We tried every single URL scan and sandbox system we could to determine if this was malware or not, but now the link is restricted to a company or someone:
https://docs.google.com/spreadsheets/d/1RJ6SABq7Kbn95NS8cp911h-eMhLWxlHwr6csHvBAjM/edit?usp=sharing https://docs.google.com/spreadsheets/d/1RJ6SABq7Kbn95NS8cp911h-eMhLWxlHwr6csHvBAjM/edit
We think we need to go deeper with Hybrid Analysis. But someone might have deleted 7965acf137539490de0abaa2569a2765745957be06e0d5bd6cea395b27b3b036.
CTF{889251e51ef5618e78a72f049554686d3d45828c3ec42d5506991f55e9e0d568}
Used the WaybackMachine to get information about a malware scan report that was deleted from Hybrid Analysis and urlscan.io.
The description is mentioning something about a piece of information that once was on the Internet. However, as a general lesson, once you upload something on the Internet, it becomes almost impossible to remove it and its traces completely.
Therefore, I just went to WaybackMachine (https://web.archive.org/), a place where web pages are saved as snapshots, like a history (people also use this archive to find old/removed webpages, or old versions of existing websites).
Because we are given a SHA-256 hash of a file that might have been uploaded on https://www.hybrid-analysis.com/ (then deleted), I used the original site to figure out the URL format for a sample file. Then I took the given hash and made the complete URL for the WaybackMachine:
From here we can access the report on urlscan.io, which was also saved in the WaybackMachine:
And then apply OCR on the found Screenshot, which contains the flag.