwtDWRaBQ86Qv%2BTkXYqoMbtqurdi4LaQsW0ytpEY3h4DmvAIWI5U5Yp4SOjcVlJvQsKnVOw4td%2BeHbiry6xVX4mq2aYy7nhqmXUSwga9chfMpCzuaaVDqYZS9WPTYN29YyYawVEmIiQ6%2BfHDW%2Bojj3UXtMasNwn0JvFnqC%2FiKIIb2NOGyf4ri5XsHZbgSknv36melZ1URrmTgnJu69G5MXbwzPaOQtl%2BbLM8j95aLK%2F1%2BH2qkza%2BOTjE5dBoazHQHu0Xc5iF693WC8w6B2KzesxbVwDo9dYgk2S3hi0RVDx%2F8E7%2BZB%2Ft%2FzWAj8NsbifpcNAKr%2BPrl8cqa%2B%2BvYoAHH1UMxOdf47IkCfaeQvLFSZ4qY54JDnadkn0MY3fle%2FTgch%2B3%2FySGd9B1XIdvR59qXCdT8LIYHrX%2FTbQq7Np1naD4ib7RwLgZeRHn0zmvK%2FlfBdscQbkGN%2FinP%2FVQxQCDy1g2GCeQ%2BHqU3ggykBqCJLu99fdhT3580Wl%2Bodgf6EjkLNkiixAWLgRNIL%2Bd2wij5zAx7psuMiX%2FrUOMatmmM9au1sAXraOQp8IkOL%2B7Y%2BuO8fQUcm%2BB%2BHXYjzJpJCS4pyzjz53%2BR7f9sD6CXSZrB9dv9sWq48Wjo3dTtjRp8POF7%2BFJnhOIdo5J2cgpqnFN9LhUqQv1uXGiyRekg3gzRC5QAJs6QV%2Bxw%2Fbj3KO5jufSm3QGarS%2Bc7kKCTZoY8vyyHccqcifm9RXYrZKrMJ%2FCtYTolEbAaMcAnnVpOTZ1wY39qGhBrm6INrmbPCTE9Q8Q1hZqfxJMUJbhL7rMNnk2H0x4JGycgsbslAp0fdMBDnHh7QnJoXfGbrXHZpJotxFR6V82l5WtXfccIsav3nXx6s3Xukujev9hE%2FdabuXRJE4SVDpjSuCWkyZPLvzepapHxSRp%2FQUbTZiGAJhQS7J68J1TRW91CN0tDIgHkfWc45IlIxqO5bFSNUyg0UUjfbNPhBnlZqNZqKN%2Bm8eJ6vUsFzEHJcQdub9B7GKAZXj20EFeU2pFLit0IZzOX9h%2FTCk7o4I6p2cue970MJ%2F9OxCz6v%2BqtdqKyXqQJ3S12BGgbst30IXOmoBW%2B3B2Xgo6Mbp9HYIC7onS3vJ6PBxzRQ0V2Tr3ci39%2FTWtCix5vb45NVuqn7kxMg7Ofts0NQCskYKjr%2BqD3hkmMtyQhMJwwI%2B72l9MJUvtWFdh2akv1CI4ntSkM5sRdHJCH2TKMYeMyosLElFHQn53086CdV5rHdgNkXsrn1y6%2BKHGEoN4Kk9gbeafVqvuLttbChPvWQ%2FAtCxZBR7t7BlJogWFdA4TQ2X75ySW%2BlOvRlEUgZivWvlMu5UFe7WMiv7UeXb8T1sUKfuDuSeGnzv%2FKIwE%2FB92jxzUeKo3qKX%2BlQwdcbiLzFHXxjSOPFBgiZdjc0eSOrrOvMeWif0ZQpPsFMKUvtkXgF3PpBiU7GsLss5JPkyTfQeMkQ0kYXt8WDyrjvw%2Ft0Cv9Qwhv7WfYi3fRrLBpXZBa6pspr%2BtbJmphBeAo3kRQwZCrMU16j3JJ%2FJDgiWmvAOWeBCU0SylIzTkx9NywRStIl91jh%2BUFbfYOji359qtLPQQc1mKgM%2FpBZKNtyfdC5zVlLxB2lMYkpwW5ktffRZYdzS7jbdOsogVs9YdVJIUZvGv15s%2FhWEqXu55xdXydNS%2B1UeODpJkAPUT6MJNJ5u9T3zgwOkiaISwovUU8%2BU7VnzR2PJuKCFkUpFSTSYoo1jP6m3Az2k3u79kuBr%2FzzmvQdm5yObiMmKOpaUK5YNBIFs7D%2BtE%2B66N%2BDvq22xpg63eM1UWg%2FyYONON7xu0Moml198WSQsjbBkzz0cKsZGCeQt6Zdiyj4z7W1833iJ1FrsQMSaFw0xsxEC69Go%2F42LuQnnZaMRkOFhjgPDtS0NSK0%2BslVf5K5bllBEXoFO%2FoCLI94s9HqZ%2FsqU4tDSJ2oKH5%2FylTSdsr4aQfYlUCJg2RKre9wAFrsOp60cD5zo1cqRNJ%2F1Zt%2FqlZjF2%2BMUhauJct8k4Z%2Fw12VfnxsBi%2FVKiLGMzgK9yWD0nqWID6b3Q0fAuloqZ3Oh3N0%2BnLJhJuvqYek37Mmd9r67j7NdyYvdO3yynAJstu4JQPpfOHIlDQqBRpIsGnYozlmo8U5Abo0p3PBkTrfXjnpvRhrYirZoSGLZoNihYOpeOhmddM3QIAn1lspDMkj%2Fc52ejQbcGYgxCNrgOtRO%2Bc0VY6OjsPTjpoMW2PFE%2F7zpqoUjVfRXfS5W8WsNK0ijQ8I0vTbtCePeYXlUyQh1kzQz0C8TuNuTsw6LgpoD8G%2FOMI%2BE0jE%2Frn5H48IwwOtGvW1AS9vuR1FcGWGK4%2B2jKpgqexloPy2dcLLI9cqQbpWQCeIfUQtvQQ%2B4E8ZHtcDu%2BciC9skXKkPFa5RsumrjDp953o7a8Ls%2B%2B4KswzrOGT25djSW25n8ZrWt8tAhnwrkdjXPwgix9LBalOrdbpE7RDWSj2zrm38lqp3jwF%2FmYZ6ctI1xV3ot98R61yvy8ZycsyDAQobK1aCxkc1S34H4It5fswUeouzi37kVCzdDzmEY4ouJ8rbvg9SNi4y%2F2bs8UVcellzLXPh1HAY%2BPm2%2FRYp%2BY8kvOWfoWMRpHOOK8%2F9Sv0jKv2fZqijAtNKTtEtDKKoejUh4dkSlQs%2BMBzX0q

LLM: Score: 8 Reasons: The domain'sharefile8.pages.dev' is not a typical domain for a production OneDrive site. The use of the.dev gTLD, which is often used for development purposes, raises suspicions. The notification message and login form are consistent with a legitimate OneDrive page, but the unusual domain and lack of a typical OneDrive domain extension (e.g., onedrive.com) suggest that this may be a phishing attempt. DOM: 1.0.pages.csv

Phishing site detected (based on favicon image match)

Matcher: Template: onedrive matched with high similarity

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

HTTP Parser: Number of links: 0

HTTP Parser: Title: Microsoft OneDrive does not match URL

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49757 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.4:57600 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /b08+zb2ylref0qax HTTP/1.1Host: sharefile8.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/139a8cd2-d10c-4336-ba04-3f1c53ba8cb6.js?hash=6b06db943f081ebee689f376c8b231d1&EDlFh6SOBK9HUECofCEkAbqDF=2jfjZA9wDmRlYg1TXOXJNITl98qS9siwV6pdy8cw8fSU8meMhDoHo3q0Wbk1NRTITsfyJdv71rAKgx7GjU1BNOfiiUNKNWJ2iHxPYldtdzwOsYPXlYZ5aId3UaBDD4OaPO0ZZpW8vf4Tz0t3vdO1dR7zBRTwMf8AMoFNk8pvuQel106aEmb5Q0X HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://sharefile8.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://sharefile8.pages.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b08+zb2ylref0qax?0dc76ab0dd308d6a261c143750b9eaf0m0haoys3=U2FsdGVkX1%2Bx%2BrtNATtHUgjMr7p8GXN0rISAjyQFtyvb7gycmSolKTr8OWrm593XWOHvyBWWh83TJoGR3fKvvWNGJjlYwTygUb6YSz%2BXkTzgkTMPojiEE%2Be2lvvzp%2Fx6%2FAyKC9BsHbP4NUOf10F5S1yqjllntRTpNu4hfJ1FBrx39J0xCJBkEkAaGpOFeAgvlMpsmlmMx8JBmlzTfIvB5Qp11o%2BWEmcE6KKosPe3fphrdXRngY7XgyPMg3OzvmB5%2Bj7tNILE20ZQpqoYadHVwtDWRaBQ86Qv%2BTkXYqoMbtqurdi4LaQsW0ytpEY3h4DmvAIWI5U5Yp4SOjcVlJvQsKnVOw4td%2BeHbiry6xVX4mq2aYy7nhqmXUSwga9chfMpCzuaaVDqYZS9WPTYN29YyYawVEmIiQ6%2BfHDW%2Bojj3UXtMasNwn0JvFnqC%2FiKIIb2NOGyf4ri5XsHZbgSknv36melZ1URrmTgnJu69G5MXbwzPaOQtl%2BbLM8j95aLK%2F1%2BH2qkza%2BOTjE5dBoazHQHu0Xc5iF693WC8w6B2KzesxbVwDo9dYgk2S3hi0RVDx%2F8E7%2BZB%2Ft%2FzWAj8NsbifpcNAKr%2BPrl8cqa%2B%2BvYoAHH1UMxOdf47IkCfaeQvLFSZ4qY54JDnadkn0MY3fle%2FTgch%2B3%2FySGd9B1XIdvR59qXCdT8LIYHrX%2FTbQq7Np1naD4ib7RwLgZeRHn0zmvK%2FlfBdscQbkGN%2FinP%2FVQxQCDy1g2GCeQ%2BHqU3ggykBqCJLu99fdhT3580Wl%2Bodgf6EjkLNkiixAWLgRNIL%2Bd2wij5zAx7psuMiX%2FrUOMatmmM9au1sAXraOQp8IkOL%2B7Y%2BuO8fQUcm%2BB%2BHXYjzJpJCS4pyzjz53%2BR7f9sD6CXSZrB9dv9sWq48Wjo3dTtjRp8POF7%2BFJnhOIdo5J2cgpqnFN9LhUqQv1uXGiyRekg3gzRC5QAJs6QV%2Bxw%2Fbj3KO5jufSm3QGarS%2Bc7kKCTZoY8vyyHccqcifm9RXYrZKrMJ%2FCtYTolEbAaMcAnnVpOTZ1wY39qGhBrm6INrmbPCTE9Q8Q1hZqfxJMUJbhL7rMNnk2H0x4JGycgsbslAp0fdMBDnHh7QnJoXfGbrXHZpJotxFR6V82l5WtXfccIsav3nXx6s3Xukujev9hE%2FdabuXRJE4SVDpjSuCWkyZPLvzepapHxSRp%2FQUbTZiGAJhQS7J68J1TRW91CN0tDIgHkfWc45IlIxqO5bFSNUyg0UUjfbNPhBnlZqNZqKN%2Bm8eJ6vUsFzEHJcQdub9B7GKAZXj20EFeU2pFLit0IZzOX9h%2FTCk7o4I6p2cue970MJ%2F9OxCz6v%2BqtdqKyXqQJ3S12BGgbst30IXOmoBW%2B3B2Xgo6Mbp9HYIC7onS3vJ6PBxzRQ0V2Tr3ci39%2FTWtCix5vb45NVuqn7kxMg7Ofts0NQCskYKjr%2BqD3hkmMtyQhMJwwI%2B72l9MJUvtWFdh2akv1CI4ntSkM5sRdHJCH2TKMYeMyosLElFHQn53086CdV5rHdgNkXsrn1y6%2BKHGEoN4Kk9gbeafVqvuLttbChPvWQ%2FAtCxZBR7t7BlJogWFdA4TQ2X75ySW%2BlOvRlEUgZivWvlMu5UFe7WMiv7UeXb8T1sUKfuDuSeGnzv%2FKIwE%2FB92jxzUeKo3qKX%2BlQwdcbiLzFHXxjSOPFBgiZdjc0eSOrrOvMeWif0ZQpPsFMKUvtkXgF3PpBiU7GsLss5JPkyTfQeMkQ0kYXt8WDyrjvw%2Ft0Cv9Qwhv7WfYi3fRrLBpXZBa6pspr%2BtbJmphBeAo3kRQwZCrMU16j3JJ%2FJDgiWmvAOWeBCU0SylIzTkx9NywRStIl91jh%2BUFbfYOji359qtLPQQc1mKgM%2FpBZKNtyfdC5zVlLxB2lMYkpwW5ktffRZYdzS7jbdOsogVs9YdVJIUZvGv15s%2FhWEqXu55xdXydNS%2B1UeODpJkAPUT6MJNJ5u9T3zgwOkiaISwovUU8%2BU7VnzR2PJuKCFkUpFSTSYoo1jP6m3Az2k3u79kuBr%2FzzmvQdm5yObiMmKOpaUK5YNBIFs7D%2BtE%2B66N%2BDvq22xpg63eM1UWg%2FyYONON7xu0Moml198WSQsjbBkzz0cKsZGCeQt6Zdiyj4z7W1833iJ1FrsQMSaFw0xsxEC69Go%2F42LuQnnZaMRkOFhjgPDtS0NSK0%2BslVf5K5bllBEXoFO%2FoCLI94s9HqZ%2FsqU4tDSJ2oKH5%2FylTSdsr4aQfYlUCJg2RKre9wAFrsOp60cD5zo1cqRNJ%2F1Zt%2FqlZjF2%2BMUhauJct8k4Z%2Fw12VfnxsBi%2FVKiLGMzgK9yWD0nqWID6b3Q0fAuloqZ3Oh3N0%2BnLJhJuvqYek37Mmd9r67j7NdyYvdO3yynAJstu4JQPpfOHIlDQqBRpIsGnYozlmo8U5Abo0p3PBkTrfXjnpvRhrYirZoSGLZoNihYOpeOhmddM3QIAn1lspDMkj%2Fc52ejQbcGYgxCNrgOtRO%2Bc0VY6OjsPTjpoMW2PFE%2F7zpqoUjVfRXfS5W8WsNK0ijQ8I0vTbtCePeYXlUyQh1kzQz0C8TuNuTsw6LgpoD8G%2FOMI%2BE0jE%2Frn5H48IwwOtGvW1AS9vuR1FcGWGK4%2B2jKpgqexloPy2dcLLI9cqQbpWQCeIfUQtvQQ%2B4E8ZHtcDu%2BciC9skXKkPFa5RsumrjDp953o7a8Ls%2B%2B4KswzrOGT25djSW25n8ZrWt8tAhnwrkdjXPwgix9LBalO
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/07308ee98aa47f067087.jpg HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/847fc5ec58b3a0af255c.svg HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/59947dbf5efae9de77d2.png HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/fa37e6e4fd65b2e85394.ico HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: sharefile8.pages.dev
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ipapi.co
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa

Source: unknown

HTTP traffic detected: POST /report/v4?s=0M5NRKmOxyBq8l%2FlUNMo5aJkOfp8LtCgvBHAgduYqDBrvqz3NnCxNB4D7rFOFXjAd2h9dx4EuvCE4G8MFx0%2FzC%2FLDTzJqMxsWL9kQ2g7iZ4s0Yym8tXUuwGy HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 410Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_60.2.dr, chromecache_66.2.dr	String found in binary or memory: http://creativecommons.org/ns#
Source: chromecache_59.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_59.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_60.2.dr, chromecache_66.2.dr	String found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
Source: chromecache_60.2.dr, chromecache_66.2.dr	String found in binary or memory: http://www.inkscape.org/)
Source: chromecache_60.2.dr, chromecache_66.2.dr	String found in binary or memory: http://www.inkscape.org/namespaces/inkscape
Source: chromecache_69.2.dr, chromecache_57.2.dr	String found in binary or memory: https://6481f63faf008522217341.cotradifyu.workers.dev/checkDomain
Source: chromecache_56.2.dr, chromecache_65.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz0dL_nz.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz4dL_nz.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz8dL_nz.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzAdLw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzMdL_nz.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzQdL_nz.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzwdL_nz.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc-CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc0CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc1CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc2CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc3CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc5CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc-CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc0CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc1CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc2CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc3CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc5CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic-CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic0CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic1CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic2CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic3CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic5CsTKlA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxEIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxFIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxGIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxHIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxIIzI.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxLIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxMIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xEIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xFIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xGIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xHIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xIIzI.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xLIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xMIzIFKw.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_69.2.dr, chromecache_57.2.dr	String found in binary or memory: https://ipapi.co/json/
Source: chromecache_69.2.dr, chromecache_57.2.dr	String found in binary or memory: https://locate.ipinit.workers.dev/
Source: chromecache_69.2.dr, chromecache_57.2.dr	String found in binary or memory: https://onedrive.live.com/?authkey=%21AP4dQQ7hoSgcKIBIw%26cid=28E9EC3AAC12FF13%26id=28E9EC3AAC12FF13

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57606
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57606 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49757 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@16/31@16/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=2416,i,17885033267764913659,14688378653275137102,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sharefile8.pages.dev/b08+zb2ylref0qax"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=2416,i,17885033267764913659,14688378653275137102,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://sharefile8.pages.dev/b08+zb2ylref0qax	100%	Avira URL Cloud	phishing
https://sharefile8.pages.dev/b08+zb2ylref0qax	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label
http://fontawesome.io	0%	URL Reputation	safe
http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd	0%	URL Reputation	safe
http://creativecommons.org/ns#	0%	URL Reputation	safe
http://fontawesome.io/license	0%	URL Reputation	safe
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5	0%	Avira URL Cloud	safe
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/59947dbf5efae9de77d2.png	0%	Avira URL Cloud	safe
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css	0%	Avira URL Cloud	safe
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/847fc5ec58b3a0af255c.svg	0%	Avira URL Cloud	safe
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/07308ee98aa47f067087.jpg	0%	Avira URL Cloud	safe
http://www.inkscape.org/)	0%	Avira URL Cloud	safe
https://a.nel.cloudflare.com/report/v4?s=0M5NRKmOxyBq8l%2FlUNMo5aJkOfp8LtCgvBHAgduYqDBrvqz3NnCxNB4D7rFOFXjAd2h9dx4EuvCE4G8MFx0%2FzC%2FLDTzJqMxsWL9kQ2g7iZ4s0Yym8tXUuwGy	0%	Avira URL Cloud	safe
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/fa37e6e4fd65b2e85394.ico	0%	Avira URL Cloud	safe
https://6481f63faf008522217341.cotradifyu.workers.dev/checkDomain	0%	Avira URL Cloud	safe
https://locate.ipinit.workers.dev/	0%	Avira URL Cloud	safe
https://onedrive.live.com/?authkey=%21AP4dQQ7hoSgcKIBIw%26cid=28E9EC3AAC12FF13%26id=28E9EC3AAC12FF13	0%	Avira URL Cloud	safe
https://ipapi.co/json/	0%	Avira URL Cloud	safe
http://www.inkscape.org/namespaces/inkscape	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
jsdelivr.map.fastly.net	151.101.193.229	true	false	unknown
ipapi.co	104.26.9.44	true	false	unknown
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false	unknown
www.google.com	142.250.186.164	true	false	unknown
sharefile8.pages.dev	188.114.97.3	true	true	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
15.164.165.52.in-addr.arpa	unknown	unknown	false	unknown
cdn.jsdelivr.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css	false	Avira URL Cloud: safe	unknown
https://sharefile8.pages.dev/b08+zb2ylref0qax	true		unknown
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/fa37e6e4fd65b2e85394.ico	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/07308ee98aa47f067087.jpg	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=0M5NRKmOxyBq8l%2FlUNMo5aJkOfp8LtCgvBHAgduYqDBrvqz3NnCxNB4D7rFOFXjAd2h9dx4EuvCE4G8MFx0%2FzC%2FLDTzJqMxsWL9kQ2g7iZ4s0Yym8tXUuwGy	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/847fc5ec58b3a0af255c.svg	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/59947dbf5efae9de77d2.png	false	Avira URL Cloud: safe	unknown
https://ipapi.co/json/	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://fontawesome.io	chromecache_59.2.dr	false	URL Reputation: safe	unknown
http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd	chromecache_60.2.dr, chromecache_66.2.dr	false	URL Reputation: safe	unknown
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5	chromecache_56.2.dr, chromecache_65.2.dr	false	Avira URL Cloud: safe	unknown
https://6481f63faf008522217341.cotradifyu.workers.dev/checkDomain	chromecache_69.2.dr, chromecache_57.2.dr	false	Avira URL Cloud: safe	unknown
http://www.inkscape.org/)	chromecache_60.2.dr, chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
https://locate.ipinit.workers.dev/	chromecache_69.2.dr, chromecache_57.2.dr	false	Avira URL Cloud: safe	unknown
https://onedrive.live.com/?authkey=%21AP4dQQ7hoSgcKIBIw%26cid=28E9EC3AAC12FF13%26id=28E9EC3AAC12FF13	chromecache_69.2.dr, chromecache_57.2.dr	false	Avira URL Cloud: safe	unknown
http://www.inkscape.org/namespaces/inkscape	chromecache_60.2.dr, chromecache_66.2.dr	false	Avira URL Cloud: safe	unknown
http://creativecommons.org/ns#	chromecache_60.2.dr, chromecache_66.2.dr	false	URL Reputation: safe	unknown
http://fontawesome.io/license	chromecache_59.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
151.101.193.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
104.26.9.44	ipapi.co	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	sharefile8.pages.dev	European Union	13335	CLOUDFLARENETUS	true
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
172.217.16.132	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.7
192.168.2.4
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1502061
Start date and time:	2024-08-31 00:37:16 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://sharefile8.pages.dev/b08+zb2ylref0qax
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@16/31@16/12
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.212.131, 142.250.186.78, 64.233.166.84, 34.104.35.123, 142.250.185.131, 216.58.206.42, 104.18.187.31, 104.18.186.31, 142.250.186.74, 142.250.185.170, 216.58.206.74, 142.250.186.42, 142.250.181.234, 172.217.16.202, 142.250.185.106, 142.250.185.234, 142.250.185.202, 142.250.184.234, 142.250.74.202, 142.250.184.202, 172.217.18.10, 142.250.186.170, 142.250.185.138, 40.68.123.157, 199.232.214.172, 192.229.221.95, 13.85.23.206, 52.165.164.15, 40.127.169.103, 52.165.165.26, 172.217.16.195
Excluded domains from analysis (whitelisted): fonts.googleapis.com, cdn.jsdelivr.net.cdn.cloudflare.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, fonts.gstatic.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://sharefile8.pages.dev/b08+zb2ylref0qax

Input	Output
URL: https://sharefile8.pages.dev/b08+zb2ylref0qax?0dc76ab0dd308d6a261c143750b9eaf0m0haoys3=U2FsdGVkX1%2Bx%2BrtNATtHUgjMr7p8GXN0rISAjyQFtyvb7gycmSolKTr8OWrm593XWOHvyBWWh83TJoGR3fKvvWNGJjlYwTygUb6YSz%2BXkTzgkTMPojiEE%2Be2lvvzp%2Fx6%2FAyKC9BsHbP4NUOf10F5S1yqjlln Model: jbxai	{ "brand":["OneDrive"], "contains_trigger_text":true, "prominent_button_name":"Unlock Document", "text_input_field_labels":["Email address"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://sharefile8.pages.dev/b08+zb2ylref0qax?0dc76ab0dd308d6a261c143750b9eaf0m0haoys3=U2FsdGVkX1%2Bx%2BrtNATtHUgjMr7p8GXN0rISAjyQFtyvb7gycmSolKTr8OWrm593XWOHvyBWWh83TJoGR3fKvvWNGJjlYwTygUb6YSz%2BXkTzgkTMPojiEE%2Be2lvvzp%2Fx6%2FAyKC9BsHbP4NUOf10F5S1yqjlln Model: jbxai	{ "phishing_score":8, "brand_name":"OneDrive", "reasons":"The domain'sharefile8.pages.dev' is not a typical domain for a production OneDrive site. The use of the.dev gTLD, which is often used for development purposes, raises suspicions. The notification message and login form are consistent with a legitimate OneDrive page, but the unusual domain and lack of a typical OneDrive domain extension (e.g., onedrive.com) suggest that this may be a phishing attempt."}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.75
Encrypted:	false
SSDEEP:	3:Hn+kY:7Y
MD5:	4BFF56273E71FAF88DE7D58A459DA976
SHA1:	DBB96F394980AB9890F3C837BAF7C80F2A6AB6EE
SHA-256:	17F73B8D1FDA227F08A320437094999DBEE94D0B9631050B294388B67C0F263F
SHA-512:	9E8D29C758DAE324BBB543BB1160D88FFB966CA527B5015EE32F3046C7230D86C029110B09883D7F8635C1B058C7276EF4C27B0A85874221C6DB0C90C6754EF1
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAlH_uGugExGLBIFDbdWNWI=?alt=proto
Preview:	CgkKBw23VjViGgA=

Source: https://sharefile8.pages.dev/b08+zb2ylref0qax	Avira URL Cloud: detection malicious, Label: phishing
Source: https://sharefile8.pages.dev/b08+zb2ylref0qax	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 31, 2024 00:38:12.961443901 CEST	53	62177	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:12.968576908 CEST	53	55452	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:13.971055984 CEST	53	58173	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:14.415863037 CEST	61899	53	192.168.2.4	1.1.1.1
Aug 31, 2024 00:38:14.416026115 CEST	53282	53	192.168.2.4	1.1.1.1
Aug 31, 2024 00:38:14.426996946 CEST	53	61899	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:14.427418947 CEST	53	53282	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:15.079900026 CEST	53646	53	192.168.2.4	1.1.1.1
Aug 31, 2024 00:38:15.080066919 CEST	57038	53	192.168.2.4	1.1.1.1
Aug 31, 2024 00:38:15.088574886 CEST	53	53646	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:15.088589907 CEST	53	57038	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:16.547192097 CEST	55348	53	192.168.2.4	1.1.1.1
Aug 31, 2024 00:38:16.547794104 CEST	65074	53	192.168.2.4	1.1.1.1
Aug 31, 2024 00:38:16.874567986 CEST	53	55348	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:16.874581099 CEST	53	65074	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:17.102201939 CEST	53	62154	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:17.104151964 CEST	62064	53	192.168.2.4	1.1.1.1
Aug 31, 2024 00:38:17.104650021 CEST	60728	53	192.168.2.4	1.1.1.1
Aug 31, 2024 00:38:17.107235909 CEST	50505	53	192.168.2.4	1.1.1.1
Aug 31, 2024 00:38:17.108093023 CEST	53990	53	192.168.2.4	1.1.1.1
Aug 31, 2024 00:38:17.111991882 CEST	53	62064	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:17.112778902 CEST	53	60728	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:17.114303112 CEST	53	63715	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:17.115762949 CEST	53	50505	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:17.117033005 CEST	53	53990	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:17.348078966 CEST	53169	53	192.168.2.4	1.1.1.1
Aug 31, 2024 00:38:17.348777056 CEST	61832	53	192.168.2.4	1.1.1.1
Aug 31, 2024 00:38:17.357623100 CEST	53	61832	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:18.091500998 CEST	63958	53	192.168.2.4	1.1.1.1
Aug 31, 2024 00:38:18.091782093 CEST	62967	53	192.168.2.4	1.1.1.1
Aug 31, 2024 00:38:18.100807905 CEST	53	63958	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:18.102791071 CEST	53	62967	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:18.962109089 CEST	53	62806	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:28.728264093 CEST	138	138	192.168.2.4	192.168.2.255
Aug 31, 2024 00:38:31.545417070 CEST	53	55365	1.1.1.1	192.168.2.4
Aug 31, 2024 00:38:41.965243101 CEST	53	50810	162.159.36.2	192.168.2.4
Aug 31, 2024 00:38:42.810894012 CEST	57897	53	192.168.2.4	1.1.1.1
Aug 31, 2024 00:38:42.822329998 CEST	53	57897	1.1.1.1	192.168.2.4
Aug 31, 2024 00:39:16.598809958 CEST	60371	53	192.168.2.4	1.1.1.1
Aug 31, 2024 00:39:16.608143091 CEST	53	60371	1.1.1.1	192.168.2.4

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:38:14 UTC	679	OUT	GET /b08+zb2ylref0qax HTTP/1.1 Host: sharefile8.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-30 22:38:15 UTC	726	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 22:38:15 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RU0PF5F7S%2F7Dj7t%2FeNTssxfykPbqjK16P3lE47RoNCOzSYezO7xoLe7gNb05TrpkaxspjQQkZLebhC04%2FxEGYU8E0eb%2BccBtFJ8GyGNxnd0oLjHQBzNSgo9hvhnAN5d2z82sxFjQ8w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb8451f993543b9-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 22:38:15 UTC	523	IN	Data Raw: 32 30 34 0d 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 67 68 2f 75 69 68 6b 64 73 6c 69 6a 73 6a 64 2f 63 61 70 74 69 76 61 74 69 6e 67 2d 61 70 70 2d 6c 79 6f 75 62 67 73 35 40 69 6e 74 65 72 6e 61 6c 2d 32 30 32 34 2d 30 37 2d 31 36 2d 32 30 2d 30 32 2d 35 38 2f 31 33 39 61 38 63 64 32 2d 64 31 30 63 2d 34 33 33 36 2d 62 61 30 34 2d 33 66 31 63 35 33 62 61 38 63 62 36 2e 6a 73 3f 68 61 73 68 3d 36 62 30 36 64 62 39 34 33 66 30 38 31 65 62 65 65 36 38 39 66 33 37 36 63 38 62 32 33 31 64 31 26 45 44 6c 46 68 36 53 4f 42 Data Ascii: 204<html> <head><title></title></head> <body> <script src="https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/139a8cd2-d10c-4336-ba04-3f1c53ba8cb6.js?hash=6b06db943f081ebee689f376c8b231d1&EDlFh6SOB
2024-08-30 22:38:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:38:15 UTC	877	OUT	GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/139a8cd2-d10c-4336-ba04-3f1c53ba8cb6.js?hash=6b06db943f081ebee689f376c8b231d1&EDlFh6SOBK9HUECofCEkAbqDF=2jfjZA9wDmRlYg1TXOXJNITl98qS9siwV6pdy8cw8fSU8meMhDoHo3q0Wbk1NRTITsfyJdv71rAKgx7GjU1BNOfiiUNKNWJ2iHxPYldtdzwOsYPXlYZ5aId3UaBDD4OaPO0ZZpW8vf4Tz0t3vdO1dR7zBRTwMf8AMoFNk8pvuQel106aEmb5Q0X HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://sharefile8.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-30 22:38:15 UTC	783	IN	HTTP/1.1 200 OK Connection: close Content-Length: 1054967 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=604800, s-maxage=43200 Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: application/javascript; charset=utf-8 X-JSD-Version: internal-2024-07-16-20-02-58 X-JSD-Version-Type: branch ETag: W/"1018f7-dwEUKUeBq/GLBbvDzWMm0MYg7f8" Accept-Ranges: bytes Date: Fri, 30 Aug 2024 22:38:15 GMT Age: 40056 X-Served-By: cache-fra-etou8220139-FRA, cache-ewr-kewr1740068-EWR X-Cache: HIT, HIT Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-08-30 22:38:15 UTC	16384	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 38 32 39 38 31 2c 5f 30 78 33 64 38 38 32 64 29 7b 76 61 72 20 5f 30 78 33 33 61 61 63 34 3d 61 30 5f 30 78 34 62 35 39 2c 5f 30 78 33 38 30 32 62 32 3d 5f 30 78 31 38 32 39 38 31 28 29 3b 77 68 69 6c 65 28 21 21 5b 5d 29 7b 74 72 79 7b 76 61 72 20 5f 30 78 31 38 33 34 30 33 3d 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 33 33 61 61 63 34 28 30 78 66 34 32 29 29 2f 30 78 31 2b 70 61 72 73 65 49 6e 74 28 5f 30 78 33 33 61 61 63 34 28 30 78 61 36 61 29 29 2f 30 78 32 2b 70 61 72 73 65 49 6e 74 28 5f 30 78 33 33 61 61 63 34 28 30 78 63 35 34 29 29 2f 30 78 33 2b 70 61 72 73 65 49 6e 74 28 5f 30 78 33 33 61 61 63 34 28 30 78 31 62 34 29 29 2f 30 78 34 2a 28 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 33 33 61 61 63 34 28 30 78 Data Ascii: (function(_0x182981,_0x3d882d){var _0x33aac4=a0_0x4b59,_0x3802b2=_0x182981();while(!![]){try{var _0x183403=-parseInt(_0x33aac4(0xf42))/0x1+parseInt(_0x33aac4(0xa6a))/0x2+parseInt(_0x33aac4(0xc54))/0x3+parseInt(_0x33aac4(0x1b4))/0x4*(-parseInt(_0x33aac4(0x
2024-08-30 22:38:15 UTC	16384	IN	Data Raw: 3a 30 78 34 7d 29 2c 5f 30 78 33 62 61 33 38 38 3d 5f 30 78 36 35 66 62 39 5b 5f 30 78 34 36 66 36 32 34 28 30 78 37 61 65 29 5d 3d 5f 30 78 35 35 66 61 39 37 5b 27 65 78 74 65 6e 64 27 5d 28 7b 27 69 6e 69 74 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 63 62 61 36 35 30 29 7b 76 61 72 20 5f 30 78 34 33 39 61 35 61 3d 5f 30 78 34 36 66 36 32 34 3b 74 68 69 73 5b 5f 30 78 34 33 39 61 35 61 28 30 78 36 31 33 29 5d 28 5f 30 78 63 62 61 36 35 30 29 3b 7d 2c 27 74 6f 53 74 72 69 6e 67 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 65 62 63 66 64 29 7b 76 61 72 20 5f 30 78 31 66 62 39 61 35 3d 5f 30 78 34 36 66 36 32 34 3b 72 65 74 75 72 6e 28 5f 30 78 35 65 62 63 66 64 7c 7c 74 68 69 73 5b 5f 30 78 31 66 62 39 61 35 28 30 78 63 63 38 29 5d 29 5b 5f 30 78 31 66 62 Data Ascii: :0x4}),_0x3ba388=_0x65fb9[_0x46f624(0x7ae)]=_0x55fa97['extend']({'init':function(_0xcba650){var _0x439a5a=_0x46f624;this[_0x439a5a(0x613)](_0xcba650);},'toString':function(_0x5ebcfd){var _0x1fb9a5=_0x46f624;return(_0x5ebcfd\|\|this[_0x1fb9a5(0xcc8)])[_0x1fb
2024-08-30 22:38:15 UTC	16384	IN	Data Raw: 3b 5f 30 78 64 64 33 38 34 66 5b 5f 30 78 34 32 31 30 39 62 28 30 78 35 64 61 29 5d 3d 28 5f 30 78 35 65 66 66 33 64 3d 28 5f 30 78 66 38 63 33 65 3d 5f 30 78 33 62 33 31 36 61 28 30 78 31 35 29 29 5b 5f 30 78 34 32 31 30 39 62 28 30 78 31 31 34 37 29 5d 5b 5f 30 78 34 32 31 30 39 62 28 30 78 32 64 64 29 5d 2c 5f 30 78 31 39 33 34 63 31 3d 5f 30 78 66 38 63 33 65 5b 27 65 6e 63 27 5d 5b 5f 30 78 34 32 31 30 39 62 28 30 78 32 65 33 29 5d 2c 76 6f 69 64 28 5f 30 78 66 38 63 33 65 5b 5f 30 78 34 32 31 30 39 62 28 30 78 62 61 36 29 5d 5b 27 48 4d 41 43 27 5d 3d 5f 30 78 35 65 66 66 33 64 5b 5f 30 78 34 32 31 30 39 62 28 30 78 64 31 30 29 5d 28 7b 27 69 6e 69 74 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 34 64 38 38 30 33 2c 5f 30 78 66 34 31 62 39 38 29 7b 76 Data Ascii: ;_0xdd384f[_0x42109b(0x5da)]=(_0x5eff3d=(_0xf8c3e=_0x3b316a(0x15))[_0x42109b(0x1147)][_0x42109b(0x2dd)],_0x1934c1=_0xf8c3e['enc'][_0x42109b(0x2e3)],void(_0xf8c3e[_0x42109b(0xba6)]['HMAC']=_0x5eff3d[_0x42109b(0xd10)]({'init':function(_0x4d8803,_0xf41b98){v
2024-08-30 22:38:15 UTC	16384	IN	Data Raw: 30 2d 6d 6f 7a 2d 61 70 70 65 61 72 61 6e 63 65 3a 5c 78 32 30 62 75 74 74 6f 6e 5c 78 32 30 21 69 6d 70 6f 72 74 61 6e 74 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 61 70 70 65 61 72 61 6e 63 65 3a 5c 78 32 30 62 75 74 74 6f 6e 5c 78 32 30 21 69 6d 70 6f 72 74 61 6e 74 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 5c 78 32 30 35 70 78 5c 78 32 30 21 69 6d 70 6f 72 74 61 6e 74 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 77 69 64 74 68 3a 5c 78 32 30 63 61 6c 63 28 31 30 30 25 5c 78 32 30 2d 5c 78 32 30 31 30 70 78 29 5c 78 32 30 21 69 6d 70 6f 72 74 61 6e 74 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a Data Ascii: 0-moz-appearance:\x20button\x20!important;\x0a\x20\x20\x20\x20appearance:\x20button\x20!important;\x0a\x20\x20\x20\x20margin-left:\x205px\x20!important;\x0a\x20\x20\x20\x20width:\x20calc(100%\x20-\x2010px)\x20!important;\x0a\x20\x20\x20\x20letter-spacing:
2024-08-30 22:38:15 UTC	16384	IN	Data Raw: 78 32 61 38 65 35 61 2c 5f 30 78 39 35 62 63 61 34 3b 72 65 74 75 72 6e 21 28 21 5f 30 78 39 36 30 61 61 35 7c 7c 5f 30 78 32 64 34 61 35 39 28 30 78 63 38 38 29 21 3d 3d 5f 30 78 33 32 32 31 62 32 5b 5f 30 78 32 64 34 61 35 39 28 30 78 66 37 32 29 5d 28 5f 30 78 39 36 30 61 61 35 29 7c 7c 28 5f 30 78 32 61 38 65 35 61 3d 5f 30 78 33 62 31 63 38 37 28 5f 30 78 39 36 30 61 61 35 29 29 26 26 28 5f 30 78 32 64 34 61 35 39 28 30 78 38 30 32 29 21 3d 74 79 70 65 6f 66 28 5f 30 78 39 35 62 63 61 34 3d 5f 30 78 31 33 34 37 30 35 5b 5f 30 78 32 64 34 61 35 39 28 30 78 66 37 32 29 5d 28 5f 30 78 32 61 38 65 35 61 2c 27 63 6f 6e 73 74 72 75 63 74 6f 72 27 29 26 26 5f 30 78 32 61 38 65 35 61 5b 5f 30 78 32 64 34 61 35 39 28 30 78 38 64 64 29 5d 29 7c 7c 5f 30 78 31 Data Ascii: x2a8e5a,_0x95bca4;return!(!_0x960aa5\|\|_0x2d4a59(0xc88)!==_0x3221b2[_0x2d4a59(0xf72)](_0x960aa5)\|\|(_0x2a8e5a=_0x3b1c87(_0x960aa5))&&(_0x2d4a59(0x802)!=typeof(_0x95bca4=_0x134705[_0x2d4a59(0xf72)](_0x2a8e5a,'constructor')&&_0x2a8e5a[_0x2d4a59(0x8dd)])\|\|_0x1
2024-08-30 22:38:15 UTC	16384	IN	Data Raw: 29 29 2c 5f 30 78 35 64 66 33 35 31 3d 5f 30 78 35 64 66 33 35 31 5b 5f 30 78 33 62 30 66 30 35 28 30 78 39 35 38 29 5d 26 26 6e 65 77 20 52 65 67 45 78 70 28 5f 30 78 35 64 66 33 35 31 5b 27 6a 6f 69 6e 27 5d 28 27 7c 27 29 29 2c 5f 30 78 35 65 64 35 39 38 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 34 65 35 61 35 2c 5f 30 78 35 65 36 61 31 65 29 7b 76 61 72 20 5f 30 78 35 36 64 61 65 66 3d 5f 30 78 33 62 30 66 30 35 3b 69 66 28 5f 30 78 31 34 65 35 61 35 3d 3d 3d 5f 30 78 35 65 36 61 31 65 29 72 65 74 75 72 6e 20 5f 30 78 34 35 61 35 37 33 3d 21 30 78 30 2c 30 78 30 3b 76 61 72 20 5f 30 78 34 32 65 66 34 37 3d 21 5f 30 78 31 34 65 35 61 35 5b 5f 30 78 35 36 64 61 65 66 28 30 78 37 62 36 29 5d 2d 21 5f 30 78 35 65 36 61 31 65 5b 27 63 6f 6d 70 61 72 65 44 Data Ascii: )),_0x5df351=_0x5df351[_0x3b0f05(0x958)]&&new RegExp(_0x5df351['join']('\|')),_0x5ed598=function(_0x14e5a5,_0x5e6a1e){var _0x56daef=_0x3b0f05;if(_0x14e5a5===_0x5e6a1e)return _0x45a573=!0x0,0x0;var _0x42ef47=!_0x14e5a5[_0x56daef(0x7b6)]-!_0x5e6a1e['compareD
2024-08-30 22:38:15 UTC	16384	IN	Data Raw: 30 78 35 64 38 65 31 32 5d 3b 29 69 66 28 28 30 78 31 3d 3d 3d 5f 30 78 37 62 35 66 66 65 5b 5f 30 78 33 64 31 38 39 38 28 30 78 38 34 38 29 5d 7c 7c 5f 30 78 31 30 66 36 34 32 29 26 26 5f 30 78 35 35 31 61 31 36 28 5f 30 78 37 62 35 66 66 65 2c 5f 30 78 33 37 65 38 33 36 2c 5f 30 78 33 32 38 31 36 39 29 29 72 65 74 75 72 6e 21 30 78 30 3b 7d 65 6c 73 65 7b 66 6f 72 28 3b 5f 30 78 37 62 35 66 66 65 3d 5f 30 78 37 62 35 66 66 65 5b 5f 30 78 35 64 38 65 31 32 5d 3b 29 69 66 28 30 78 31 3d 3d 3d 5f 30 78 37 62 35 66 66 65 5b 5f 30 78 33 64 31 38 39 38 28 30 78 38 34 38 29 5d 7c 7c 5f 30 78 31 30 66 36 34 32 29 7b 69 66 28 5f 30 78 33 66 62 65 61 35 3d 5f 30 78 37 62 35 66 66 65 5b 5f 30 78 35 30 32 63 64 38 5d 7c 7c 28 5f 30 78 37 62 35 66 66 65 5b 5f 30 78 Data Ascii: 0x5d8e12];)if((0x1===_0x7b5ffe[_0x3d1898(0x848)]\|\|_0x10f642)&&_0x551a16(_0x7b5ffe,_0x37e836,_0x328169))return!0x0;}else{for(;_0x7b5ffe=_0x7b5ffe[_0x5d8e12];)if(0x1===_0x7b5ffe[_0x3d1898(0x848)]\|\|_0x10f642){if(_0x3fbea5=_0x7b5ffe[_0x502cd8]\|\|(_0x7b5ffe[_0x
2024-08-30 22:38:15 UTC	16384	IN	Data Raw: 78 31 38 38 65 38 66 28 5f 30 78 31 62 61 33 39 62 2c 5f 30 78 32 39 61 32 30 36 29 29 29 29 3b 7d 2c 27 61 64 64 42 61 63 6b 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 61 66 63 66 64 37 29 7b 76 61 72 20 5f 30 78 33 33 35 62 34 35 3d 5f 30 78 32 36 64 61 64 64 3b 72 65 74 75 72 6e 20 74 68 69 73 5b 5f 30 78 33 33 35 62 34 35 28 30 78 38 63 30 29 5d 28 6e 75 6c 6c 3d 3d 5f 30 78 61 66 63 66 64 37 3f 74 68 69 73 5b 5f 30 78 33 33 35 62 34 35 28 30 78 65 64 35 29 5d 3a 74 68 69 73 5b 27 70 72 65 76 4f 62 6a 65 63 74 27 5d 5b 5f 30 78 33 33 35 62 34 35 28 30 78 61 35 62 29 5d 28 5f 30 78 61 66 63 66 64 37 29 29 3b 7d 7d 29 2c 5f 30 78 31 38 38 65 38 66 5b 27 65 61 63 68 27 5d 28 7b 27 70 61 72 65 6e 74 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 31 39 37 35 Data Ascii: x188e8f(_0x1ba39b,_0x29a206))));},'addBack':function(_0xafcfd7){var _0x335b45=_0x26dadd;return this[_0x335b45(0x8c0)](null==_0xafcfd7?this[_0x335b45(0xed5)]:this['prevObject'][_0x335b45(0xa5b)](_0xafcfd7));}}),_0x188e8f['each']({'parent':function(_0x31975
2024-08-30 22:38:15 UTC	16384	IN	Data Raw: 73 5b 27 65 78 70 61 6e 64 6f 27 5d 5d 29 3b 7d 7d 2c 27 68 61 73 44 61 74 61 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 62 64 32 62 32 29 7b 76 61 72 20 5f 30 78 33 63 35 66 39 35 3d 5f 30 78 32 36 64 61 64 64 2c 5f 30 78 31 62 37 37 61 34 3d 5f 30 78 33 62 64 32 62 32 5b 74 68 69 73 5b 5f 30 78 33 63 35 66 39 35 28 30 78 31 62 31 29 5d 5d 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 78 30 21 3d 3d 5f 30 78 31 62 37 37 61 34 26 26 21 5f 30 78 31 38 38 65 38 66 5b 5f 30 78 33 63 35 66 39 35 28 30 78 33 66 39 29 5d 28 5f 30 78 31 62 37 37 61 34 29 3b 7d 7d 3b 76 61 72 20 5f 30 78 34 35 63 30 64 61 3d 6e 65 77 20 5f 30 78 35 30 38 36 64 39 28 29 2c 5f 30 78 35 32 39 34 39 39 3d 6e 65 77 20 5f 30 78 35 30 38 36 64 39 28 29 2c 5f 30 78 34 63 30 31 39 37 3d 2f Data Ascii: s['expando']]);}},'hasData':function(_0x3bd2b2){var _0x3c5f95=_0x26dadd,_0x1b77a4=_0x3bd2b2[this[_0x3c5f95(0x1b1)]];return void 0x0!==_0x1b77a4&&!_0x188e8f[_0x3c5f95(0x3f9)](_0x1b77a4);}};var _0x45c0da=new _0x5086d9(),_0x529499=new _0x5086d9(),_0x4c0197=/
2024-08-30 22:38:15 UTC	16384	IN	Data Raw: 62 32 2c 5f 30 78 31 32 31 39 63 34 3d 5f 30 78 34 35 63 30 64 61 5b 5f 30 78 32 32 64 31 61 38 28 30 78 38 65 63 29 5d 28 5f 30 78 34 37 62 61 63 66 29 3b 69 66 28 5f 30 78 34 33 62 64 62 32 28 5f 30 78 34 37 62 61 63 66 29 29 7b 66 6f 72 28 5f 30 78 32 33 35 34 64 30 5b 5f 30 78 32 32 64 31 61 38 28 30 78 37 39 61 29 5d 26 26 28 5f 30 78 32 33 35 34 64 30 3d 28 5f 30 78 32 65 66 66 38 66 3d 5f 30 78 32 33 35 34 64 30 29 5b 5f 30 78 32 32 64 31 61 38 28 30 78 37 39 61 29 5d 2c 5f 30 78 31 37 36 35 63 38 3d 5f 30 78 32 65 66 66 38 66 5b 5f 30 78 32 32 64 31 61 38 28 30 78 39 32 64 29 5d 29 2c 5f 30 78 31 37 36 35 63 38 26 26 5f 30 78 31 38 38 65 38 66 5b 5f 30 78 32 32 64 31 61 38 28 30 78 31 32 30 31 29 5d 5b 5f 30 78 32 32 64 31 61 38 28 30 78 66 63 63 Data Ascii: b2,_0x1219c4=_0x45c0da[_0x22d1a8(0x8ec)](_0x47bacf);if(_0x43bdb2(_0x47bacf)){for(_0x2354d0[_0x22d1a8(0x79a)]&&(_0x2354d0=(_0x2eff8f=_0x2354d0)[_0x22d1a8(0x79a)],_0x1765c8=_0x2eff8f[_0x22d1a8(0x92d)]),_0x1765c8&&_0x188e8f[_0x22d1a8(0x1201)][_0x22d1a8(0xfcc

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:38:17 UTC	622	OUT	GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://sharefile8.pages.dev sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://sharefile8.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-30 22:38:17 UTC	942	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 22:38:17 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03e5f-9226" Last-Modified: Mon, 04 May 2020 16:10:07 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 787627 Expires: Wed, 20 Aug 2025 22:38:17 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S0toDCIm9O9n1pX5%2BOeOUli8gLGK09IZw1oYM4JVMnJMZNYso3fxlf3gJKqIbBcUhiMAGTv6QWnBh7MqHapptX0KoyScSmADy26bru95LxuyczS5G4SEnH5YIbwSl%2Bn7N47ZPZXN"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 8bb84531bc04c352-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 22:38:17 UTC	427	IN	Data Raw: 37 63 30 33 0d 0a 2f 2a 21 0a 20 2a 20 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 34 2e 37 2e 30 20 62 79 20 40 64 61 76 65 67 61 6e 64 79 20 2d 20 68 74 74 70 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 69 6f 20 2d 20 40 66 6f 6e 74 61 77 65 73 6f 6d 65 0a 20 2a 20 20 4c 69 63 65 6e 73 65 20 2d 20 68 74 74 70 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 69 6f 2f 6c 69 63 65 6e 73 65 20 28 46 6f 6e 74 3a 20 53 49 4c 20 4f 46 4c 20 31 2e 31 2c 20 43 53 53 3a 20 4d 49 54 20 4c 69 63 65 6e 73 65 29 0a 20 2a 2f 0a 2f 2a 20 46 4f 4e 54 20 50 41 54 48 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 46 6f 6e 74 41 77 65 73 Data Ascii: 7c03/! Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License) // FONT PATH * -------------------------- */@font-face { font-family: 'FontAwes
2024-08-30 22:38:17 UTC	1369	IN	Data Raw: 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 77 6f 66 66 32 3f 76 3d 34 2e 37 2e 30 27 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 2c 20 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 77 6f 66 66 3f 76 3d 34 2e 37 2e 30 27 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 27 29 2c 20 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 74 74 66 3f 76 3d 34 2e 37 2e 30 27 29 20 66 6f 72 6d 61 74 28 27 74 72 75 65 74 79 70 65 27 29 2c 20 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 73 76 67 3f 76 3d 34 2e 37 2e 30 23 66 6f 6e 74 61 77 65 73 6f 6d 65 72 65 67 75 6c 61 72 27 29 20 66 6f 72 6d 61 74 28 Data Ascii: wesome-webfont.woff2?v=4.7.0') format('woff2'), url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'), url('../fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'), url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format(
2024-08-30 22:38:17 UTC	1369	IN	Data Raw: 0a 7d 0a 2f 2a 20 44 65 70 72 65 63 61 74 65 64 20 61 73 20 6f 66 20 34 2e 34 2e 30 20 2a 2f 0a 2e 70 75 6c 6c 2d 72 69 67 68 74 20 7b 0a 20 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 0a 7d 0a 2e 70 75 6c 6c 2d 6c 65 66 74 20 7b 0a 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 7d 0a 2e 66 61 2e 70 75 6c 6c 2d 6c 65 66 74 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 2e 33 65 6d 3b 0a 7d 0a 2e 66 61 2e 70 75 6c 6c 2d 72 69 67 68 74 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2e 33 65 6d 3b 0a 7d 0a 2e 66 61 2d 73 70 69 6e 20 7b 0a 20 20 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 20 66 61 2d 73 70 69 6e 20 32 73 20 69 6e 66 69 6e 69 74 65 20 6c 69 6e 65 61 72 3b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 66 61 2d 73 70 69 6e 20 Data Ascii: }/* Deprecated as of 4.4.0 */.pull-right { float: right;}.pull-left { float: left;}.fa.pull-left { margin-right: .3em;}.fa.pull-right { margin-left: .3em;}.fa-spin { -webkit-animation: fa-spin 2s infinite linear; animation: fa-spin
2024-08-30 22:38:17 UTC	1369	IN	Data Raw: 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 61 73 69 63 49 6d 61 67 65 28 72 6f 74 61 74 69 6f 6e 3d 30 2c 20 6d 69 72 72 6f 72 3d 31 29 22 3b 0a 20 20 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 2d 31 2c 20 31 29 3b 0a 20 20 2d 6d 73 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 2d 31 2c 20 31 29 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 2d 31 2c 20 31 29 3b 0a 7d 0a 2e 66 61 2d 66 6c 69 70 2d 76 65 72 74 69 63 61 6c 20 7b 0a 20 20 2d 6d 73 2d 66 69 6c 74 65 72 3a 20 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 61 73 69 63 49 6d 61 67 65 28 72 6f 74 61 74 69 6f 6e 3d 32 2c 20 Data Ascii: rogid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)"; -webkit-transform: scale(-1, 1); -ms-transform: scale(-1, 1); transform: scale(-1, 1);}.fa-flip-vertical { -ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=2,
2024-08-30 22:38:17 UTC	1369	IN	Data Raw: 72 67 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 39 22 3b 0a 7d 0a 2e 66 61 2d 74 68 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 61 22 3b 0a 7d 0a 2e 66 61 2d 74 68 2d 6c 69 73 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 62 22 3b 0a 7d 0a 2e 66 61 2d 63 68 65 63 6b 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 63 22 3b 0a 7d 0a 2e 66 61 2d 72 65 6d 6f 76 65 3a 62 65 66 6f 72 65 2c 0a 2e 66 61 2d 63 6c 6f 73 65 3a 62 65 66 6f 72 65 2c 0a 2e 66 61 2d 74 69 6d 65 73 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 64 22 3b 0a 7d 0a 2e 66 61 2d 73 65 61 72 63 68 2d 70 6c 75 73 3a 62 65 66 6f Data Ascii: rge:before { content: "\f009";}.fa-th:before { content: "\f00a";}.fa-th-list:before { content: "\f00b";}.fa-check:before { content: "\f00c";}.fa-remove:before,.fa-close:before,.fa-times:before { content: "\f00d";}.fa-search-plus:befo
2024-08-30 22:38:17 UTC	1369	IN	Data Raw: 74 3a 20 22 5c 66 30 32 39 22 3b 0a 7d 0a 2e 66 61 2d 62 61 72 63 6f 64 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 61 22 3b 0a 7d 0a 2e 66 61 2d 74 61 67 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 62 22 3b 0a 7d 0a 2e 66 61 2d 74 61 67 73 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 63 22 3b 0a 7d 0a 2e 66 61 2d 62 6f 6f 6b 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 64 22 3b 0a 7d 0a 2e 66 61 2d 62 6f 6f 6b 6d 61 72 6b 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 65 22 3b 0a 7d 0a 2e 66 61 2d 70 72 69 6e 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 Data Ascii: t: "\f029";}.fa-barcode:before { content: "\f02a";}.fa-tag:before { content: "\f02b";}.fa-tags:before { content: "\f02c";}.fa-book:before { content: "\f02d";}.fa-bookmark:before { content: "\f02e";}.fa-print:before { content: "\f02
2024-08-30 22:38:17 UTC	1369	IN	Data Raw: 2d 62 61 63 6b 77 61 72 64 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 38 22 3b 0a 7d 0a 2e 66 61 2d 66 61 73 74 2d 62 61 63 6b 77 61 72 64 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 39 22 3b 0a 7d 0a 2e 66 61 2d 62 61 63 6b 77 61 72 64 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 61 22 3b 0a 7d 0a 2e 66 61 2d 70 6c 61 79 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 62 22 3b 0a 7d 0a 2e 66 61 2d 70 61 75 73 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 63 22 3b 0a 7d 0a 2e 66 61 2d 73 74 6f 70 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 64 22 3b 0a 7d 0a Data Ascii: -backward:before { content: "\f048";}.fa-fast-backward:before { content: "\f049";}.fa-backward:before { content: "\f04a";}.fa-play:before { content: "\f04b";}.fa-pause:before { content: "\f04c";}.fa-stop:before { content: "\f04d";}
2024-08-30 22:38:17 UTC	1369	IN	Data Raw: 20 22 5c 66 30 36 37 22 3b 0a 7d 0a 2e 66 61 2d 6d 69 6e 75 73 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 38 22 3b 0a 7d 0a 2e 66 61 2d 61 73 74 65 72 69 73 6b 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 39 22 3b 0a 7d 0a 2e 66 61 2d 65 78 63 6c 61 6d 61 74 69 6f 6e 2d 63 69 72 63 6c 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 61 22 3b 0a 7d 0a 2e 66 61 2d 67 69 66 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 62 22 3b 0a 7d 0a 2e 66 61 2d 6c 65 61 66 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 63 22 3b 0a 7d 0a 2e 66 61 2d 66 69 72 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 Data Ascii: "\f067";}.fa-minus:before { content: "\f068";}.fa-asterisk:before { content: "\f069";}.fa-exclamation-circle:before { content: "\f06a";}.fa-gift:before { content: "\f06b";}.fa-leaf:before { content: "\f06c";}.fa-fire:before { cont
2024-08-30 22:38:17 UTC	1369	IN	Data Raw: 74 68 75 6d 62 73 2d 6f 2d 75 70 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 37 22 3b 0a 7d 0a 2e 66 61 2d 74 68 75 6d 62 73 2d 6f 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 38 22 3b 0a 7d 0a 2e 66 61 2d 73 74 61 72 2d 68 61 6c 66 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 39 22 3b 0a 7d 0a 2e 66 61 2d 68 65 61 72 74 2d 6f 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 61 22 3b 0a 7d 0a 2e 66 61 2d 73 69 67 6e 2d 6f 75 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 62 22 3b 0a 7d 0a 2e 66 61 2d 6c 69 6e 6b 65 64 69 6e 2d 73 71 75 61 72 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 Data Ascii: thumbs-o-up:before { content: "\f087";}.fa-thumbs-o-down:before { content: "\f088";}.fa-star-half:before { content: "\f089";}.fa-heart-o:before { content: "\f08a";}.fa-sign-out:before { content: "\f08b";}.fa-linkedin-square:before {
2024-08-30 22:38:17 UTC	1369	IN	Data Raw: 30 61 36 22 3b 0a 7d 0a 2e 66 61 2d 68 61 6e 64 2d 6f 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 61 37 22 3b 0a 7d 0a 2e 66 61 2d 61 72 72 6f 77 2d 63 69 72 63 6c 65 2d 6c 65 66 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 61 38 22 3b 0a 7d 0a 2e 66 61 2d 61 72 72 6f 77 2d 63 69 72 63 6c 65 2d 72 69 67 68 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 61 39 22 3b 0a 7d 0a 2e 66 61 2d 61 72 72 6f 77 2d 63 69 72 63 6c 65 2d 75 70 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 61 61 22 3b 0a 7d 0a 2e 66 61 2d 61 72 72 6f 77 2d 63 69 72 63 6c 65 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 Data Ascii: 0a6";}.fa-hand-o-down:before { content: "\f0a7";}.fa-arrow-circle-left:before { content: "\f0a8";}.fa-arrow-circle-right:before { content: "\f0a9";}.fa-arrow-circle-up:before { content: "\f0aa";}.fa-arrow-circle-down:before { content:

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:38:17 UTC	551	OUT	GET /json/ HTTP/1.1 Host: ipapi.co Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://sharefile8.pages.dev Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://sharefile8.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-30 22:38:18 UTC	763	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 22:38:17 GMT Content-Type: application/json Content-Length: 763 Connection: close Allow: GET, POST, OPTIONS, OPTIONS, HEAD X-Frame-Options: DENY Vary: Host, origin access-control-allow-origin: https://sharefile8.pages.dev X-Content-Type-Options: nosniff Referrer-Policy: same-origin Cross-Origin-Opener-Policy: same-origin CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0M5NRKmOxyBq8l%2FlUNMo5aJkOfp8LtCgvBHAgduYqDBrvqz3NnCxNB4D7rFOFXjAd2h9dx4EuvCE4G8MFx0%2FzC%2FLDTzJqMxsWL9kQ2g7iZ4s0Yym8tXUuwGy"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb84531ba1741d5-EWR
2024-08-30 22:38:18 UTC	606	IN	Data Raw: 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 30 2f 32 34 22 2c 0a 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 22 49 50 76 34 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 5f 63 6f 64 65 22 3a 20 22 4e 59 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 6e 61 6d 65 22 3a 20 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 63 6f 75 6e Data Ascii: { "ip": "8.46.123.33", "network": "8.46.123.0/24", "version": "IPv4", "city": "New York City", "region": "New York", "region_code": "NY", "country": "US", "country_name": "United States", "country_code": "US", "coun
2024-08-30 22:38:18 UTC	157	IN	Data Raw: 6f 6c 6c 61 72 22 2c 0a 20 20 20 20 22 6c 61 6e 67 75 61 67 65 73 22 3a 20 22 65 6e 2d 55 53 2c 65 73 2d 55 53 2c 68 61 77 2c 66 72 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 61 72 65 61 22 3a 20 39 36 32 39 30 39 31 2e 30 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 70 6f 70 75 6c 61 74 69 6f 6e 22 3a 20 33 32 37 31 36 37 34 33 34 2c 0a 20 20 20 20 22 61 73 6e 22 3a 20 22 41 53 33 33 35 36 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 4c 45 56 45 4c 33 22 0a 7d Data Ascii: ollar", "languages": "en-US,es-US,haw,fr", "country_area": 9629091.0, "country_population": 327167434, "asn": "AS3356", "org": "LEVEL3"}

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:38:18 UTC	7106	OUT	GET /b08+zb2ylref0qax?0dc76ab0dd308d6a261c143750b9eaf0m0haoys3=U2FsdGVkX1%2Bx%2BrtNATtHUgjMr7p8GXN0rISAjyQFtyvb7gycmSolKTr8OWrm593XWOHvyBWWh83TJoGR3fKvvWNGJjlYwTygUb6YSz%2BXkTzgkTMPojiEE%2Be2lvvzp%2Fx6%2FAyKC9BsHbP4NUOf10F5S1yqjllntRTpNu4hfJ1FBrx39J0xCJBkEkAaGpOFeAgvlMpsmlmMx8JBmlzTfIvB5Qp11o%2BWEmcE6KKosPe3fphrdXRngY7XgyPMg3OzvmB5%2Bj7tNILE20ZQpqoYadHVwtDWRaBQ86Qv%2BTkXYqoMbtqurdi4LaQsW0ytpEY3h4DmvAIWI5U5Yp4SOjcVlJvQsKnVOw4td%2BeHbiry6xVX4mq2aYy7nhqmXUSwga9chfMpCzuaaVDqYZS9WPTYN29YyYawVEmIiQ6%2BfHDW%2Bojj3UXtMasNwn0JvFnqC%2FiKIIb2NOGyf4ri5XsHZbgSknv36melZ1URrmTgnJu69G5MXbwzPaOQtl%2BbLM8j95aLK%2F1%2BH2qkza%2BOTjE5dBoazHQHu0Xc5iF693WC8w6B2KzesxbVwDo9dYgk2S3hi0RVDx%2F8E7%2BZB%2Ft%2FzWAj8NsbifpcNAKr%2BPrl8cqa%2B%2BvYoAHH1UMxOdf47IkCfaeQvLFSZ4qY54JDnadkn0MY3fle%2FTgch%2B3%2FySGd9B1XIdvR59qXCdT8LIYHrX%2FTbQq7Np1naD4ib7RwLgZeRHn0zmvK%2FlfBdscQbkGN%2FinP%2FVQxQCDy1g2GCeQ%2BHqU3ggykBqCJLu99fdhT3580Wl%2Bodgf6EjkLNkiixAWLgRNIL%2Bd2wij5zAx7psuMiX%2FrUOMatmmM9au1sAXraOQp8IkOL%2B7Y%2BuO8fQUcm%2BB%2BHXYjzJpJCS4pyzjz53%2BR7 [TRUNCATED] Host: sharefile8.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://sharefile8.pages.dev/b08+zb2ylref0qax?0dc76ab0dd308d6a261c143750b9eaf0m0haoys3=U2FsdGVkX1%2Bx%2BrtNATtHUgjMr7p8GXN0rISAjyQFtyvb7gycmSolKTr8OWrm593XWOHvyBWWh83TJoGR3fKvvWNGJjlYwTygUb6YSz%2BXkTzgkTMPojiEE%2Be2lvvzp%2Fx6%2FAyKC9BsHbP4NUOf10F5S1yqjllntRTpNu4hfJ1FBrx39J0xCJBkEkAaGpOFeAgvlMpsmlmMx8JBmlzTfIvB5Qp11o%2BWEmcE6KKosPe3fphrdXRngY7XgyPMg3OzvmB5%2Bj7tNILE20ZQpqoYadHVwtDWRaBQ86Qv%2BTkXYqoMbtqurdi4LaQsW0ytpEY3h4DmvAIWI5U5Yp4SOjcVlJvQsKnVOw4td%2BeHbiry6xVX4mq2aYy7nhqmXUSwga9chfMpCzuaaVDqYZS9WPTYN29YyYawVEmIiQ6%2BfHDW%2Bojj3UXtMasNwn0JvFnqC%2FiKIIb2NOGyf4ri5XsHZbgSknv36melZ1URrmTgnJu69G5MXbwzPaOQtl%2BbLM8j95aLK%2F1%2BH2qkza%2BOTjE5dBoazHQHu0Xc5iF693WC8w6B2KzesxbVwDo9dYgk2S3hi0RVDx%2F8E7%2BZB%2Ft%2FzWAj8NsbifpcNAKr%2BPrl8cqa%2B%2BvYoAHH1UMxOdf47IkCfaeQvLFSZ4qY54JDnadkn0MY3fle%2FTgch%2B3%2FySGd9B1XIdvR59qXCdT8LIYHrX%2FTbQq7Np1naD4ib7RwLgZeRHn0zmvK%2FlfBdscQbkGN%2FinP%2FVQxQCDy1g2GCeQ%2BHqU3ggykBqCJLu99fdhT3580Wl%2Bodgf6EjkLNkiixAWLgRNIL%2Bd2wij5zAx7psuMiX%2FrUOMatmmM9au1sAXraOQp8IkOL%2B7Y%2BuO8fQ [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-30 22:38:18 UTC	720	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 22:38:18 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EoCrV6ARJ3DHmOq8VZ4yYyA%2FLkpYYarMwoFHn9DosMoqpvZDrb4Y86EmBeWlhWWPQVl50GI6jOcsEqseYaFqct37v4GmPtF9Xqdf6xfo51i43EjtyfDfjTNMxjR1hcPLoMraWFuHww%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb84536683f9e04-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 22:38:18 UTC	523	IN	Data Raw: 32 30 34 0d 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 67 68 2f 75 69 68 6b 64 73 6c 69 6a 73 6a 64 2f 63 61 70 74 69 76 61 74 69 6e 67 2d 61 70 70 2d 6c 79 6f 75 62 67 73 35 40 69 6e 74 65 72 6e 61 6c 2d 32 30 32 34 2d 30 37 2d 31 36 2d 32 30 2d 30 32 2d 35 38 2f 31 33 39 61 38 63 64 32 2d 64 31 30 63 2d 34 33 33 36 2d 62 61 30 34 2d 33 66 31 63 35 33 62 61 38 63 62 36 2e 6a 73 3f 68 61 73 68 3d 36 62 30 36 64 62 39 34 33 66 30 38 31 65 62 65 65 36 38 39 66 33 37 36 63 38 62 32 33 31 64 31 26 45 44 6c 46 68 36 53 4f 42 Data Ascii: 204<html> <head><title></title></head> <body> <script src="https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/139a8cd2-d10c-4336-ba04-3f1c53ba8cb6.js?hash=6b06db943f081ebee689f376c8b231d1&EDlFh6SOB
2024-08-30 22:38:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:38:18 UTC	515	OUT	OPTIONS /report/v4?s=0M5NRKmOxyBq8l%2FlUNMo5aJkOfp8LtCgvBHAgduYqDBrvqz3NnCxNB4D7rFOFXjAd2h9dx4EuvCE4G8MFx0%2FzC%2FLDTzJqMxsWL9kQ2g7iZ4s0Yym8tXUuwGy HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://ipapi.co Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-30 22:38:18 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Fri, 30 Aug 2024 22:38:18 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:38:18 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-30 22:38:19 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=39514 Date: Fri, 30 Aug 2024 22:38:19 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:38:19 UTC	464	OUT	POST /report/v4?s=0M5NRKmOxyBq8l%2FlUNMo5aJkOfp8LtCgvBHAgduYqDBrvqz3NnCxNB4D7rFOFXjAd2h9dx4EuvCE4G8MFx0%2FzC%2FLDTzJqMxsWL9kQ2g7iZ4s0Yym8tXUuwGy HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 410 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-30 22:38:19 UTC	410	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 33 32 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 39 35 35 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 73 68 61 72 65 66 69 6c 65 38 2e 70 61 67 65 73 2e 64 65 76 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 36 2e 39 2e 34 34 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 32 30 30 2c 22 74 79 70 65 22 3a 22 61 62 61 6e 64 6f 6e 65 64 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c Data Ascii: [{"age":32,"body":{"elapsed_time":955,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://sharefile8.pages.dev/","sampling_fraction":1.0,"server_ip":"104.26.9.44","status_code":200,"type":"abandoned"},"type":"network-error","url
2024-08-30 22:38:19 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Fri, 30 Aug 2024 22:38:19 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2922
Entropy (8bit):	7.67608916224019
Encrypted:	false
SSDEEP:	48:p11LNn2xkJ3ncp0nuiA0yLNa2yAjlye8+Sq6OXsxorOkaaFn09uS47Fe:jX2Ycdi98cet9C/kaq0w7U
MD5:	74EB232B7F745297031432530B14F3D8
SHA1:	7CE33765570544B37FE6EEA9B5C43515A9A2C112
SHA-256:	9AC552C9C42DB29135A722F8E7C2D897257115F50432180518B3B63CCF2E6078
SHA-512:	AC91841A41A65EE330D30FAA452D5275E289967F7EE901053E149BF4014F9422F909EA7A4274403C3DD4C1E81ED41679B30860A6FDF263356F6D34520EBD98E5
Malicious:	false
Reputation:	low
URL:	https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/fa37e6e4fd65b2e85394.ico
Preview:	.PNG........IHDR...-...-.....:......tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.1 (Windows)" xmpMM:InstanceID="xmp.iid:59A7A3F1AB9211EB94DECE4A10122554" xmpMM:DocumentID="xmp.did:59A7A3F2AB9211EB94DECE4A10122554"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:59A7A3EFAB9211EB94DECE4A10122554" stRef:documentID="xmp.did:59A7A3F0AB9211EB94DECE4A10122554"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx..Xkl...>w.;..;...6....'4PRHe...U.j+.H......-R..U..i....Z..j....).I..P[. ..*..0..y$.I.0..W..y..s.....Q.IU

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2922
Entropy (8bit):	7.67608916224019
Encrypted:	false
SSDEEP:	48:p11LNn2xkJ3ncp0nuiA0yLNa2yAjlye8+Sq6OXsxorOkaaFn09uS47Fe:jX2Ycdi98cet9C/kaq0w7U
MD5:	74EB232B7F745297031432530B14F3D8
SHA1:	7CE33765570544B37FE6EEA9B5C43515A9A2C112
SHA-256:	9AC552C9C42DB29135A722F8E7C2D897257115F50432180518B3B63CCF2E6078
SHA-512:	AC91841A41A65EE330D30FAA452D5275E289967F7EE901053E149BF4014F9422F909EA7A4274403C3DD4C1E81ED41679B30860A6FDF263356F6D34520EBD98E5
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...-...-.....:......tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.1 (Windows)" xmpMM:InstanceID="xmp.iid:59A7A3F1AB9211EB94DECE4A10122554" xmpMM:DocumentID="xmp.did:59A7A3F2AB9211EB94DECE4A10122554"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:59A7A3EFAB9211EB94DECE4A10122554" stRef:documentID="xmp.did:59A7A3F0AB9211EB94DECE4A10122554"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx..Xkl...>w.;..;...6....'4PRHe...U.j+.H......-R..U..i....Z..j....).I..P[. ..*..0..y$.I.0..W..y..s.....Q.IU

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:38:20 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-30 22:38:20 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=39466 Date: Fri, 30 Aug 2024 22:38:20 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-30 22:38:20 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:38:20 UTC	674	OUT	GET /gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/fa37e6e4fd65b2e85394.ico HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://sharefile8.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-30 22:38:21 UTC	764	IN	HTTP/1.1 200 OK Connection: close Content-Length: 2922 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=604800, s-maxage=43200 Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: image/vnd.microsoft.icon X-JSD-Version: internal-2024-07-16-20-02-58 X-JSD-Version-Type: branch ETag: W/"b6a-fOM3ZVcFRLN/5u6ptcQ1FamiwRI" Accept-Ranges: bytes Age: 1565 Date: Fri, 30 Aug 2024 22:38:21 GMT X-Served-By: cache-fra-eddf8230068-FRA, cache-nyc-kteb1890037-NYC X-Cache: MISS, HIT Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-08-30 22:38:21 UTC	1378	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 2d 00 00 00 2d 08 06 00 00 00 3a 1a e2 9a 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 23 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 38 20 37 39 2e 31 36 34 30 33 36 2c 20 32 30 31 39 2f 30 38 2f 31 33 2d 30 31 3a 30 36 3a 35 37 20 20 Data Ascii: PNGIHDR--:tEXtSoftwareAdobe ImageReadyqe<#iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57
2024-08-30 22:38:21 UTC	1378	IN	Data Raw: f8 e2 1d 4f bf 53 b8 fe c4 82 33 54 b2 99 48 b1 a4 26 09 16 39 60 c7 a9 42 b5 5c 04 17 b7 02 04 81 28 b3 cb 81 ad 5d 0f 6e e1 1a bf 62 d0 9a f8 c7 fd 63 9f d1 14 a9 7a d6 a0 71 d2 f2 4f 0f cc 6e fb d9 81 b9 ad 33 45 2f 95 50 30 d1 30 d9 04 9b 11 16 89 58 19 a3 50 ad 94 a0 52 3c 8d ac 39 78 86 b4 80 5b 0e 6c b0 c3 37 b4 ec c0 a3 df ba 62 cb 4d 63 7d 8f 9c 15 e8 92 43 13 77 3e 39 b5 fb b1 d7 97 36 a7 91 51 a5 3e 7e 73 72 85 f3 8a 21 4c 09 28 f5 a0 52 5a 42 e6 97 80 51 56 03 1f 66 9b b5 38 49 7d 22 94 0a b6 3f 77 69 fe c5 bf de bf ee ea 33 4e 44 94 96 fc cd 27 a7 7e fb d8 c1 a5 cd 39 dd 07 cc 84 c7 c6 00 ae 25 5a 70 8d 52 2a 5e 65 a4 b2 60 5a dd 68 81 09 11 01 1e 36 9e 74 ac 0e b8 26 7c ea 87 94 a1 c4 f8 4a 14 05 14 cb 84 f1 ff 78 9f dd fb f6 e2 a6 e9 a2 d7 Data Ascii: OS3TH&9`B\(]nbczqOn3E/P00XPR<9x[l7bMc}Cw>96Q>~sr!L(RZBQVf8I}"?wi3ND'~9%ZpR*^e`Zh6t&\|Jx
2024-08-30 22:38:21 UTC	166	IN	Data Raw: 64 df 14 db f2 d4 9c 79 f7 91 8a b1 a6 48 a5 90 cf 36 f9 6d 73 d3 c4 96 91 46 ec 3d fe 75 12 6d 2a c5 b1 a5 b8 74 2c 5b da b3 65 45 75 db da 15 f9 83 56 d7 85 58 f6 b5 f8 6f 44 7e 5c 2e 95 c0 2e 2c c2 52 b9 22 4f 16 a5 2b 8f 94 b5 f5 d3 8e 3a 5a 65 52 8a 84 0b 4f 73 21 81 b8 36 a0 f5 37 10 d6 74 2d bc 68 12 2b f6 e9 f6 c4 a7 32 ce 73 83 96 f4 9a 91 32 21 61 62 d3 a5 2a e7 e6 67 b1 f6 4f bd 6d d0 6d d0 6d d0 6d d0 e7 7d f9 af 00 03 00 c1 49 0c 37 2e a0 31 20 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: dyH6msF=umt,[eEuVXoD~\..,R"O+:ZeROs!67t-h+2s2!abgOmmmm}I7.1 IENDB`

Target ID:	0
Start time:	18:38:08
Start date:	30/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	18:38:10
Start date:	30/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 --field-trial-handle=2416,i,17885033267764913659,14688378653275137102,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	18:38:13
Start date:	30/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sharefile8.pages.dev/b08+zb2ylref0qax"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://sharefile8.pages.dev/b08+zb2ylref0qax

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
https://sharefile8.pages.dev/b08+zb2ylref0qax