Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://bitl.to/3Y0B

Overview

General Information

Sample URL:https://bitl.to/3Y0B
Analysis ID:1583152

Detection

CAPTCHA Scam ClickFix
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Detect drive by download via clipboard copy & paste
Yara detected CAPTCHA Scam ClickFix
AI detected suspicious Javascript
AI detected suspicious URL
HTML page contains hidden javascript code
Stores files to the Windows start menu directory

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 400 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1952,i,13316206799569637646,8600353952711004994,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6952 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bitl.to/3Y0B" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
SourceRuleDescriptionAuthorStrings
2.4.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security
    2.5.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security
      No Sigma rule has matched
      No Suricata rule has matched

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Source: https://booking.rescomunicationshow.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIJoe Sandbox AI: Score: 9 Reasons: The brand 'Booking.com' is a well-known online travel agency., The legitimate domain for Booking.com is 'booking.com'., The provided URL 'booking.rescomunicationshow.com' does not match the legitimate domain., The URL contains an extra word 'rescomunicationshow', which is suspicious and indicative of phishing., The domain structure suggests an attempt to mimic the legitimate brand by using a similar name. DOM: 2.4.pages.csv
      Source: https://booking.rescomunicationshow.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIJoe Sandbox AI: Score: 9 Reasons: The brand 'Booking.com' is a well-known online travel agency., The legitimate domain for Booking.com is 'booking.com'., The provided URL 'booking.rescomunicationshow.com' does not match the legitimate domain., The URL contains an extra word 'rescomunicationshow', which is suspicious and indicative of phishing., The domain structure suggests an attempt to mimic the legitimate brand by using a similar name. DOM: 2.5.pages.csv
      Source: Yara matchFile source: 2.4.pages.csv, type: HTML
      Source: Yara matchFile source: 2.5.pages.csv, type: HTML
      Source: 0.18.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://booking.rescomunicationshow.com/sign-in?op... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to a suspicious domain. The use of the `copyToClipboard` function to execute a `mshta` command and the interaction with the `re-capcha.cfd` domain are particularly concerning. Additionally, the script manipulates the DOM in an aggressive manner, further increasing the risk score. Overall, this script demonstrates a high level of malicious intent and should be treated with caution.
      Source: EmailJoe Sandbox AI: AI detected Brand spoofing attempt in URL: https://bitl.to
      Source: EmailJoe Sandbox AI: AI detected Typosquatting in URL: https://bitl.to
      Source: https://booking.rescomunicationshow.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIHTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....
      Source: https://booking.rescomunicationshow.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIHTTP Parser: No favicon
      Source: https://booking.rescomunicationshow.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIHTTP Parser: No favicon
      Source: https://booking.rescomunicationshow.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIHTTP Parser: No favicon
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49745 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49747 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49878 version: TLS 1.2
      Source: chrome.exeMemory has grown: Private usage: 27MB later: 36MB
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: global trafficDNS traffic detected: DNS query: bitl.to
      Source: global trafficDNS traffic detected: DNS query: booking.rescomunicationshow.com
      Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
      Source: global trafficDNS traffic detected: DNS query: partner.booking.com
      Source: global trafficDNS traffic detected: DNS query: bstatic.com
      Source: global trafficDNS traffic detected: DNS query: cdn.cookielaw.org
      Source: global trafficDNS traffic detected: DNS query: munchkin.marketo.net
      Source: global trafficDNS traffic detected: DNS query: try.abtasty.com
      Source: global trafficDNS traffic detected: DNS query: code.jquery.com
      Source: global trafficDNS traffic detected: DNS query: 261-nrz-371.mktoresp.com
      Source: global trafficDNS traffic detected: DNS query: zn3eum1ldyl0aih0i-partnersatbooking.siteintercept.qualtrics.com
      Source: global trafficDNS traffic detected: DNS query: siteintercept.qualtrics.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
      Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
      Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
      Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
      Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
      Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
      Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
      Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
      Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
      Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49745 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49747 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49878 version: TLS 1.2
      Source: classification engineClassification label: mal72.phis.win@20/24@46/267
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1952,i,13316206799569637646,8600353952711004994,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bitl.to/3Y0B"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1952,i,13316206799569637646,8600353952711004994,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: Window RecorderWindow detected: More than 3 window changes detected

      Persistence and Installation Behavior

      barindex
      Source: Chrome DOM: 2.5OCR Text: Booking.com Robot or human ? Check the box to confirm that you're human. Thank You! I'm not a robot reCAPTCHA Privacy Terms Verification Steps 1 Press Windows Button 2 Press CTRL + V 3. Press Enter
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation3
      Browser Extensions
      1
      Process Injection
      1
      Masquerading
      OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
      Encrypted Channel
      Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      Registry Run Keys / Startup Folder
      1
      Registry Run Keys / Startup Folder
      1
      Process Injection
      LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
      Non-Application Layer Protocol
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      Extra Window Memory Injection
      1
      Extra Window Memory Injection
      Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
      Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      https://bitl.to/3Y0B0%Avira URL Cloudsafe
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      NameIPActiveMaliciousAntivirus DetectionReputation
      261-nrz-371.mktoresp.com
      134.213.193.62
      truefalse
        high
        a.nel.cloudflare.com
        35.190.80.1
        truefalse
          high
          bstatic.com
          18.245.31.129
          truefalse
            high
            code.jquery.com
            151.101.66.137
            truefalse
              high
              booking.rescomunicationshow.com
              188.114.96.3
              truetrue
                unknown
                challenges.cloudflare.com
                104.18.94.41
                truefalse
                  high
                  www.google.com
                  142.250.186.100
                  truefalse
                    high
                    partner.booking.com
                    18.66.147.49
                    truefalse
                      high
                      cdn.cookielaw.org
                      104.18.86.42
                      truefalse
                        high
                        bitl.to
                        199.36.158.100
                        truefalse
                          unknown
                          try-cloudfront.abtasty.com
                          18.172.112.72
                          truefalse
                            unknown
                            siteintercept.qualtrics.com
                            unknown
                            unknownfalse
                              high
                              try.abtasty.com
                              unknown
                              unknownfalse
                                high
                                munchkin.marketo.net
                                unknown
                                unknownfalse
                                  high
                                  zn3eum1ldyl0aih0i-partnersatbooking.siteintercept.qualtrics.com
                                  unknown
                                  unknownfalse
                                    high
                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs
                                    IPDomainCountryFlagASNASN NameMalicious
                                    142.250.185.78
                                    unknownUnited States
                                    15169GOOGLEUSfalse
                                    142.250.186.67
                                    unknownUnited States
                                    15169GOOGLEUSfalse
                                    216.58.206.72
                                    unknownUnited States
                                    15169GOOGLEUSfalse
                                    104.18.94.41
                                    challenges.cloudflare.comUnited States
                                    13335CLOUDFLARENETUSfalse
                                    104.17.209.240
                                    unknownUnited States
                                    13335CLOUDFLARENETUSfalse
                                    216.58.206.78
                                    unknownUnited States
                                    15169GOOGLEUSfalse
                                    18.172.112.72
                                    try-cloudfront.abtasty.comUnited States
                                    3MIT-GATEWAYSUSfalse
                                    151.101.130.137
                                    unknownUnited States
                                    54113FASTLYUSfalse
                                    151.101.66.137
                                    code.jquery.comUnited States
                                    54113FASTLYUSfalse
                                    18.66.147.79
                                    unknownUnited States
                                    3MIT-GATEWAYSUSfalse
                                    35.190.80.1
                                    a.nel.cloudflare.comUnited States
                                    15169GOOGLEUSfalse
                                    142.250.185.67
                                    unknownUnited States
                                    15169GOOGLEUSfalse
                                    1.1.1.1
                                    unknownAustralia
                                    13335CLOUDFLARENETUSfalse
                                    108.177.15.84
                                    unknownUnited States
                                    15169GOOGLEUSfalse
                                    199.36.158.100
                                    bitl.toUnited States
                                    15169GOOGLEUSfalse
                                    142.250.181.227
                                    unknownUnited States
                                    15169GOOGLEUSfalse
                                    104.102.43.106
                                    unknownUnited States
                                    16625AKAMAI-ASUSfalse
                                    239.255.255.250
                                    unknownReserved
                                    unknownunknownfalse
                                    188.114.97.3
                                    unknownEuropean Union
                                    13335CLOUDFLARENETUSfalse
                                    134.213.193.62
                                    261-nrz-371.mktoresp.comIreland
                                    15395RACKSPACE-LONGBfalse
                                    188.114.96.3
                                    booking.rescomunicationshow.comEuropean Union
                                    13335CLOUDFLARENETUStrue
                                    18.245.31.129
                                    bstatic.comUnited States
                                    16509AMAZON-02USfalse
                                    142.250.186.100
                                    www.google.comUnited States
                                    15169GOOGLEUSfalse
                                    104.18.86.42
                                    cdn.cookielaw.orgUnited States
                                    13335CLOUDFLARENETUSfalse
                                    142.250.184.232
                                    unknownUnited States
                                    15169GOOGLEUSfalse
                                    18.66.147.49
                                    partner.booking.comUnited States
                                    3MIT-GATEWAYSUSfalse
                                    172.217.16.195
                                    unknownUnited States
                                    15169GOOGLEUSfalse
                                    104.17.208.240
                                    unknownUnited States
                                    13335CLOUDFLARENETUSfalse
                                    IP
                                    192.168.2.16
                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1583152
                                    Start date and time:2025-01-02 04:53:16 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                    Sample URL:https://bitl.to/3Y0B
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:13
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • EGA enabled
                                    Analysis Mode:stream
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal72.phis.win@20/24@46/267
                                    • Exclude process from analysis (whitelisted): svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.185.78, 108.177.15.84, 142.250.185.110
                                    • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                                    • Not all processes where analyzed, report is missing behavior information
                                    • VT rate limit hit for: https://bitl.to/3Y0B
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 02:53:45 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2673
                                    Entropy (8bit):3.9932818718933363
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:EA1ECBF06567B68029BA1F100549FFBE
                                    SHA1:07595392CFF721A5022095B3ABBE5854D0DD1319
                                    SHA-256:4678B0C51F780F087D1C2EC94E8DC0192C3E9CF5497B3B7D65DA791559C4304B
                                    SHA-512:453C1A60915F3995C1FB43715E938F46E840042AAAA7E5E01A7B47E4CDC5E353FDC6480F04EF92C786F584208028A66D82DE9FE3ADB80BF7BD6E6FDB0F7575F1
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,....e....\..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I"Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V"Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V"Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V"Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............N.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 02:53:45 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2675
                                    Entropy (8bit):4.010975575782711
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:A2AA9CBA2589CE35BCDF69CF720AA146
                                    SHA1:7BBECB890A12C51F185F128CFA3BC196D983D7F1
                                    SHA-256:14ED6C4C159E91653CE92D902684025CCD2A00D5B109C1733C0C8521564B4499
                                    SHA-512:46C735CE5909A201C1B4D6531A80BBCD6CEECFDABE7470B511D2001F7AE3186F6DD886C2F0329AFA7297AD191A9AFFB05B2DB5D1E4DB7AA9C4E5824416B45852
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,....y|...\..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I"Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V"Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V"Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V"Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............N.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2689
                                    Entropy (8bit):4.019429070392827
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:A24CF8719246A1586462E4B7EB1F0D43
                                    SHA1:97297FA4D6C4E5067466DDF2D6084DD07E8899E1
                                    SHA-256:1C1D4D714098BD6E871A6EEDDB76DD1C95CB8E601EA5B3734F6CC378058CA7D0
                                    SHA-512:99EEC2E2528FB9187D663B6C92CF2CCDDF97B6AB0490CAB2EA84F22A5C89ED16713995EF6633259A6EB7EDC4BB30AA226F562B5AB0AF0F8D8280F237087D543C
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I"Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V"Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V"Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............N.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 02:53:45 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2677
                                    Entropy (8bit):4.008513914583755
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:BCC3B49C1F19151B54ECAD1C7D0B0135
                                    SHA1:3EA9A022D24AFE8B3CF9D7F3ECDBC0014EA5906F
                                    SHA-256:0ACA020780F86C13E466AA1F2F5D5895379CF2800A61E52E7EF41D98B1CEFA38
                                    SHA-512:E9DC320EF2036289AEF4DDE702FC40E774E62943AB57B6946B26C6EBCE4404FE5A45F9F7BA5C97EBEC39942BA6947AE8A790B86E887EBEEDAD39DC0550056334
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,.....:...\..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I"Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V"Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V"Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V"Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............N.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 02:53:45 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2677
                                    Entropy (8bit):3.998679023074672
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:0CCD13FE71BE75C2D363E3042558C53A
                                    SHA1:304C307BBD70EFFCA4147C860E69CE5B8108F12A
                                    SHA-256:53F061AF32559A562B1EF6EFFB5A942E75C7FA2F774D7CF697194A1A2D1D7F00
                                    SHA-512:430652859A8A8E476ADEFED524AA9E5120543E4CFE579FD6CEF1696FD69FD43D42562F97D8B3E9563FFACF766B7AE48015DE81640D48336D2419F6D7B4DE04BE
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,....)....\..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I"Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V"Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V"Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V"Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............N.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 2 02:53:45 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2679
                                    Entropy (8bit):4.011054343890594
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:001A09595CB19358A110DE93C337BB9A
                                    SHA1:1537FB3BFC4E80C7347AC14BAC47B2E93289530C
                                    SHA-256:784C887680E266F801519EDEE87A32B20FF736AA179E3A5854E1DA70D30FBC8A
                                    SHA-512:2D761691019BD45FC5E8FC21C687C44A018454E3283A5E3AF11059FA598B5CE6BEC225BA74922F38EEB268778DA643D3EF64B7ADCE9DCA0309DD9A307C518C27
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,.........\..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I"Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V"Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V"Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V"Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V"Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............N.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (34752)
                                    Category:dropped
                                    Size (bytes):754837
                                    Entropy (8bit):5.4930649772865765
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:4F742AA8161786CFAC049C15A1BC386D
                                    SHA1:9CE059C98D758F4414E9390898A9EE16C8C679A5
                                    SHA-256:781CD0D6D155658145295F0226703385CA94EEADDCAE1D09F0AA8415F0406485
                                    SHA-512:98DB1D916615ADDBF300B16EB6CFA35B2020D933E20E4C24F9F763FCA5297A4A8111C62660DA3030E40165C3B7ACD279A03190BF6AAE403A6CE4700AE581DC62
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:.// Copyright 2012 Google Inc. All rights reserved.. . (function(w,g){w[g]=w[g]||{};. w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');. .(function(){..var data = {."resource": {. "version":"586",. . "macros":[{"function":"__v","vtp_name":"gtm.element","vtp_dataLayerVersion":1},{"function":"__e"},{"function":"__v","vtp_dataLayerVersion":2,"vtp_setDefaultValue":false,"vtp_name":"userId"},{"function":"__jsm","vtp_javascript":["template","(function(){if(0!==",["escape",["macro",2],8,16],")return ",["escape",["macro",2],8,16],"})();"]},{"function":"__d","vtp_elementId":"gtm-page-title","vtp_selectorType":"ID"},{"function":"__u","vtp_component":"QUERY","vtp_queryKey":"utm_campaign","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__remm","vtp_setDefaultValue":true,"vtp_input":["macro",5],"vtp_fullMatch":true,"vtp_replaceAfterMatch":true,"vtp_ignoreCase":true,"vtp_defaultValue":"0","vtp_map":["list",["map","key","^[0-9][0-9][0-9]*$"
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (64779)
                                    Category:dropped
                                    Size (bytes):104620
                                    Entropy (8bit):5.4176141929421116
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:8C5CF60808C38FDC7E65C2598AA2A696
                                    SHA1:033784863545FF2566A72BAC7670AEA41D5D4078
                                    SHA-256:52404E98EEE5D973A0C03017A130248AA6656B670FE08DE0DCE89A0CC91C1F23
                                    SHA-512:38B84C544D9E1DDF706E5643D7F31141085C3D945AC1142704255109436C28831308C3ED5F85435CF030171B73D881011CCE9AE632859052A7331AF4083160C5
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:./*@preserve.***Version 2.22.0***.*/../*@license. * Copyright 2002 - 2018 Qualtrics, LLC.. * All rights reserved.. *. * Notice: All code, text, concepts, and other information herein (collectively, the. * "Materials") are the sole property of Qualtrics, LLC, except to the extent. * otherwise indicated. The Materials are proprietary to Qualtrics and are protected. * under all applicable laws, including copyright, patent (as applicable), trade. * secret, and contract law. Disclosure or reproduction of any Materials is strictly. * prohibited without the express prior written consent of an authorized signatory. * of Qualtrics. For disclosure requests, please contact notice@qualtrics.com.. */..try {. !function(e){var t={};function n(i){if(t[i])return t[i].exports;var r=t[i]={i:i,l:!1,exports:{}};return e[i].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,i){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,ge
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (606)
                                    Category:downloaded
                                    Size (bytes):11374
                                    Entropy (8bit):5.519922580947287
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:756F9116836F579D12BE8FE786B69D98
                                    SHA1:51FF48AEEDDC311585DA9D749DB091900E9B9F02
                                    SHA-256:DEA9DF0145848FFEB3C6931228D41E833341B4837C0E713D321C5BFCF6DCD4E6
                                    SHA-512:6249596F8554AAEBB74B76EFE3138C1109CC87B2C72A4FFE0C1869EE77155A05C58F4B2D966BA38775C35A2B4451FF2581A22F8098ACF1377F6F0C15CB6C20B5
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://munchkin.marketo.net/164/munchkin.js
                                    Preview:/*. * Copyright (c) 2007-2023, Marketo, Inc. All rights reserved.. * See https://developers.marketo.com/MunchkinLicense.pdf for license terms. * Marketo marketing automation web activity tracking script. * Version: 164 r924. */. (function(l){if(!l.MunchkinTracker){var h=l.document,p=h.location,C=encodeURIComponent,y=!1,q=null,t=null,D=!1,v=null,E=[],u=function(b,a,c,d){try{var e=function(){try{c.apply(this,arguments)}catch(a){}};b.addEventListener?b.addEventListener(a,e,d||!1):b.attachEvent&&b.attachEvent("on"+a,e);E.push([b,a,e,d])}catch(f){}},U=function(b,a,c,d){try{b.removeEventListener?b.removeEventListener(a,c,d||!1):b.detachEvent&&b.detachEvent("on"+a,c)}catch(e){}},e=function(b){return"undefined"!==typeof b&&null!==.b},F=function(b,a){return b.className.match(RegExp("(\\s|^)"+a+"(\\s|$)"))},V=e(l.XMLHttpRequest)&&e((new l.XMLHttpRequest).withCredentials),s=function(b){var a=null,c;if(e(b))if(0===b.length)a="";else try{a=decodeURIComponent(b)}catch(d){c=b.indexOf("?");if(-1!==c)t
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (2047)
                                    Category:downloaded
                                    Size (bytes):2901
                                    Entropy (8bit):5.238759434908014
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:3EABF254D0563BB1BF1ECBC04A01E694
                                    SHA1:5E27770B1224E3AA1FAD948C16DAABE3A6FC1817
                                    SHA-256:59D1068C02D93D070A59D15E41390DF70B60C5C0F3E7D4460E6DCDF7A2243574
                                    SHA-512:C677B9C772D5A622BE685669EB3D2F3F56267462FC0DFB7A25950FC74FAB29F2079B6F4E915DF9C8D912520BB48E838A89A3334BE44555E8F561EF057CD466A5
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://siteintercept.qualtrics.com/dxjsmodule/5.ba6d1d2e1492dd3cace1.chunk.js?Q_CLIENTVERSION=2.22.0&Q_CLIENTTYPE=web&Q_BRANDID=partnersatbooking
                                    Preview:./*@preserve.***Version 2.22.0***.*/../*@license. * Copyright 2002 - 2018 Qualtrics, LLC.. * All rights reserved.. *. * Notice: All code, text, concepts, and other information herein (collectively, the. * "Materials") are the sole property of Qualtrics, LLC, except to the extent. * otherwise indicated. The Materials are proprietary to Qualtrics and are protected. * under all applicable laws, including copyright, patent (as applicable), trade. * secret, and contract law. Disclosure or reproduction of any Materials is strictly. * prohibited without the express prior written consent of an authorized signatory. * of Qualtrics. For disclosure requests, please contact notice@qualtrics.com.. */..try {. (window["WAFQualtricsWebpackJsonP-cloud-2.22.0"]=window["WAFQualtricsWebpackJsonP-cloud-2.22.0"]||[]).push([[5],{42:function(e,n,t){"use strict";t.r(n);var d=function(e,n){this.payload=n,this.type=e};t.d(n,"addPopunderEmbeddedDataHandler",(f
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:PNG image data, 15 x 18, 8-bit/color RGB, non-interlaced
                                    Category:downloaded
                                    Size (bytes):61
                                    Entropy (8bit):4.068159130770306
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:3D5A1E2C048A45AADF919284CA896B5F
                                    SHA1:4EE3002356D6D0B551B2EBFD651BB10A509A962F
                                    SHA-256:5DF7E5A4C42557A58937E7022472DA5B24B304BA3700799FC1196850F39A0EBB
                                    SHA-512:61FC370D1F8F8922D0648EB0D7930EA9704E63281F15737D8A7AFB1C89E6E90094A02B03045FFA172A3EA2C7469B900CCFEF03712317BDE67CACF9D7E52DF6D5
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8fb7cdee69a64384/1735790032757/Eb4W_ZFFAJLAzYF
                                    Preview:.PNG........IHDR................X....IDAT.....$.....IEND.B`.
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                    Category:dropped
                                    Size (bytes):61
                                    Entropy (8bit):3.990210155325004
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                    SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                    SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                    SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (47691)
                                    Category:downloaded
                                    Size (bytes):47692
                                    Entropy (8bit):5.4016459163756165
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:9046FDD8B20F930F537279DEDE41E747
                                    SHA1:EBB905F60D71F45D056D42E6096736EA8C2D4BD9
                                    SHA-256:5AAC9E52F80011983676C03AD8120E0369E651E6357D0B05054026A3BC8EC32D
                                    SHA-512:F289C718B32D9E75E5725116D7696070C840426310B2A75E3EE66933E50B85BF738B4015FCFB8BAF7A8545B600B9820D85F8BB41C055FB0877C1420655E5E975
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://challenges.cloudflare.com/turnstile/v0/b/787bc399e22f/api.js?onload=WXqDk4&render=explicit
                                    Preview:"use strict";(function(){function Ht(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Ht(u,o,c,g,h,"next",l)}function h(l){Ht(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (34752)
                                    Category:downloaded
                                    Size (bytes):754837
                                    Entropy (8bit):5.49307098448558
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:23073F8FABC912E74B97CFD5BD2FE283
                                    SHA1:4484418B1ACE19A6508E2AA92328F8BA3BC67578
                                    SHA-256:A48D385ECDBF3AAF32332946DE5A31EEAEB100E4E5B01621665F428F49F19CA9
                                    SHA-512:16CA199B3830C6CFB9C5523B573CE8436D9964640F1D589C6829B10699117023F93AB75D949CCCB9DECB2AB1116374592AD67A7219EAC0B210C67DD0242882A5
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://www.googletagmanager.com/gtm.js?id=GTM-TGMJRCB
                                    Preview:.// Copyright 2012 Google Inc. All rights reserved.. . (function(w,g){w[g]=w[g]||{};. w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');. .(function(){..var data = {."resource": {. "version":"586",. . "macros":[{"function":"__v","vtp_name":"gtm.element","vtp_dataLayerVersion":1},{"function":"__e"},{"function":"__v","vtp_dataLayerVersion":2,"vtp_setDefaultValue":false,"vtp_name":"userId"},{"function":"__jsm","vtp_javascript":["template","(function(){if(0!==",["escape",["macro",2],8,16],")return ",["escape",["macro",2],8,16],"})();"]},{"function":"__d","vtp_elementId":"gtm-page-title","vtp_selectorType":"ID"},{"function":"__u","vtp_component":"QUERY","vtp_queryKey":"utm_campaign","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__remm","vtp_setDefaultValue":true,"vtp_input":["macro",5],"vtp_fullMatch":true,"vtp_replaceAfterMatch":true,"vtp_ignoreCase":true,"vtp_defaultValue":"0","vtp_map":["list",["map","key","^[0-9][0-9][0-9]*$"
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                    Category:downloaded
                                    Size (bytes):2228
                                    Entropy (8bit):7.82817506159911
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:EF9941290C50CD3866E2BA6B793F010D
                                    SHA1:4736508C795667DCEA21F8D864233031223B7832
                                    SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                                    SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://www.gstatic.com/recaptcha/api2/logo_48.png
                                    Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (28874)
                                    Category:dropped
                                    Size (bytes):29728
                                    Entropy (8bit):5.20772363487079
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:C1643FB7FE40A703D96514C07A1BE5A1
                                    SHA1:B642C92B8E68715A9BA3F912017601E37392461D
                                    SHA-256:8828EAD6432A4C07B9D8521310903626A091CABE4EA12A432A18B80B2DA35C5B
                                    SHA-512:E9FB60C324C2215C425F04AF6E33DA220BDA69041D4D33D9967764CB4D176F4C8B72360DC9A8872DD226F9EF033DC1EE8BAA295716BF5A50228ECE38772B05CE
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:./*@preserve.***Version 2.22.0***.*/../*@license. * Copyright 2002 - 2018 Qualtrics, LLC.. * All rights reserved.. *. * Notice: All code, text, concepts, and other information herein (collectively, the. * "Materials") are the sole property of Qualtrics, LLC, except to the extent. * otherwise indicated. The Materials are proprietary to Qualtrics and are protected. * under all applicable laws, including copyright, patent (as applicable), trade. * secret, and contract law. Disclosure or reproduction of any Materials is strictly. * prohibited without the express prior written consent of an authorized signatory. * of Qualtrics. For disclosure requests, please contact notice@qualtrics.com.. */..try {. (window["WAFQualtricsWebpackJsonP-cloud-2.22.0"]=window["WAFQualtricsWebpackJsonP-cloud-2.22.0"]||[]).push([[1],{29:function(e,t,i){"use strict";i.d(t,"a",(function(){return o}));var n=function(e,t,i,n){return new(i||(i=Promise))((function(r
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (508)
                                    Category:downloaded
                                    Size (bytes):1260
                                    Entropy (8bit):5.4430232956828695
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:E75E5BA140B1C7E6EA79786633C1BA0D
                                    SHA1:7A0ED3EB87905134623782643465B91B1B8E9E07
                                    SHA-256:A2091F1FF92CC073E178DCA31707853E0CC6CD913A5344A8978F040FA373EFA6
                                    SHA-512:68603B9868C58D8F5010B591FBA926433AC3EB5F0B7F0C45F90972C9410138FB9E7D013C7F3F3E33C71F6EBF9ECF4E8132AABC4EBC6D47FA43682B54E2051E0D
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://munchkin.marketo.net/munchkin.js
                                    Preview:/*. * Copyright (c) 2007-2023, Marketo, Inc. All rights reserved.. * See https://developers.marketo.com/MunchkinLicense.pdf for license terms. * Marketo marketing automation web activity tracking script. * Version: prod r944. */. (function(b){if(!b.Munchkin){var c=b.document,e=[],k,l={fallback:"163"},g=[164,null],m=function(){if(!k){for(;0<e.length;){var f=e.shift();b.MunchkinTracker[f[0]].apply(b.MunchkinTracker,f[1])}k=!0}},n=function(f){var a=c.createElement("script"),b=c.getElementsByTagName("base")[0]||c.getElementsByTagName("script")[0];a.type="text/javascript";a.async=!0;a.src=f;a.onreadystatechange=function(){"complete"!==this.readyState&&"loaded"!==this.readyState||m()};a.onload=m;b.parentNode.insertBefore(a,b)},.h={CLICK_LINK:"CLICK_LINK",VISIT_WEB_PAGE:"visitWebPage",init:function(b){var a;a=l[b];if(!a&&0<g.length){a=b;var c=0,d;if(0!==a.length)for(d=0;d<a.length;d+=1)c+=a.charCodeAt(d);a=g[c%g.length]}a||(a=l.fallback);e.push(["init",arguments]);"150"===a?n("//munchkin-cdn.
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:SVG Scalable Vector Graphics image
                                    Category:downloaded
                                    Size (bytes):1367
                                    Entropy (8bit):4.606114713423053
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:D5F05DB5BC49F3BF280F4540914BA76F
                                    SHA1:9383B048E654A536F07F29EE5635700570BE83A4
                                    SHA-256:ED492DB618738A5EAE18115863E97FC8C63945846ED8DB4074DFC6F7CCB90467
                                    SHA-512:FAB6E9441D04A76A567D0155C16913AEA92A7FDBEE5CCB0E6193A1BAB832CC3D57E3BA194B34295C68988E834012461F4F2F8D9DAB04E80A6CABAC081EC3DCAD
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://partner.booking.com/themes/custom/booking/images/favicons/favicon.svg
                                    Preview:<svg clip-rule="evenodd" fill-rule="evenodd" height="64" stroke-linejoin="round" stroke-miterlimit="1.414" viewBox="-.092 .015 2732.125 2671.996" width="64" xmlns="http://www.w3.org/2000/svg"><path d="m2732.032 513.03c0-283.141-229.978-513.015-513.118-513.015h-1705.89c-283.138 0-513.116 229.874-513.116 513.015v1645.965c0 283.066 229.978 513.016 513.118 513.016h1705.889c283.14 0 513.118-229.95 513.118-513.016z" fill="#0c3b7c"/><path d="m.001 1659.991h1364.531v1012.019h-1364.53z" fill="#0c3b7c"/><g fill-rule="nonzero"><path d="m1241.6 1768.638-220.052-.22v-263.12c0-56.22 21.808-85.48 69.917-92.165h150.136c107.068 0 176.328 67.507 176.328 176.766 0 112.219-67.507 178.63-176.328 178.739zm-220.052-709.694v-69.26c0-60.602 25.643-89.424 81.862-93.15h112.657c96.547 0 154.41 57.753 154.41 154.52 0 73.643-39.671 159.67-150.903 159.67h-198.026zm501.037 262.574-39.78-22.356 34.74-29.699c40.437-34.74 108.163-112.876 108.163-247.67 0-206.464-160.109-339.614-407.888-339.614h-282.738v-.11h-32.219c-73.
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:HTML document, ASCII text, with CRLF line terminators
                                    Category:downloaded
                                    Size (bytes):548
                                    Entropy (8bit):4.688532577858027
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:370E16C3B7DBA286CFF055F93B9A94D8
                                    SHA1:65F3537C3C798F7DA146C55AEF536F7B5D0CB943
                                    SHA-256:D465172175D35D493FB1633E237700022BD849FA123164790B168B8318ACB090
                                    SHA-512:75CD6A0AC7D6081D35140ABBEA018D1A2608DD936E2E21F61BF69E063F6FA16DD31C62392F5703D7A7C828EE3D4ECC838E73BFF029A98CED8986ACB5C8364966
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://booking.rescomunicationshow.com/static/a
                                    Preview:<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:HTML document, ASCII text, with very long lines (1238)
                                    Category:dropped
                                    Size (bytes):1239
                                    Entropy (8bit):5.068464054671174
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:9E8F56E8E1806253BA01A95CFC3D392C
                                    SHA1:A8AF90D7482E1E99D03DE6BF88FED2315C5DD728
                                    SHA-256:2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
                                    SHA-512:63F0F6F94FBABADC3F774CCAA6A401696E8A7651A074BC077D214F91DA080B36714FD799EB40FED64154972008E34FC733D6EE314AC675727B37B58FFBEBEBEE
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:!function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,"&quot;")+'"></a>',d.childNodes[0].getAttribute("href")||""}function r(e,t){var r=e.substr(t,2);return parseInt(r,16)}function n(n,c){for(var o="",a=r(n,c),i=c+2;i<n.length;i+=2){var l=r(n,i)^a;o+=String.fromCharCode(l)}try{o=decodeURIComponent(escape(o))}catch(u){e(u)}return t(o)}function c(t){for(var r=t.querySelectorAll("a"),c=0;c<r.length;c++)try{var o=r[c],a=o.href.indexOf(l);a>-1&&(o.href="mailto:"+n(o.href,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t){for(var r=t.querySelectorAll("template"),n=0;n<r.length;n++)try{i(r[n].content)}catch(c){e(c)}}function i(t){try{c(t),o(t),a(t)}catch(r){e(r
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                    Category:downloaded
                                    Size (bytes):15086
                                    Entropy (8bit):4.602845537956881
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:6535271F9636F6408B0C3BB15400085A
                                    SHA1:F815AC8D98C2C76B196564536697C2E6A01B5E73
                                    SHA-256:9D6E7D6843C0B17B992FAFA510BAD5C7D2550BC329D3AA724809645FEC1DEE00
                                    SHA-512:E7E8F903D6A5D0307F68E8556B8AE6F444DAB5232B24B238965358CE627FD1E1C60C11FECEC38AE407062C4AB0149BA40F22CD7004B633E7A72E1872FE57CA54
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://partner.booking.com/themes/custom/booking/images/favicons/favicon.ico
                                    Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......$.......................5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...4...4...................................5.l.5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5.P.5...........................5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5.D.4...................5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5..5.[~3...............5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (7002)
                                    Category:downloaded
                                    Size (bytes):8833
                                    Entropy (8bit):5.496355179478695
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:C410109A288997EE039809E2D28D6B9E
                                    SHA1:E3EE29104A992697E11C0598EA747151D80FD283
                                    SHA-256:27EA5910C59FF37E5BC7256226074A11E4664DA2F8073F8A6AC5F2D72FDE8C3B
                                    SHA-512:BAFDF531DC2B8034689F49E96B89909A7809B10C1D6904672787308FBF5CDB5D3B69DB1D25B0BA964E0B1BDD24307784E8804BEF3300BB6004FA0C4C1F70C00E
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://zn3eum1ldyl0aih0i-partnersatbooking.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3Eum1ldyL0aIh0i
                                    Preview:(function () {. if (typeof window.QSI === 'undefined'){. window.QSI = {};. }.. var tempQSIConfig = {"hostedJSLocation":"https://siteintercept.qualtrics.com/dxjsmodule/","baseURL":"https://siteintercept.qualtrics.com","surveyTakingBaseURL":"https://s.qualtrics.com/spoke/all/jam","BrandTier":"RQqcwhV2J1","zoneId":"ZN_3Eum1ldyL0aIh0i"};.. // If QSI.config is defined in snippet, merge with QSIConfig from orchestrator-handler.. if (typeof window.QSI.config !== 'undefined' && typeof window.QSI.config === 'object') {. // This merges the user defined QSI.config with the handler defined QSIConfig. // If both objects have a property with the same name,. // then the second object property overwrites the first.. for (var attrname in tempQSIConfig) { window.QSI.config[attrname] = tempQSIConfig[attrname]; }. } else {. window.QSI.config = tempQSIConfig;. }.. window.QSI.shouldStripQueryParamsInQLoc = false;.})();../*@preserve.***Version
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (65447)
                                    Category:downloaded
                                    Size (bytes):87533
                                    Entropy (8bit):5.262536918435756
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:2C872DBE60F4BA70FB85356113D8B35E
                                    SHA1:EE48592D1FFF952FCF06CE0B666ED4785493AFDC
                                    SHA-256:FC9A93DD241F6B045CBFF0481CF4E1901BECD0E12FB45166A8F17F95823F0B1A
                                    SHA-512:BF6089ED4698CB8270A8B0C8AD9508FF886A7A842278E98064D5C1790CA3A36D5D69D9F047EF196882554FC104DA2C88EB5395F1EE8CF0F3F6FF8869408350FE
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://code.jquery.com/jquery-3.7.1.min.js
                                    Preview:/*! jQuery v3.7.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n||C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (64779)
                                    Category:dropped
                                    Size (bytes):79789
                                    Entropy (8bit):5.316053921703045
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:B60F5EED12273A0FC6D4D1B83CE9AB3A
                                    SHA1:5FCDD04B7C1A8BB93980CAE79A972F2655226015
                                    SHA-256:945B88EF669DED280836CF5628FF13BBE817E6616A37420897A24D767EDB05C6
                                    SHA-512:1D964C159E111A4BA4AB56DA9E230019C1FB69B25593D71A73AED39D6516E32DB09A352BDE9AC3D344AA8268248797C1DCD9E44A667A598EF0FD3B81510713E4
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:./*@preserve.***Version 2.22.0***.*/../*@license. * Copyright 2002 - 2018 Qualtrics, LLC.. * All rights reserved.. *. * Notice: All code, text, concepts, and other information herein (collectively, the. * "Materials") are the sole property of Qualtrics, LLC, except to the extent. * otherwise indicated. The Materials are proprietary to Qualtrics and are protected. * under all applicable laws, including copyright, patent (as applicable), trade. * secret, and contract law. Disclosure or reproduction of any Materials is strictly. * prohibited without the express prior written consent of an authorized signatory. * of Qualtrics. For disclosure requests, please contact notice@qualtrics.com.. */..try {. (window["WAFQualtricsWebpackJsonP-cloud-2.22.0"]=window["WAFQualtricsWebpackJsonP-cloud-2.22.0"]||[]).push([[8],{17:function(e,t,n){"use strict";n.d(t,"a",(function(){return i})),n.d(t,"e",(function(){return r})),n.d(t,"f",(function(){return
                                    No static file info