Edit tour

Windows Analysis Report
https://sharefile8.pages.dev/uycae7qdtivz

Overview

General Information

Sample URL:	https://sharefile8.pages.dev/uycae7qdtivz
Analysis ID:	1502067
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Phishing site detected (based on logo match)

HTML body contains low number of good links

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5252 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1892,i,6036370957135810089,8913089425095281939,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2840 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sharefile8.pages.dev/uycae7qdtivz" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Source: https://sharefile8.pages.dev/uycae7qdtivz?5375c6110b43b8c63925c7a44f8b493fm0hargfw=U2FsdGVkX18uepvwgJcebRxNy6x%2F2mrYK6kwKRX0VMGmct9bu5x7ouOZxKTBFmwLWGoCBxJZg5iEAooAU9%2Ff006M0GbNvuiBFXtk2m1BXLfEqoti7uaErGEX%2FwJ5Sr0zSmEeJaMGDOPMB5UYtXSpgD0KMcD9xxlAoE%2B49Ec2RVffl70fCvRno2S%2FT%2BSmQh2CmTVQ1me6IpVVjXolgEwt1R5ttwmZClp8FYxbVaQGh7Lm4W02ZLeecIh0E1rhCEb9SI3WwJ2%2BtCpg%2BeGyG5%2FclSTglokwv%2Bu%2BqNDnICnCcbtyqrvBQGWuH1Hfd6bm9fbEuAkDxLqcq5Mk7%2FOzgiWAVS3%2FlJ%2FmqYpAqSAE4tObtYkq646mpwONs%2F%2BjbVKf3f9tTX83ZgDoz2rNU7rV4x2n2HHtEraVcwjeldFPk0F%2B0og3f2L%2B1ohFDzN39mLTJHMbaLLI3AKWn20Xpz2D%2Fb2jNJlR6tkKh7K3WdSJjUVdD7fkHf%2BBWUuzTS4wJsG3P6b%2Fxp9Oo32we9%2FwYUNjPVxg%2BZOOP%2FnfOKt1z4gFDhFyH78KlQomi0SwF8KQvfScrKLg33ML7hFyUGjdPhiSDW90HwiEIFr%2BLbfmjgoS9oJuv2x1DfaLVde24%2Fw2lN9Uj6E3FhN36kxoBqVLCZwEvhWaZchAJYzZFBCSrACAIF1PKRtuROPwF5Ds%2BuZhpSZQbVmy7co7PxS3I7o4LM5qQq5%2F73%2F8Ov21T7DSc3BGXEA5uzkNtnqG1VWXxLMkIXmHI4SPwcSrReca4JQyKHTZTFmreTYJEpbNyUThaKKo361OYs5nlH1RPWLFfCWMl53XCS0QRm%2Fq93LxlaUuTLZpdsY8kaBIS7BTAm7NN%2FAEXyoLb0S9N3EPxYOxmTgQ0BIJcw1yotviHF4V6q0cCzohiaj9FuOT2teICbzuuOkUIsaAe6QUiEGLSj0zu4KtwZ1ntAsEXKQrIb2Dx23fOBAlP7KFCaRJuYWdAP1FnGOwsCa8DnRPOwRY7i85mYDFHu4tNHfzmJp%2FWi4mxk4fO7y9ZKHHgnEAt2Nw7kaq%2BDmd6ikJwsWuQTwP3kTbKiBP16juJvitJ4znJFzp%2FwPGU%2BLCyuChrb9NGfjT3PZp5MbejggXgIlUGTuemThXHiTvPEN7oR7zyXrScTwtZHQXlHWhCV%2FvC%2FdYY3kQWoXfY0e0g%2BDSXh3kbFjPHx4pZRmIuUa9flskp2vxS5eca%2FOkriL1IoFslxcwxMzEtZHKNy4wWj1jmaLt7U%2B59SEKlHbJQhXjZCtVIcQpZ9cGsAX9KW6DO9jVaeENPoBXagWPsqO2WnbA8XoEnKFsH8iB6%2BDEcT6C5M%2FXSguiqyo8xpcwZh18fbnl%2BahP9Q9J4buxJrqgYaH0F7Ixho4hjKtHtzLRb2q9KMKq5g7zkkLe0IwvtGqvzm%2BnJBKIY%2BZr4sRBrtd%2F7itnRaZLBzOrml6CsLWJVp%2BpLXO9aUV5sxpg%2Fqhst13%2F7tV44mJjfki4YJPIoJr1UV6%2BzupwX%2F2fRwXWsrk6Ch8dvCWRZOyzpQK1ce7RIhCPJrjaEjtAxILYfvB5Do61QlaMpCxh83ZLEN%2FZNcGSih5jbvbbKt4PONdxS27gUl%2BPGHrVhKU3VwOxhno%2FYSFev3nvPvwQIarHL5h3cbP7z1sXDMyVdmgkTBpBw5n0UdpgabJFp3vcfKyh24uQA2Z0SW%2BGMnTK6n8UIQ3BMaN283%2FHy4fYvTSs6pDKA8yEh8hk0TrxR2AsNVCTcWUvzvSY5GWh%2FPlSvm9UYYGhNhd84aSWtRqJyion20Ai4Z1WKHXr9h1p58MnQEp7fbj4tYlbT8M0bCnyvsBi8eLdFHK8PzqemifNEf82Hk2IS9BO%2FmtPgqYZrQ%3D%3D

LLM: Score: 8 Reasons: The domain'sharefile8.pages.dev' is not a typical domain for a production OneDrive site, and the use of the.dev gTLD is unusual for a production environment. Additionally, the notification message suggests that the document is password-protected or encrypted, which is a common phishing tactic. DOM: 1.0.pages.csv

Phishing site detected (based on favicon image match)

Matcher: Template: onedrive matched with high similarity

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

HTTP Parser: Number of links: 0

HTTP Parser: Title: Microsoft OneDrive does not match URL

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49722 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /uycae7qdtivz HTTP/1.1Host: sharefile8.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://sharefile8.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://sharefile8.pages.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://sharefile8.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uycae7qdtivz?5375c6110b43b8c63925c7a44f8b493fm0hargfw=U2FsdGVkX18uepvwgJcebRxNy6x%2F2mrYK6kwKRX0VMGmct9bu5x7ouOZxKTBFmwLWGoCBxJZg5iEAooAU9%2Ff006M0GbNvuiBFXtk2m1BXLfEqoti7uaErGEX%2FwJ5Sr0zSmEeJaMGDOPMB5UYtXSpgD0KMcD9xxlAoE%2B49Ec2RVffl70fCvRno2S%2FT%2BSmQh2CmTVQ1me6IpVVjXolgEwt1R5ttwmZClp8FYxbVaQGh7Lm4W02ZLeecIh0E1rhCEb9SI3WwJ2%2BtCpg%2BeGyG5%2FclSTglokwv%2Bu%2BqNDnICnCcbtyqrvBQGWuH1Hfd6bm9fbEuAkDxLqcq5Mk7%2FOzgiWAVS3%2FlJ%2FmqYpAqSAE4tObtYkq646mpwONs%2F%2BjbVKf3f9tTX83ZgDoz2rNU7rV4x2n2HHtEraVcwjeldFPk0F%2B0og3f2L%2B1ohFDzN39mLTJHMbaLLI3AKWn20Xpz2D%2Fb2jNJlR6tkKh7K3WdSJjUVdD7fkHf%2BBWUuzTS4wJsG3P6b%2Fxp9Oo32we9%2FwYUNjPVxg%2BZOOP%2FnfOKt1z4gFDhFyH78KlQomi0SwF8KQvfScrKLg33ML7hFyUGjdPhiSDW90HwiEIFr%2BLbfmjgoS9oJuv2x1DfaLVde24%2Fw2lN9Uj6E3FhN36kxoBqVLCZwEvhWaZchAJYzZFBCSrACAIF1PKRtuROPwF5Ds%2BuZhpSZQbVmy7co7PxS3I7o4LM5qQq5%2F73%2F8Ov21T7DSc3BGXEA5uzkNtnqG1VWXxLMkIXmHI4SPwcSrReca4JQyKHTZTFmreTYJEpbNyUThaKKo361OYs5nlH1RPWLFfCWMl53XCS0QRm%2Fq93LxlaUuTLZpdsY8kaBIS7BTAm7NN%2FAEXyoLb0S9N3EPxYOxmTgQ0BIJcw1yotviHF4V6q0cCzohiaj9FuOT2teICbzuuOkUIsaAe6QUiEGLSj0zu4KtwZ1ntAsEXKQrIb2Dx23fOBAlP7KFCaRJuYWdAP1FnGOwsCa8DnRPOwRY7i85mYDFHu4tNHfzmJp%2FWi4mxk4fO7y9ZKHHgnEAt2Nw7kaq%2BDmd6ikJwsWuQTwP3kTbKiBP16juJvitJ4znJFzp%2FwPGU%2BLCyuChrb9NGfjT3PZp5MbejggXgIlUGTuemThXHiTvPEN7oR7zyXrScTwtZHQXlHWhCV%2FvC%2FdYY3kQWoXfY0e0g%2BDSXh3kbFjPHx4pZRmIuUa9flskp2vxS5eca%2FOkriL1IoFslxcwxMzEtZHKNy4wWj1jmaLt7U%2B59SEKlHbJQhXjZCtVIcQpZ9cGsAX9KW6DO9jVaeENPoBXagWPsqO2WnbA8XoEnKFsH8iB6%2BDEcT6C5M%2FXSguiqyo8xpcwZh18fbnl%2BahP9Q9J4buxJrqgYaH0F7Ixho4hjKtHtzLRb2q9KMKq5g7zkkLe0IwvtGqvzm%2BnJBKIY%2BZr4sRBrtd%2F7itnRaZLBzOrml6CsLWJVp%2BpLXO9aUV5sxpg%2Fqhst13%2F7tV44mJjfki4YJPIoJr1UV6%2BzupwX%2F2fRwXWsrk6Ch8dvCWRZOyzpQK1ce7RIhCPJrjaEjtAxILYfvB5Do61QlaMpCxh83ZLEN%2FZNcGSih5jbvbbKt4PONdxS27gUl%2BPGHrVhKU3VwOxhno%2FYSFev3nvPvwQIarHL5h3cbP7z1sXDMyVdmgkTBpBw5n0UdpgabJFp3vcfKyh24uQA2Z0SW%2BGMnTK6n8UIQ3BMaN283%2FHy4fYvTSs6pDKA8yEh8hk0TrxR2AsNVCTcWUvzvSY5GWh%2FPlSvm9UYYGhNhd84aSWtRqJyion20Ai4Z1WKHXr9h1p58MnQEp7fbj4tYlbT8M0bCnyvsBi8eLdFHK8PzqemifNEf82Hk2IS9BO%2FmtPgqYZrQ%3D%3D HTTP/1.1Host: sharefile8.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://sharefile8.pages.dev/uycae7qdtivz?5375c6110b43b8c63925c7a44f8b493fm0hargfw=U2FsdGVkX18uepvwgJcebRxNy6x%2F2mrYK6kwKRX0VMGmct9bu5x7ouOZxKTBFmwLWGoCBxJZg5iEAooAU9%2Ff006M0GbNvuiBFXtk2m1BXLfEqoti7uaErGEX%2FwJ5Sr0zSmEeJaMGDOPMB5UYtXSpgD0KMcD9xxlAoE%2B49Ec2RVffl70fCvRno2S%2FT%2BSmQh2CmTVQ1me6IpVVjXolgEwt1R5ttwmZClp8FYxbVaQGh7Lm4W02ZLeecIh0E1rhCEb9SI3WwJ2
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: sharefile8.pages.dev
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ipapi.co
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com

Source: chromecache_80.2.dr, chromecache_73.2.dr	String found in binary or memory: http://creativecommons.org/ns#
Source: chromecache_72.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_72.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_80.2.dr, chromecache_73.2.dr	String found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
Source: chromecache_80.2.dr, chromecache_73.2.dr	String found in binary or memory: http://www.inkscape.org/)
Source: chromecache_80.2.dr, chromecache_73.2.dr	String found in binary or memory: http://www.inkscape.org/namespaces/inkscape
Source: chromecache_84.2.dr, chromecache_70.2.dr	String found in binary or memory: https://6481f63faf008522217341.cotradifyu.workers.dev/checkDomain
Source: chromecache_86.2.dr, chromecache_78.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz0dL_nz.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz4dL_nz.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEz8dL_nz.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzAdLw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzMdL_nz.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzQdL_nz.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOiCnqEu92Fr1Mu51QrEzwdL_nz.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc-CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc0CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc1CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc2CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc3CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc5CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc-CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc0CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc1CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc2CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc3CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc5CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic-CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic0CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic1CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic2CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic3CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic5CsTKlA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxEIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxFIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxGIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxHIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxIIzI.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxLIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1MmgVxMIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xEIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xFIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xGIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xHIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xIIzI.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xLIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xMIzIFKw.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_81.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_84.2.dr, chromecache_70.2.dr	String found in binary or memory: https://ipapi.co/json/
Source: chromecache_84.2.dr, chromecache_70.2.dr	String found in binary or memory: https://locate.ipinit.workers.dev/
Source: chromecache_84.2.dr, chromecache_70.2.dr	String found in binary or memory: https://onedrive.live.com/?authkey=%21AP4dQQ7hoSgcKIBIw%26cid=28E9EC3AAC12FF13%26id=28E9EC3AAC12FF13

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49722 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@16/40@14/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1892,i,6036370957135810089,8913089425095281939,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sharefile8.pages.dev/uycae7qdtivz"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1892,i,6036370957135810089,8913089425095281939,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://sharefile8.pages.dev/uycae7qdtivz	100%	Avira URL Cloud	phishing
https://sharefile8.pages.dev/uycae7qdtivz	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label
http://fontawesome.io	0%	URL Reputation	safe
http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd	0%	URL Reputation	safe
http://creativecommons.org/ns#	0%	URL Reputation	safe
http://fontawesome.io/license	0%	URL Reputation	safe
https://6481f63faf008522217341.cotradifyu.workers.dev/checkDomain	0%	Avira URL Cloud	safe
https://onedrive.live.com/?authkey=%21AP4dQQ7hoSgcKIBIw%26cid=28E9EC3AAC12FF13%26id=28E9EC3AAC12FF13	0%	Avira URL Cloud	safe
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css	0%	Avira URL Cloud	safe
https://ipapi.co/json/	0%	Avira URL Cloud	safe
http://www.inkscape.org/)	0%	Avira URL Cloud	safe
https://locate.ipinit.workers.dev/	0%	Avira URL Cloud	safe
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5	0%	Avira URL Cloud	safe
http://www.inkscape.org/namespaces/inkscape	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
ipapi.co	104.26.9.44	true	false	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false	unknown
www.google.com	142.250.184.228	true	false	unknown
sharefile8.pages.dev	188.114.96.3	true	true	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
cdn.jsdelivr.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css	false	Avira URL Cloud: safe	unknown
https://sharefile8.pages.dev/uycae7qdtivz	true		unknown
https://ipapi.co/json/	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://fontawesome.io	chromecache_72.2.dr	false	URL Reputation: safe	unknown
http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd	chromecache_80.2.dr, chromecache_73.2.dr	false	URL Reputation: safe	unknown
https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5	chromecache_86.2.dr, chromecache_78.2.dr	false	Avira URL Cloud: safe	unknown
https://6481f63faf008522217341.cotradifyu.workers.dev/checkDomain	chromecache_84.2.dr, chromecache_70.2.dr	false	Avira URL Cloud: safe	unknown
http://www.inkscape.org/)	chromecache_80.2.dr, chromecache_73.2.dr	false	Avira URL Cloud: safe	unknown
https://locate.ipinit.workers.dev/	chromecache_84.2.dr, chromecache_70.2.dr	false	Avira URL Cloud: safe	unknown
https://onedrive.live.com/?authkey=%21AP4dQQ7hoSgcKIBIw%26cid=28E9EC3AAC12FF13%26id=28E9EC3AAC12FF13	chromecache_84.2.dr, chromecache_70.2.dr	false	Avira URL Cloud: safe	unknown
http://www.inkscape.org/namespaces/inkscape	chromecache_80.2.dr, chromecache_73.2.dr	false	Avira URL Cloud: safe	unknown
http://creativecommons.org/ns#	chromecache_80.2.dr, chromecache_73.2.dr	false	URL Reputation: safe	unknown
http://fontawesome.io/license	chromecache_72.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.8.44	unknown	United States	13335	CLOUDFLARENETUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.26.9.44	ipapi.co	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.96.3	sharefile8.pages.dev	European Union	13335	CLOUDFLARENETUS	true
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8
192.168.2.7
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1502067
Start date and time:	2024-08-31 00:39:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 28s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://sharefile8.pages.dev/uycae7qdtivz
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@16/40@14/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.67, 172.217.16.206, 173.194.76.84, 34.104.35.123, 104.18.186.31, 104.18.187.31, 142.250.186.67, 142.250.184.234, 142.250.181.234, 142.250.74.202, 142.250.185.138, 142.250.186.138, 216.58.212.170, 142.250.186.170, 142.250.185.74, 142.250.185.170, 142.250.185.106, 142.250.186.74, 142.250.185.202, 142.250.185.234, 216.58.212.138, 172.217.16.138, 142.250.186.106, 40.127.169.103, 93.184.221.240, 192.229.221.95, 20.166.126.56, 20.3.187.198, 142.250.185.195
Excluded domains from analysis (whitelisted): cdn.jsdelivr.net.cdn.cloudflare.net, slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, fonts.gstatic.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://sharefile8.pages.dev/uycae7qdtivz

Input	Output
URL: https://sharefile8.pages.dev/uycae7qdtivz?5375c6110b43b8c63925c7a44f8b493fm0hargfw=U2FsdGVkX18uepvwgJcebRxNy6x%2F2mrYK6kwKRX0VMGmct9bu5x7ouOZxKTBFmwLWGoCBxJZg5iEAooAU9%2Ff006M0GbNvuiBFXtk2m1BXLfEqoti7uaErGEX%2FwJ5Sr0zSmEeJaMGDOPMB5UYtXSpgD0KMcD9xxlAoE%2B4 Model: jbxai	{ "brand":["OneDrive"], "contains_trigger_text":true, "prominent_button_name":"Unlock Document", "text_input_field_labels":["Email address"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://sharefile8.pages.dev/uycae7qdtivz?5375c6110b43b8c63925c7a44f8b493fm0hargfw=U2FsdGVkX18uepvwgJcebRxNy6x%2F2mrYK6kwKRX0VMGmct9bu5x7ouOZxKTBFmwLWGoCBxJZg5iEAooAU9%2Ff006M0GbNvuiBFXtk2m1BXLfEqoti7uaErGEX%2FwJ5Sr0zSmEeJaMGDOPMB5UYtXSpgD0KMcD9xxlAoE%2B4 Model: jbxai	{ "phishing_score":8, "brand_name":"OneDrive", "reasons":"The domain'sharefile8.pages.dev' is not a typical domain for a production OneDrive site, and the use of the.dev gTLD is unusual for a production environment. Additionally, the notification message suggests that the document is password-protected or encrypted, which is a common phishing tactic."}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Aug 30 21:40:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9812626632080295
Encrypted:	false
SSDEEP:	48:840dzT7TgHd0idAKZdA1oehwiZUklqeh1y+3:84c7aDyy
MD5:	7B2C554AFBE7F38927D37C8DE2607A43
SHA1:	373646C88B92AA0FDD705950295489F6234CED6C
SHA-256:	998FB351CCE8E9431E37662F902D2315FA8D379335C8044AE0B7B8AAB2171355
SHA-512:	470B6DEEA5FF8C9DF572B2A745E8EA703016CDA7C1E257337EECC517235EC23A1732C29673BFAAD3C462CCC5B32D1FB4AF7B8D9288EEAF2ADF93505340AFC37A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......j.-...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.Y......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............@e......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Source: https://sharefile8.pages.dev/uycae7qdtivz	Avira URL Cloud: detection malicious, Label: phishing
Source: https://sharefile8.pages.dev/uycae7qdtivz	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 31, 2024 00:40:00.597897053 CEST	49671	443	192.168.2.8	204.79.197.203
Aug 31, 2024 00:40:00.957209110 CEST	49677	80	192.168.2.8	192.229.211.108
Aug 31, 2024 00:40:01.269732952 CEST	49673	443	192.168.2.8	23.206.229.226
Aug 31, 2024 00:40:01.597774029 CEST	49672	443	192.168.2.8	23.206.229.226
Aug 31, 2024 00:40:09.042445898 CEST	49676	443	192.168.2.8	52.182.143.211
Aug 31, 2024 00:40:10.024988890 CEST	49709	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:10.025022030 CEST	443	49709	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:10.025079012 CEST	49709	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:10.025489092 CEST	49709	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:10.025504112 CEST	443	49709	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:10.025801897 CEST	49710	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:10.025810957 CEST	443	49710	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:10.025857925 CEST	49710	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:10.026174068 CEST	49710	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:10.026182890 CEST	443	49710	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:10.494398117 CEST	443	49709	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:10.494749069 CEST	49709	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:10.494776011 CEST	443	49709	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:10.495860100 CEST	443	49709	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:10.495914936 CEST	49709	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:10.501864910 CEST	49709	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:10.501967907 CEST	443	49709	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:10.502213001 CEST	49709	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:10.502238989 CEST	443	49709	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:10.518203974 CEST	443	49710	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:10.525485039 CEST	49710	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:10.525510073 CEST	443	49710	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:10.526563883 CEST	443	49710	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:10.526629925 CEST	49710	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:10.535598993 CEST	49710	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:10.535672903 CEST	443	49710	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:10.653805971 CEST	49709	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:10.653949022 CEST	49710	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:10.653959990 CEST	443	49710	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:10.701339006 CEST	49710	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:10.872682095 CEST	49673	443	192.168.2.8	23.206.229.226
Aug 31, 2024 00:40:11.200498104 CEST	49672	443	192.168.2.8	23.206.229.226
Aug 31, 2024 00:40:11.581655025 CEST	49677	80	192.168.2.8	192.229.211.108
Aug 31, 2024 00:40:11.687674999 CEST	443	49709	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:11.687777996 CEST	443	49709	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:11.687884092 CEST	49709	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:11.765027046 CEST	49709	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:11.765115023 CEST	443	49709	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:11.942553043 CEST	49714	443	192.168.2.8	142.250.184.228
Aug 31, 2024 00:40:11.942584991 CEST	443	49714	142.250.184.228	192.168.2.8
Aug 31, 2024 00:40:11.942641020 CEST	49714	443	192.168.2.8	142.250.184.228
Aug 31, 2024 00:40:11.943145037 CEST	49714	443	192.168.2.8	142.250.184.228
Aug 31, 2024 00:40:11.943156958 CEST	443	49714	142.250.184.228	192.168.2.8
Aug 31, 2024 00:40:12.572617054 CEST	443	49714	142.250.184.228	192.168.2.8
Aug 31, 2024 00:40:12.596755981 CEST	49714	443	192.168.2.8	142.250.184.228
Aug 31, 2024 00:40:12.596801996 CEST	443	49714	142.250.184.228	192.168.2.8
Aug 31, 2024 00:40:12.598045111 CEST	443	49714	142.250.184.228	192.168.2.8
Aug 31, 2024 00:40:12.598114967 CEST	49714	443	192.168.2.8	142.250.184.228
Aug 31, 2024 00:40:12.600070000 CEST	49714	443	192.168.2.8	142.250.184.228
Aug 31, 2024 00:40:12.600200891 CEST	443	49714	142.250.184.228	192.168.2.8
Aug 31, 2024 00:40:12.653856039 CEST	49714	443	192.168.2.8	142.250.184.228
Aug 31, 2024 00:40:12.653891087 CEST	443	49714	142.250.184.228	192.168.2.8
Aug 31, 2024 00:40:12.699327946 CEST	49714	443	192.168.2.8	142.250.184.228
Aug 31, 2024 00:40:12.855829954 CEST	49715	443	192.168.2.8	184.28.90.27
Aug 31, 2024 00:40:12.855863094 CEST	443	49715	184.28.90.27	192.168.2.8
Aug 31, 2024 00:40:12.855927944 CEST	49715	443	192.168.2.8	184.28.90.27
Aug 31, 2024 00:40:12.857870102 CEST	49715	443	192.168.2.8	184.28.90.27
Aug 31, 2024 00:40:12.857882977 CEST	443	49715	184.28.90.27	192.168.2.8
Aug 31, 2024 00:40:12.893608093 CEST	443	49703	23.206.229.226	192.168.2.8
Aug 31, 2024 00:40:12.893892050 CEST	49703	443	192.168.2.8	23.206.229.226
Aug 31, 2024 00:40:13.498394966 CEST	443	49715	184.28.90.27	192.168.2.8
Aug 31, 2024 00:40:13.498470068 CEST	49715	443	192.168.2.8	184.28.90.27
Aug 31, 2024 00:40:13.612675905 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:13.612756014 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:13.612816095 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:13.614242077 CEST	49719	443	192.168.2.8	104.26.9.44
Aug 31, 2024 00:40:13.614273071 CEST	443	49719	104.26.9.44	192.168.2.8
Aug 31, 2024 00:40:13.614330053 CEST	49719	443	192.168.2.8	104.26.9.44
Aug 31, 2024 00:40:13.618798018 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:13.618830919 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:13.623362064 CEST	49719	443	192.168.2.8	104.26.9.44
Aug 31, 2024 00:40:13.623383999 CEST	443	49719	104.26.9.44	192.168.2.8
Aug 31, 2024 00:40:13.663707018 CEST	49715	443	192.168.2.8	184.28.90.27
Aug 31, 2024 00:40:13.663738012 CEST	443	49715	184.28.90.27	192.168.2.8
Aug 31, 2024 00:40:13.664129972 CEST	443	49715	184.28.90.27	192.168.2.8
Aug 31, 2024 00:40:13.719446898 CEST	49715	443	192.168.2.8	184.28.90.27
Aug 31, 2024 00:40:14.107760906 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.157053947 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.184035063 CEST	443	49719	104.26.9.44	192.168.2.8
Aug 31, 2024 00:40:14.198021889 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.198048115 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.199294090 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.199366093 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.204101086 CEST	49719	443	192.168.2.8	104.26.9.44
Aug 31, 2024 00:40:14.204112053 CEST	443	49719	104.26.9.44	192.168.2.8
Aug 31, 2024 00:40:14.205316067 CEST	443	49719	104.26.9.44	192.168.2.8
Aug 31, 2024 00:40:14.205391884 CEST	49719	443	192.168.2.8	104.26.9.44
Aug 31, 2024 00:40:14.215827942 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.215996027 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.216025114 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.216453075 CEST	49719	443	192.168.2.8	104.26.9.44
Aug 31, 2024 00:40:14.216578007 CEST	443	49719	104.26.9.44	192.168.2.8
Aug 31, 2024 00:40:14.216588974 CEST	49719	443	192.168.2.8	104.26.9.44
Aug 31, 2024 00:40:14.256522894 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.260500908 CEST	443	49719	104.26.9.44	192.168.2.8
Aug 31, 2024 00:40:14.266644001 CEST	49719	443	192.168.2.8	104.26.9.44
Aug 31, 2024 00:40:14.266659975 CEST	443	49719	104.26.9.44	192.168.2.8
Aug 31, 2024 00:40:14.266690969 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.266710997 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.313515902 CEST	49719	443	192.168.2.8	104.26.9.44
Aug 31, 2024 00:40:14.313520908 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.327986956 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.328039885 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.328073025 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.328107119 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.328119993 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.328140020 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.328152895 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.328159094 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.328260899 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.328275919 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.328547001 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.328586102 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.328596115 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.328613043 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.328686953 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.334397078 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.376602888 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.376631021 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.420479059 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.420528889 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.420553923 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.420559883 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.420594931 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.420615911 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.420953035 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.420988083 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.420988083 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.421000957 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.421061993 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.421071053 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.421880960 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.421926022 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.421963930 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.421974897 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.422007084 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.422960997 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.423002005 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.423033953 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.423044920 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.423054934 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.423085928 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.423778057 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.423823118 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.423872948 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.423882008 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.423928976 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.423969984 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.437954903 CEST	49715	443	192.168.2.8	184.28.90.27
Aug 31, 2024 00:40:14.439739943 CEST	443	49719	104.26.9.44	192.168.2.8
Aug 31, 2024 00:40:14.439840078 CEST	443	49719	104.26.9.44	192.168.2.8
Aug 31, 2024 00:40:14.439896107 CEST	49719	443	192.168.2.8	104.26.9.44
Aug 31, 2024 00:40:14.484498978 CEST	443	49715	184.28.90.27	192.168.2.8
Aug 31, 2024 00:40:14.492960930 CEST	49719	443	192.168.2.8	104.26.9.44
Aug 31, 2024 00:40:14.492985010 CEST	443	49719	104.26.9.44	192.168.2.8
Aug 31, 2024 00:40:14.506975889 CEST	49717	443	192.168.2.8	104.17.24.14
Aug 31, 2024 00:40:14.507018089 CEST	443	49717	104.17.24.14	192.168.2.8
Aug 31, 2024 00:40:14.524178982 CEST	49720	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:14.524240017 CEST	443	49720	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:14.524329901 CEST	49720	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:14.533782959 CEST	49720	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:14.533808947 CEST	443	49720	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:14.548700094 CEST	49710	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:14.548840046 CEST	443	49710	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:14.625011921 CEST	443	49715	184.28.90.27	192.168.2.8
Aug 31, 2024 00:40:14.625088930 CEST	443	49715	184.28.90.27	192.168.2.8
Aug 31, 2024 00:40:14.625138998 CEST	49715	443	192.168.2.8	184.28.90.27
Aug 31, 2024 00:40:14.627891064 CEST	49715	443	192.168.2.8	184.28.90.27
Aug 31, 2024 00:40:14.627916098 CEST	443	49715	184.28.90.27	192.168.2.8
Aug 31, 2024 00:40:14.694693089 CEST	49722	443	192.168.2.8	184.28.90.27
Aug 31, 2024 00:40:14.694740057 CEST	443	49722	184.28.90.27	192.168.2.8
Aug 31, 2024 00:40:14.694792032 CEST	49722	443	192.168.2.8	184.28.90.27
Aug 31, 2024 00:40:14.695444107 CEST	49722	443	192.168.2.8	184.28.90.27
Aug 31, 2024 00:40:14.695463896 CEST	443	49722	184.28.90.27	192.168.2.8
Aug 31, 2024 00:40:14.712272882 CEST	443	49710	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:14.712383032 CEST	443	49710	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:14.712429047 CEST	49710	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:14.715183020 CEST	49710	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:14.715204000 CEST	443	49710	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:15.012959003 CEST	443	49720	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:15.013437986 CEST	49720	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:15.013459921 CEST	443	49720	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:15.013859034 CEST	443	49720	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:15.014452934 CEST	49720	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:15.014549017 CEST	443	49720	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:15.099148035 CEST	49720	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:15.383486986 CEST	443	49722	184.28.90.27	192.168.2.8
Aug 31, 2024 00:40:15.383538008 CEST	49722	443	192.168.2.8	184.28.90.27
Aug 31, 2024 00:40:15.507560015 CEST	49722	443	192.168.2.8	184.28.90.27
Aug 31, 2024 00:40:15.507591009 CEST	443	49722	184.28.90.27	192.168.2.8
Aug 31, 2024 00:40:15.507909060 CEST	443	49722	184.28.90.27	192.168.2.8
Aug 31, 2024 00:40:15.511064053 CEST	49722	443	192.168.2.8	184.28.90.27
Aug 31, 2024 00:40:15.554440975 CEST	49730	443	192.168.2.8	104.26.8.44
Aug 31, 2024 00:40:15.554469109 CEST	443	49730	104.26.8.44	192.168.2.8
Aug 31, 2024 00:40:15.554603100 CEST	49730	443	192.168.2.8	104.26.8.44
Aug 31, 2024 00:40:15.555119991 CEST	49730	443	192.168.2.8	104.26.8.44
Aug 31, 2024 00:40:15.555133104 CEST	443	49730	104.26.8.44	192.168.2.8
Aug 31, 2024 00:40:15.556500912 CEST	443	49722	184.28.90.27	192.168.2.8
Aug 31, 2024 00:40:15.696420908 CEST	443	49722	184.28.90.27	192.168.2.8
Aug 31, 2024 00:40:15.696500063 CEST	443	49722	184.28.90.27	192.168.2.8
Aug 31, 2024 00:40:15.696763992 CEST	49722	443	192.168.2.8	184.28.90.27
Aug 31, 2024 00:40:15.709171057 CEST	49722	443	192.168.2.8	184.28.90.27
Aug 31, 2024 00:40:15.709217072 CEST	443	49722	184.28.90.27	192.168.2.8
Aug 31, 2024 00:40:15.709238052 CEST	49722	443	192.168.2.8	184.28.90.27
Aug 31, 2024 00:40:15.709245920 CEST	443	49722	184.28.90.27	192.168.2.8
Aug 31, 2024 00:40:16.102592945 CEST	443	49730	104.26.8.44	192.168.2.8
Aug 31, 2024 00:40:16.112809896 CEST	49730	443	192.168.2.8	104.26.8.44
Aug 31, 2024 00:40:16.112823963 CEST	443	49730	104.26.8.44	192.168.2.8
Aug 31, 2024 00:40:16.114089012 CEST	443	49730	104.26.8.44	192.168.2.8
Aug 31, 2024 00:40:16.114181042 CEST	49730	443	192.168.2.8	104.26.8.44
Aug 31, 2024 00:40:16.114976883 CEST	49730	443	192.168.2.8	104.26.8.44
Aug 31, 2024 00:40:16.115080118 CEST	443	49730	104.26.8.44	192.168.2.8
Aug 31, 2024 00:40:16.115367889 CEST	49730	443	192.168.2.8	104.26.8.44
Aug 31, 2024 00:40:16.115375042 CEST	443	49730	104.26.8.44	192.168.2.8
Aug 31, 2024 00:40:16.196084976 CEST	49730	443	192.168.2.8	104.26.8.44
Aug 31, 2024 00:40:16.326550007 CEST	443	49730	104.26.8.44	192.168.2.8
Aug 31, 2024 00:40:16.326689959 CEST	443	49730	104.26.8.44	192.168.2.8
Aug 31, 2024 00:40:16.326802015 CEST	49730	443	192.168.2.8	104.26.8.44
Aug 31, 2024 00:40:17.086971045 CEST	49730	443	192.168.2.8	104.26.8.44
Aug 31, 2024 00:40:17.086998940 CEST	443	49730	104.26.8.44	192.168.2.8
Aug 31, 2024 00:40:22.478018999 CEST	443	49714	142.250.184.228	192.168.2.8
Aug 31, 2024 00:40:22.478089094 CEST	443	49714	142.250.184.228	192.168.2.8
Aug 31, 2024 00:40:22.478432894 CEST	49714	443	192.168.2.8	142.250.184.228
Aug 31, 2024 00:40:22.564091921 CEST	49714	443	192.168.2.8	142.250.184.228
Aug 31, 2024 00:40:22.564110994 CEST	443	49714	142.250.184.228	192.168.2.8
Aug 31, 2024 00:40:29.917455912 CEST	443	49720	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:29.917530060 CEST	443	49720	188.114.96.3	192.168.2.8
Aug 31, 2024 00:40:29.917685032 CEST	49720	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:30.452083111 CEST	49720	443	192.168.2.8	188.114.96.3
Aug 31, 2024 00:40:30.452107906 CEST	443	49720	188.114.96.3	192.168.2.8
Aug 31, 2024 00:41:11.984882116 CEST	49745	443	192.168.2.8	142.250.184.228
Aug 31, 2024 00:41:11.984935999 CEST	443	49745	142.250.184.228	192.168.2.8
Aug 31, 2024 00:41:11.985229969 CEST	49745	443	192.168.2.8	142.250.184.228
Aug 31, 2024 00:41:11.985229969 CEST	49745	443	192.168.2.8	142.250.184.228
Aug 31, 2024 00:41:11.985269070 CEST	443	49745	142.250.184.228	192.168.2.8
Aug 31, 2024 00:41:12.629730940 CEST	443	49745	142.250.184.228	192.168.2.8
Aug 31, 2024 00:41:12.632020950 CEST	49745	443	192.168.2.8	142.250.184.228
Aug 31, 2024 00:41:12.632050037 CEST	443	49745	142.250.184.228	192.168.2.8
Aug 31, 2024 00:41:12.632559061 CEST	443	49745	142.250.184.228	192.168.2.8
Aug 31, 2024 00:41:12.633955956 CEST	49745	443	192.168.2.8	142.250.184.228
Aug 31, 2024 00:41:12.634099960 CEST	443	49745	142.250.184.228	192.168.2.8
Aug 31, 2024 00:41:12.683757067 CEST	49745	443	192.168.2.8	142.250.184.228
Aug 31, 2024 00:41:22.534512997 CEST	443	49745	142.250.184.228	192.168.2.8
Aug 31, 2024 00:41:22.534586906 CEST	443	49745	142.250.184.228	192.168.2.8
Aug 31, 2024 00:41:22.534645081 CEST	49745	443	192.168.2.8	142.250.184.228
Aug 31, 2024 00:41:24.455524921 CEST	49745	443	192.168.2.8	142.250.184.228
Aug 31, 2024 00:41:24.455550909 CEST	443	49745	142.250.184.228	192.168.2.8

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 31, 2024 00:40:08.054800987 CEST	53	59466	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:08.059420109 CEST	53	61937	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:09.912625074 CEST	58971	53	192.168.2.8	1.1.1.1
Aug 31, 2024 00:40:09.912786007 CEST	58109	53	192.168.2.8	1.1.1.1
Aug 31, 2024 00:40:10.022866964 CEST	53	58971	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:10.024398088 CEST	53	58109	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:10.080409050 CEST	53	61840	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:11.877278090 CEST	57765	53	192.168.2.8	1.1.1.1
Aug 31, 2024 00:40:11.877824068 CEST	56189	53	192.168.2.8	1.1.1.1
Aug 31, 2024 00:40:11.885010958 CEST	53	56189	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:11.934011936 CEST	56882	53	192.168.2.8	1.1.1.1
Aug 31, 2024 00:40:11.934693098 CEST	63922	53	192.168.2.8	1.1.1.1
Aug 31, 2024 00:40:11.940855026 CEST	53	56882	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:11.941199064 CEST	53	63922	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:13.538496971 CEST	53	57991	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:13.573019028 CEST	57866	53	192.168.2.8	1.1.1.1
Aug 31, 2024 00:40:13.573534966 CEST	56514	53	192.168.2.8	1.1.1.1
Aug 31, 2024 00:40:13.577886105 CEST	50650	53	192.168.2.8	1.1.1.1
Aug 31, 2024 00:40:13.578388929 CEST	54363	53	192.168.2.8	1.1.1.1
Aug 31, 2024 00:40:13.581320047 CEST	53	57866	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:13.582534075 CEST	53	56514	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:13.585684061 CEST	53	50650	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:13.585824966 CEST	53	53620	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:13.586515903 CEST	53	54363	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:15.500143051 CEST	53	63699	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:15.542078018 CEST	58075	53	192.168.2.8	1.1.1.1
Aug 31, 2024 00:40:15.542257071 CEST	52804	53	192.168.2.8	1.1.1.1
Aug 31, 2024 00:40:15.546055079 CEST	59506	53	192.168.2.8	1.1.1.1
Aug 31, 2024 00:40:15.546773911 CEST	51335	53	192.168.2.8	1.1.1.1
Aug 31, 2024 00:40:15.549360037 CEST	53	52804	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:15.552843094 CEST	53	59506	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:15.553839922 CEST	53	51335	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:27.275160074 CEST	53	64963	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:46.478801966 CEST	53	57225	1.1.1.1	192.168.2.8
Aug 31, 2024 00:40:49.751749992 CEST	138	138	192.168.2.8	192.168.2.255
Aug 31, 2024 00:41:07.531003952 CEST	53	60053	1.1.1.1	192.168.2.8
Aug 31, 2024 00:41:09.519695997 CEST	53	51150	1.1.1.1	192.168.2.8

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:40:10 UTC	675	OUT	GET /uycae7qdtivz HTTP/1.1 Host: sharefile8.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-30 22:40:11 UTC	726	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 22:40:10 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nOgI65Yz8UH1V8YbimH4K8%2Fr0iFnM3KDRAfASR%2FSiAXNYmDf9bSwQJGnEzOqkESIoFgJlx93n%2BkR7D7wNvNngEtVwpD9yf0a6ErZP50KN%2F9igQokvwxbyAlQiNZOwePmC5i8M7gQsQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb847f20a007d24-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 22:40:11 UTC	523	IN	Data Raw: 32 30 34 0d 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 67 68 2f 75 69 68 6b 64 73 6c 69 6a 73 6a 64 2f 63 61 70 74 69 76 61 74 69 6e 67 2d 61 70 70 2d 6c 79 6f 75 62 67 73 35 40 69 6e 74 65 72 6e 61 6c 2d 32 30 32 34 2d 30 37 2d 31 36 2d 32 30 2d 30 32 2d 35 38 2f 31 33 39 61 38 63 64 32 2d 64 31 30 63 2d 34 33 33 36 2d 62 61 30 34 2d 33 66 31 63 35 33 62 61 38 63 62 36 2e 6a 73 3f 68 61 73 68 3d 36 62 30 36 64 62 39 34 33 66 30 38 31 65 62 65 65 36 38 39 66 33 37 36 63 38 62 32 33 31 64 31 26 45 44 6c 46 68 36 53 4f 42 Data Ascii: 204<html> <head><title></title></head> <body> <script src="https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/139a8cd2-d10c-4336-ba04-3f1c53ba8cb6.js?hash=6b06db943f081ebee689f376c8b231d1&EDlFh6SOB
2024-08-30 22:40:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:40:14 UTC	622	OUT	GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://sharefile8.pages.dev sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://sharefile8.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-30 22:40:14 UTC	946	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 22:40:14 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03e5f-9226" Last-Modified: Mon, 04 May 2020 16:10:07 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 787744 Expires: Wed, 20 Aug 2025 22:40:14 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=whIPSGGpoV6fdHDOV%2BikMJp1%2BiPnMY%2BiLEOzqTe8W9FS%2FoBGK1f3if8GITppWVrZp0oDmVRNBLlpyaJehOblNpaMRNf3Z64FwuvGIFgWJ5oamdD9vI0Fq8kFLq9goOVmMi7419Yv"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 8bb848092b0642ad-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 22:40:14 UTC	423	IN	Data Raw: 37 62 66 37 0d 0a 2f 2a 21 0a 20 2a 20 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 34 2e 37 2e 30 20 62 79 20 40 64 61 76 65 67 61 6e 64 79 20 2d 20 68 74 74 70 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 69 6f 20 2d 20 40 66 6f 6e 74 61 77 65 73 6f 6d 65 0a 20 2a 20 20 4c 69 63 65 6e 73 65 20 2d 20 68 74 74 70 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 69 6f 2f 6c 69 63 65 6e 73 65 20 28 46 6f 6e 74 3a 20 53 49 4c 20 4f 46 4c 20 31 2e 31 2c 20 43 53 53 3a 20 4d 49 54 20 4c 69 63 65 6e 73 65 29 0a 20 2a 2f 0a 2f 2a 20 46 4f 4e 54 20 50 41 54 48 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 46 6f 6e 74 41 77 65 73 Data Ascii: 7bf7/! Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License) // FONT PATH * -------------------------- */@font-face { font-family: 'FontAwes
2024-08-30 22:40:14 UTC	1369	IN	Data Raw: 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 77 6f 66 66 32 3f 76 3d 34 2e 37 2e 30 27 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 2c 20 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 77 6f 66 66 3f 76 3d 34 2e 37 2e 30 27 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 27 29 2c 20 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 74 74 66 3f 76 3d 34 2e 37 2e 30 27 29 20 66 6f 72 6d 61 74 28 27 74 72 75 65 74 79 70 65 27 29 2c 20 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 73 76 67 3f 76 3d 34 2e 37 2e 30 23 66 6f 6e 74 61 77 65 73 6f 6d 65 72 65 67 75 6c 61 72 27 29 20 66 6f 72 Data Ascii: ontawesome-webfont.woff2?v=4.7.0') format('woff2'), url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'), url('../fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'), url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') for
2024-08-30 22:40:14 UTC	1369	IN	Data Raw: 33 65 6d 3b 0a 7d 0a 2f 2a 20 44 65 70 72 65 63 61 74 65 64 20 61 73 20 6f 66 20 34 2e 34 2e 30 20 2a 2f 0a 2e 70 75 6c 6c 2d 72 69 67 68 74 20 7b 0a 20 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 0a 7d 0a 2e 70 75 6c 6c 2d 6c 65 66 74 20 7b 0a 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 7d 0a 2e 66 61 2e 70 75 6c 6c 2d 6c 65 66 74 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 2e 33 65 6d 3b 0a 7d 0a 2e 66 61 2e 70 75 6c 6c 2d 72 69 67 68 74 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2e 33 65 6d 3b 0a 7d 0a 2e 66 61 2d 73 70 69 6e 20 7b 0a 20 20 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 20 66 61 2d 73 70 69 6e 20 32 73 20 69 6e 66 69 6e 69 74 65 20 6c 69 6e 65 61 72 3b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 66 61 2d 73 Data Ascii: 3em;}/* Deprecated as of 4.4.0 */.pull-right { float: right;}.pull-left { float: left;}.fa.pull-left { margin-right: .3em;}.fa.pull-right { margin-left: .3em;}.fa-spin { -webkit-animation: fa-spin 2s infinite linear; animation: fa-s
2024-08-30 22:40:14 UTC	1369	IN	Data Raw: 3a 20 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 61 73 69 63 49 6d 61 67 65 28 72 6f 74 61 74 69 6f 6e 3d 30 2c 20 6d 69 72 72 6f 72 3d 31 29 22 3b 0a 20 20 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 2d 31 2c 20 31 29 3b 0a 20 20 2d 6d 73 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 2d 31 2c 20 31 29 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 2d 31 2c 20 31 29 3b 0a 7d 0a 2e 66 61 2d 66 6c 69 70 2d 76 65 72 74 69 63 61 6c 20 7b 0a 20 20 2d 6d 73 2d 66 69 6c 74 65 72 3a 20 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 61 73 69 63 49 6d 61 67 65 28 72 6f 74 61 74 69 6f 6e Data Ascii: : "progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)"; -webkit-transform: scale(-1, 1); -ms-transform: scale(-1, 1); transform: scale(-1, 1);}.fa-flip-vertical { -ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation
2024-08-30 22:40:14 UTC	1369	IN	Data Raw: 68 2d 6c 61 72 67 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 39 22 3b 0a 7d 0a 2e 66 61 2d 74 68 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 61 22 3b 0a 7d 0a 2e 66 61 2d 74 68 2d 6c 69 73 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 62 22 3b 0a 7d 0a 2e 66 61 2d 63 68 65 63 6b 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 63 22 3b 0a 7d 0a 2e 66 61 2d 72 65 6d 6f 76 65 3a 62 65 66 6f 72 65 2c 0a 2e 66 61 2d 63 6c 6f 73 65 3a 62 65 66 6f 72 65 2c 0a 2e 66 61 2d 74 69 6d 65 73 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 64 22 3b 0a 7d 0a 2e 66 61 2d 73 65 61 72 63 68 2d 70 6c 75 73 3a Data Ascii: h-large:before { content: "\f009";}.fa-th:before { content: "\f00a";}.fa-th-list:before { content: "\f00b";}.fa-check:before { content: "\f00c";}.fa-remove:before,.fa-close:before,.fa-times:before { content: "\f00d";}.fa-search-plus:
2024-08-30 22:40:14 UTC	1369	IN	Data Raw: 6e 74 65 6e 74 3a 20 22 5c 66 30 32 39 22 3b 0a 7d 0a 2e 66 61 2d 62 61 72 63 6f 64 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 61 22 3b 0a 7d 0a 2e 66 61 2d 74 61 67 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 62 22 3b 0a 7d 0a 2e 66 61 2d 74 61 67 73 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 63 22 3b 0a 7d 0a 2e 66 61 2d 62 6f 6f 6b 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 64 22 3b 0a 7d 0a 2e 66 61 2d 62 6f 6f 6b 6d 61 72 6b 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 65 22 3b 0a 7d 0a 2e 66 61 2d 70 72 69 6e 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 Data Ascii: ntent: "\f029";}.fa-barcode:before { content: "\f02a";}.fa-tag:before { content: "\f02b";}.fa-tags:before { content: "\f02c";}.fa-book:before { content: "\f02d";}.fa-bookmark:before { content: "\f02e";}.fa-print:before { content: "
2024-08-30 22:40:14 UTC	1369	IN	Data Raw: 73 74 65 70 2d 62 61 63 6b 77 61 72 64 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 38 22 3b 0a 7d 0a 2e 66 61 2d 66 61 73 74 2d 62 61 63 6b 77 61 72 64 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 39 22 3b 0a 7d 0a 2e 66 61 2d 62 61 63 6b 77 61 72 64 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 61 22 3b 0a 7d 0a 2e 66 61 2d 70 6c 61 79 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 62 22 3b 0a 7d 0a 2e 66 61 2d 70 61 75 73 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 63 22 3b 0a 7d 0a 2e 66 61 2d 73 74 6f 70 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 64 22 Data Ascii: step-backward:before { content: "\f048";}.fa-fast-backward:before { content: "\f049";}.fa-backward:before { content: "\f04a";}.fa-play:before { content: "\f04b";}.fa-pause:before { content: "\f04c";}.fa-stop:before { content: "\f04d"
2024-08-30 22:40:14 UTC	1369	IN	Data Raw: 65 6e 74 3a 20 22 5c 66 30 36 37 22 3b 0a 7d 0a 2e 66 61 2d 6d 69 6e 75 73 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 38 22 3b 0a 7d 0a 2e 66 61 2d 61 73 74 65 72 69 73 6b 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 39 22 3b 0a 7d 0a 2e 66 61 2d 65 78 63 6c 61 6d 61 74 69 6f 6e 2d 63 69 72 63 6c 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 61 22 3b 0a 7d 0a 2e 66 61 2d 67 69 66 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 62 22 3b 0a 7d 0a 2e 66 61 2d 6c 65 61 66 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 63 22 3b 0a 7d 0a 2e 66 61 2d 66 69 72 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 Data Ascii: ent: "\f067";}.fa-minus:before { content: "\f068";}.fa-asterisk:before { content: "\f069";}.fa-exclamation-circle:before { content: "\f06a";}.fa-gift:before { content: "\f06b";}.fa-leaf:before { content: "\f06c";}.fa-fire:before {
2024-08-30 22:40:14 UTC	1369	IN	Data Raw: 2e 66 61 2d 74 68 75 6d 62 73 2d 6f 2d 75 70 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 37 22 3b 0a 7d 0a 2e 66 61 2d 74 68 75 6d 62 73 2d 6f 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 38 22 3b 0a 7d 0a 2e 66 61 2d 73 74 61 72 2d 68 61 6c 66 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 39 22 3b 0a 7d 0a 2e 66 61 2d 68 65 61 72 74 2d 6f 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 61 22 3b 0a 7d 0a 2e 66 61 2d 73 69 67 6e 2d 6f 75 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 62 22 3b 0a 7d 0a 2e 66 61 2d 6c 69 6e 6b 65 64 69 6e 2d 73 71 75 61 72 65 3a 62 65 66 6f 72 65 20 Data Ascii: .fa-thumbs-o-up:before { content: "\f087";}.fa-thumbs-o-down:before { content: "\f088";}.fa-star-half:before { content: "\f089";}.fa-heart-o:before { content: "\f08a";}.fa-sign-out:before { content: "\f08b";}.fa-linkedin-square:before
2024-08-30 22:40:14 UTC	1369	IN	Data Raw: 20 22 5c 66 30 61 36 22 3b 0a 7d 0a 2e 66 61 2d 68 61 6e 64 2d 6f 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 61 37 22 3b 0a 7d 0a 2e 66 61 2d 61 72 72 6f 77 2d 63 69 72 63 6c 65 2d 6c 65 66 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 61 38 22 3b 0a 7d 0a 2e 66 61 2d 61 72 72 6f 77 2d 63 69 72 63 6c 65 2d 72 69 67 68 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 61 39 22 3b 0a 7d 0a 2e 66 61 2d 61 72 72 6f 77 2d 63 69 72 63 6c 65 2d 75 70 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 61 61 22 3b 0a 7d 0a 2e 66 61 2d 61 72 72 6f 77 2d 63 69 72 63 6c 65 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 Data Ascii: "\f0a6";}.fa-hand-o-down:before { content: "\f0a7";}.fa-arrow-circle-left:before { content: "\f0a8";}.fa-arrow-circle-right:before { content: "\f0a9";}.fa-arrow-circle-up:before { content: "\f0aa";}.fa-arrow-circle-down:before { conte

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:40:14 UTC	551	OUT	GET /json/ HTTP/1.1 Host: ipapi.co Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://sharefile8.pages.dev Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://sharefile8.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-30 22:40:14 UTC	765	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 22:40:14 GMT Content-Type: application/json Content-Length: 763 Connection: close Allow: HEAD, GET, OPTIONS, OPTIONS, POST X-Frame-Options: DENY Vary: Host, origin access-control-allow-origin: https://sharefile8.pages.dev X-Content-Type-Options: nosniff Referrer-Policy: same-origin Cross-Origin-Opener-Policy: same-origin CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tp5TwFDDaiOVhCqX%2FBlg%2F50qMmcCp1RrYxcdHrHIsW4h2O4dbmNoT1HeAZ4hdYV6kGIhupr5orEQgWWzoLi79ce3x3%2Fp6FsbVNr7ln1pkW%2FUODD2xjRXFjdf"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb848092c7941bb-EWR
2024-08-30 22:40:14 UTC	604	IN	Data Raw: 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 30 2f 32 34 22 2c 0a 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 22 49 50 76 34 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 5f 63 6f 64 65 22 3a 20 22 4e 59 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 6e 61 6d 65 22 3a 20 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 63 6f 75 6e Data Ascii: { "ip": "8.46.123.33", "network": "8.46.123.0/24", "version": "IPv4", "city": "New York City", "region": "New York", "region_code": "NY", "country": "US", "country_name": "United States", "country_code": "US", "coun
2024-08-30 22:40:14 UTC	159	IN	Data Raw: 22 44 6f 6c 6c 61 72 22 2c 0a 20 20 20 20 22 6c 61 6e 67 75 61 67 65 73 22 3a 20 22 65 6e 2d 55 53 2c 65 73 2d 55 53 2c 68 61 77 2c 66 72 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 61 72 65 61 22 3a 20 39 36 32 39 30 39 31 2e 30 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 70 6f 70 75 6c 61 74 69 6f 6e 22 3a 20 33 32 37 31 36 37 34 33 34 2c 0a 20 20 20 20 22 61 73 6e 22 3a 20 22 41 53 33 33 35 36 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 4c 45 56 45 4c 33 22 0a 7d Data Ascii: "Dollar", "languages": "en-US,es-US,haw,fr", "country_area": 9629091.0, "country_population": 327167434, "asn": "AS3356", "org": "LEVEL3"}

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:40:14 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-30 22:40:14 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=39399 Date: Fri, 30 Aug 2024 22:40:14 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:40:14 UTC	4798	OUT	GET /uycae7qdtivz?5375c6110b43b8c63925c7a44f8b493fm0hargfw=U2FsdGVkX18uepvwgJcebRxNy6x%2F2mrYK6kwKRX0VMGmct9bu5x7ouOZxKTBFmwLWGoCBxJZg5iEAooAU9%2Ff006M0GbNvuiBFXtk2m1BXLfEqoti7uaErGEX%2FwJ5Sr0zSmEeJaMGDOPMB5UYtXSpgD0KMcD9xxlAoE%2B49Ec2RVffl70fCvRno2S%2FT%2BSmQh2CmTVQ1me6IpVVjXolgEwt1R5ttwmZClp8FYxbVaQGh7Lm4W02ZLeecIh0E1rhCEb9SI3WwJ2%2BtCpg%2BeGyG5%2FclSTglokwv%2Bu%2BqNDnICnCcbtyqrvBQGWuH1Hfd6bm9fbEuAkDxLqcq5Mk7%2FOzgiWAVS3%2FlJ%2FmqYpAqSAE4tObtYkq646mpwONs%2F%2BjbVKf3f9tTX83ZgDoz2rNU7rV4x2n2HHtEraVcwjeldFPk0F%2B0og3f2L%2B1ohFDzN39mLTJHMbaLLI3AKWn20Xpz2D%2Fb2jNJlR6tkKh7K3WdSJjUVdD7fkHf%2BBWUuzTS4wJsG3P6b%2Fxp9Oo32we9%2FwYUNjPVxg%2BZOOP%2FnfOKt1z4gFDhFyH78KlQomi0SwF8KQvfScrKLg33ML7hFyUGjdPhiSDW90HwiEIFr%2BLbfmjgoS9oJuv2x1DfaLVde24%2Fw2lN9Uj6E3FhN36kxoBqVLCZwEvhWaZchAJYzZFBCSrACAIF1PKRtuROPwF5Ds%2BuZhpSZQbVmy7co7PxS3I7o4LM5qQq5%2F73%2F8Ov21T7DSc3BGXEA5uzkNtnqG1VWXxLMkIXmHI4SPwcSrReca4JQyKHTZTFmreTYJEpbNyUThaKKo361OYs5nlH1RPWLFfCWMl53XCS0QRm%2Fq93LxlaUuTLZpdsY8kaBIS7BTAm7NN%2FAEXyoLb0S9N3EPxYOxmTgQ0BIJcw1yotviHF4 [TRUNCATED] Host: sharefile8.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://sharefile8.pages.dev/uycae7qdtivz?5375c6110b43b8c63925c7a44f8b493fm0hargfw=U2FsdGVkX18uepvwgJcebRxNy6x%2F2mrYK6kwKRX0VMGmct9bu5x7ouOZxKTBFmwLWGoCBxJZg5iEAooAU9%2Ff006M0GbNvuiBFXtk2m1BXLfEqoti7uaErGEX%2FwJ5Sr0zSmEeJaMGDOPMB5UYtXSpgD0KMcD9xxlAoE%2B49Ec2RVffl70fCvRno2S%2FT%2BSmQh2CmTVQ1me6IpVVjXolgEwt1R5ttwmZClp8FYxbVaQGh7Lm4W02ZLeecIh0E1rhCEb9SI3WwJ2%2BtCpg%2BeGyG5%2FclSTglokwv%2Bu%2BqNDnICnCcbtyqrvBQGWuH1Hfd6bm9fbEuAkDxLqcq5Mk7%2FOzgiWAVS3%2FlJ%2FmqYpAqSAE4tObtYkq646mpwONs%2F%2BjbVKf3f9tTX83ZgDoz2rNU7rV4x2n2HHtEraVcwjeldFPk0F%2B0og3f2L%2B1ohFDzN39mLTJHMbaLLI3AKWn20Xpz2D%2Fb2jNJlR6tkKh7K3WdSJjUVdD7fkHf%2BBWUuzTS4wJsG3P6b%2Fxp9Oo32we9%2FwYUNjPVxg%2BZOOP%2FnfOKt1z4gFDhFyH78KlQomi0SwF8KQvfScrKLg33ML7hFyUGjdPhiSDW90HwiEIFr%2BLbfmjgoS9oJuv2x1DfaLVde24%2Fw2lN9Uj6E3FhN36kxoBqVLCZwEvhWaZchAJYzZFBCSrACAIF1PKRtuROPwF5Ds%2BuZhpSZQbVmy7co7PxS3I7o4LM5qQq5%2F73%2F8Ov21T7DSc3BGXEA5uzkNtnqG1VWXxLMkIXmHI4SPwcSrReca4JQyKHTZTFmreTYJEpbNyUThaKKo361OYs5nlH1RPWLFfCWMl53XCS0QRm%2Fq93LxlaUuTLZpdsY8kaBIS7BTAm7NN%2FAEXy [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-30 22:40:14 UTC	732	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 22:40:14 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=moimwmMsVMCbjLtmchGoI77np72onxaGM4FHKLKYC3cFFeoyiAbW1y%2ByyO8HUA4RmKS%2F3kUgA%2BXn9EKAdzeqLL9%2F8QtUsaz88WYMYVIRXLLhuX%2FOCfjRJOCQ%2BIBWGVcEkMGJfNR%2B7A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb8480b4971424c-EWR alt-svc: h3=":443"; ma=86400
2024-08-30 22:40:14 UTC	523	IN	Data Raw: 32 30 34 0d 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 67 68 2f 75 69 68 6b 64 73 6c 69 6a 73 6a 64 2f 63 61 70 74 69 76 61 74 69 6e 67 2d 61 70 70 2d 6c 79 6f 75 62 67 73 35 40 69 6e 74 65 72 6e 61 6c 2d 32 30 32 34 2d 30 37 2d 31 36 2d 32 30 2d 30 32 2d 35 38 2f 31 33 39 61 38 63 64 32 2d 64 31 30 63 2d 34 33 33 36 2d 62 61 30 34 2d 33 66 31 63 35 33 62 61 38 63 62 36 2e 6a 73 3f 68 61 73 68 3d 36 62 30 36 64 62 39 34 33 66 30 38 31 65 62 65 65 36 38 39 66 33 37 36 63 38 62 32 33 31 64 31 26 45 44 6c 46 68 36 53 4f 42 Data Ascii: 204<html> <head><title></title></head> <body> <script src="https://cdn.jsdelivr.net/gh/uihkdslijsjd/captivating-app-lyoubgs5@internal-2024-07-16-20-02-58/139a8cd2-d10c-4336-ba04-3f1c53ba8cb6.js?hash=6b06db943f081ebee689f376c8b231d1&EDlFh6SOB
2024-08-30 22:40:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:40:15 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-30 22:40:15 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=39351 Date: Fri, 30 Aug 2024 22:40:15 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-30 22:40:15 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-08-30 22:40:16 UTC	337	OUT	GET /json/ HTTP/1.1 Host: ipapi.co Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-30 22:40:16 UTC	710	IN	HTTP/1.1 200 OK Date: Fri, 30 Aug 2024 22:40:16 GMT Content-Type: application/json Content-Length: 763 Connection: close Allow: OPTIONS, OPTIONS, HEAD, POST, GET X-Frame-Options: DENY Vary: Host, origin X-Content-Type-Options: nosniff Referrer-Policy: same-origin Cross-Origin-Opener-Policy: same-origin CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pFFeRrEvSGHT959pdrUbY9agHSFKXz8g%2Fo9u5v2DpgtGrak5g6RcKFX224YEZ%2BfZJptasDmr5v8sstixQE%2BVqtx%2FYeO%2Fdgnvw5j9BEOcVm%2BULrbfIIbAFdK6"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb8481509ce43ec-EWR
2024-08-30 22:40:16 UTC	659	IN	Data Raw: 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 30 2f 32 34 22 2c 0a 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 22 49 50 76 34 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 5f 63 6f 64 65 22 3a 20 22 4e 59 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 6e 61 6d 65 22 3a 20 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 63 6f 75 6e Data Ascii: { "ip": "8.46.123.33", "network": "8.46.123.0/24", "version": "IPv4", "city": "New York City", "region": "New York", "region_code": "NY", "country": "US", "country_name": "United States", "country_code": "US", "coun
2024-08-30 22:40:16 UTC	104	IN	Data Raw: 6f 75 6e 74 72 79 5f 61 72 65 61 22 3a 20 39 36 32 39 30 39 31 2e 30 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 70 6f 70 75 6c 61 74 69 6f 6e 22 3a 20 33 32 37 31 36 37 34 33 34 2c 0a 20 20 20 20 22 61 73 6e 22 3a 20 22 41 53 33 33 35 36 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 4c 45 56 45 4c 33 22 0a 7d Data Ascii: ountry_area": 9629091.0, "country_population": 327167434, "asn": "AS3356", "org": "LEVEL3"}

Target ID:	0
Start time:	18:40:03
Start date:	30/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	18:40:05
Start date:	30/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1892,i,6036370957135810089,8913089425095281939,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	18:40:08
Start date:	30/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sharefile8.pages.dev/uycae7qdtivz"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://sharefile8.pages.dev/uycae7qdtivz

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Windows Analysis Report
https://sharefile8.pages.dev/uycae7qdtivz